From: <ki...@us...> - 2007-02-23 08:40:19
|
Revision: 12275 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=12275&view=rev Author: kink Date: 2007-02-23 00:40:17 -0800 (Fri, 23 Feb 2007) Log Message: ----------- drop call to session_register, this is redundant in PHP >4.1.0, which we require as minimum version, and triggers a bug in PHP4.4.5 (#1664155) Modified Paths: -------------- trunk/squirrelmail/functions/global.php Modified: trunk/squirrelmail/functions/global.php =================================================================== --- trunk/squirrelmail/functions/global.php 2007-02-18 18:47:48 UTC (rev 12274) +++ trunk/squirrelmail/functions/global.php 2007-02-23 08:40:17 UTC (rev 12275) @@ -93,9 +93,7 @@ sqsession_is_active(); - $_SESSION["$name"] = $var; - - session_register("$name"); + $_SESSION[$name] = $var; } /** This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2007-03-26 16:32:33
|
Revision: 12349 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=12349&view=rev Author: pdontthink Date: 2007-03-26 09:32:26 -0700 (Mon, 26 Mar 2007) Log Message: ----------- Using the string 'deleted' in expired cookies can have unintented consequences for cookies treated as boolean, also 'deleted' could be a potential valid cookie value. Using empty string instead. Anyone know of any reason 'deleted' is actually useful? Modified Paths: -------------- trunk/squirrelmail/functions/global.php Modified: trunk/squirrelmail/functions/global.php =================================================================== --- trunk/squirrelmail/functions/global.php 2007-03-24 00:57:13 UTC (rev 12348) +++ trunk/squirrelmail/functions/global.php 2007-03-26 16:32:26 UTC (rev 12349) @@ -378,7 +378,7 @@ * @param boolean $bHttpOnly Disallow JS to access the cookie (IE6 only) * @return void */ -function sqsetcookie($sName,$sValue="deleted",$iExpire=0,$sPath="",$sDomain="",$bSecure=false,$bHttpOnly=true) { +function sqsetcookie($sName,$sValue='',$iExpire=0,$sPath="",$sDomain="",$bSecure=false,$bHttpOnly=true) { // if we have a secure connection then limit the cookies to https only. if ($sName && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']) { $bSecure = true; @@ -403,7 +403,7 @@ $Port = strpos($Domain, ':'); if ($Port !== false) $Domain = substr($Domain, 0, $Port); } - if (!$sValue) $sValue = 'deleted'; + if (!$sValue) $sValue = ''; header('Set-Cookie: ' . rawurlencode($sName) . '=' . rawurlencode($sValue) . (empty($iExpires) ? '' : '; expires=' . gmdate('D, d-M-Y H:i:s', $iExpires) . ' GMT') . (empty($sPath) ? '' : '; path=' . $sPath) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2007-03-26 17:39:45
|
Revision: 12350 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=12350&view=rev Author: pdontthink Date: 2007-03-26 10:39:43 -0700 (Mon, 26 Mar 2007) Log Message: ----------- Revert last change, which caused nasty sesion ID errors, although now we still have a problem wherein other cookies that are intentionally set to an empty string are revalued as 'deleted', and the caller may not expect such Modified Paths: -------------- trunk/squirrelmail/functions/global.php Modified: trunk/squirrelmail/functions/global.php =================================================================== --- trunk/squirrelmail/functions/global.php 2007-03-26 16:32:26 UTC (rev 12349) +++ trunk/squirrelmail/functions/global.php 2007-03-26 17:39:43 UTC (rev 12350) @@ -324,7 +324,7 @@ * merging of sessions. */ - global $base_uri; + global $base_uri, $_COOKIE, $_SESSION; if (isset($_COOKIE[session_name()]) && session_name()) sqsetcookie(session_name(), '', 0, $base_uri); if (isset($_COOKIE['username']) && $_COOKIE['username']) sqsetcookie('username','',0,$base_uri); @@ -378,7 +378,7 @@ * @param boolean $bHttpOnly Disallow JS to access the cookie (IE6 only) * @return void */ -function sqsetcookie($sName,$sValue='',$iExpire=0,$sPath="",$sDomain="",$bSecure=false,$bHttpOnly=true) { +function sqsetcookie($sName,$sValue='deleted',$iExpire=0,$sPath="",$sDomain="",$bSecure=false,$bHttpOnly=true) { // if we have a secure connection then limit the cookies to https only. if ($sName && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']) { $bSecure = true; @@ -403,7 +403,7 @@ $Port = strpos($Domain, ':'); if ($Port !