We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
squirrelmail
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

#612148: Enable TZ in safe_mode if safe_mode_allowed_env_vars permits this bug

Pontus Ullgren 23 years ago
parent
4c64b63930
commit
bedc803405
3 changed files with 15 additions and 3 deletions
Split View Show Diff Stats
  1. 1 0
      ChangeLog
  2. 2 2
      include/options/personal.php
  3. 12 1
      include/validate.php

+ 1 - 0
ChangeLog
View File 

@@ -13,6 +13,7 @@ Version 1.3.2 -- cvs
 
   - Do not lose user prefs/sigs/abooks when trying to save to a full disk.
 
   - Make the SquirrelMail link on the right top configurable so a provider can point
 
     to their own FAQ for example.
 
+  - Enable TZ in safe_mode if safe_mode_allowed_env_vars permits this bug #612148.
 
 
 Version 1.3.1
 
 -------------

+ 2 - 2
include/options/personal.php
View File 

@@ -24,7 +24,7 @@ define('SMOPT_GRP_TZ', 3);
 
 /* Define the optpage load function for the personal options page. */
 
 function load_optpage_data_personal() {
 
     global $data_dir, $username, $edit_identity, $edit_name,
 
-           $full_name, $reply_to, $email_address, $signature;
 
+           $full_name, $reply_to, $email_address, $signature, $tzChangeAllowed;
 
 
     /* Set the values of some global variables. */
 
     $full_name = getPref($data_dir, $username, 'full_name');
 
@@ -118,7 +118,7 @@ function load_optpage_data_personal() {
 
         );
 
     }
 
     
-    if (  !ini_get("safe_mode") ) {
 
+    if ( $tzChangeAllowed ) {
 
         $TZ_ARRAY[SMPREF_NONE] = _("Same as server");
 
         $fd = fopen('../locale/timezones.cfg','r');
 
         while (!feof ($fd)) {

+ 12 - 1
include/validate.php
View File 

@@ -90,8 +90,19 @@ global $username, $data_dir;
 
 set_up_language(getPref($data_dir, $username, 'language'));
 
 
 $timeZone = getPref($data_dir, $username, 'timezone');
 
+
 
+/* Check to see if we are allowed to set the TZ environment variable.
 
+ * We are able to do this if ... 
+ *   safe_mode is disabled OR
 
+ *   safe_mode_allowed_env_vars is empty (you are allowed to set any) OR
 
+ *   safe_mode_allowed_env_vars contains TZ 
+ */
 
+$tzChangeAllowed = (!ini_get('safe_mode')) ||
 
+                    !strcmp(ini_get('safe_mode_allowed_env_vars'),'') || 
+                    preg_match('/^([\w_]+,)*TZ/', ini_get('safe_mode_allowed_env_vars')); 
+
 
 if ( $timeZone != SMPREF_NONE && ($timeZone != "") 
-    && !ini_get("safe_mode")) {
 
+    && $tzChangeAllowed ) {
 
     putenv("TZ=".$timeZone);
 
 }
 
 ?>

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5