== false) $Domain = substr($Domain, 0, $Port); } - if (!$sValue) $sValue = ''; + if (!$sValue) $sValue = 'deleted'; header('Set-Cookie: ' . rawurlencode($sName) . '=' . rawurlencode($sValue) . (empty($iExpires) ? '' : '; expires=' . gmdate('D, d-M-Y H:i:s', $iExpires) . ' GMT') . (empty($sPath) ? '' : '; path=' . $sPath) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2007-03-29 21:03:54
|
Revision: 12353 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=12353&view=rev Author: pdontthink Date: 2007-03-29 14:03:53 -0700 (Thu, 29 Mar 2007) Log Message: ----------- Handle change of behavior with session ID being left after session close (see #1685031) Modified Paths: -------------- trunk/squirrelmail/functions/global.php Modified: trunk/squirrelmail/functions/global.php =================================================================== --- trunk/squirrelmail/functions/global.php 2007-03-28 05:09:33 UTC (rev 12352) +++ trunk/squirrelmail/functions/global.php 2007-03-29 21:03:53 UTC (rev 12353) @@ -342,23 +342,30 @@ * start a session up. php.net doesn't tell you that $_SESSION * (even though autoglobal), is not created unless a session is * started, unlike $_POST, $_GET and such + * Update: (see #1685031) the session ID is left over after the + * session is closed in some PHP setups; this function just becomes + * a passthru to sqsession_start(), but leaving old code in for + * edification. */ function sqsession_is_active() { - $sessid = session_id(); - if ( empty( $sessid ) ) { + //$sessid = session_id(); + //if ( empty( $sessid ) ) { sqsession_start(); - } + //} } /** * Function to start the session and store the cookie with the session_id as * HttpOnly cookie which means that the cookie isn't accessible by javascript * (IE6 only) + * Note that as sqsession_is_active() no longer discriminates as to when + * it calls this function, session_start() has to have E_NOTICE suppression + * (thus the @ sign). */ function sqsession_start() { global $base_uri; - session_start(); + @session_start(); $session_id = session_id(); // session_starts sets the sessionid cookie buth without the httponly var @@ -638,3 +645,60 @@ print htmlentities($buffer); print '</pre></div>'; } + +/** + * Sanitize a value using htmlspecialchars() or similar, but also + * recursively run htmlspecialchars() (or similar) on array keys + * and values. + * + * If $value is not a string or an array with strings in it, + * the value is returned as is. + * + * @param mixed $value The value to be sanitized. + * @param mixed $quote_style Either boolean or an integer. If it + * is an integer, it must be the PHP + * constant indicating if/how to escape + * quotes: ENT_QUOTES, ENT_COMPAT, or + * ENT_NOQUOTES. If it is a boolean value, + * it must be TRUE and thus indicates + * that the only sanitizing to be done + * herein is to replace single and double + * quotes with ' and ", no other + * changes are made to $value. If it is + * boolean and FALSE, behavior reverts + * to same as if the value was ENT_QUOTES + * (OPTIONAL; default is ENT_QUOTES). + * + * @return mixed The sanitized value. + * + * @since 1.5.2 + * + **/ +function sq_htmlspecialchars($value, $quote_style=ENT_QUOTES) { + + if ($quote_style === FALSE) $quote_style = ENT_QUOTES; + + // array? go recursive... + // + if (is_array($value)) { + $return_array = array(); + foreach ($value as $key => $val) { + $return_array[sq_htmlspecialchars($key, $quote_style)] + = sq_htmlspecialchars($val, $quote_style); + } + return $return_array; + + // sanitize strings only + // + } else if (is_string($value)) { + if ($quote_style === TRUE) + return str_replace(array('\'', '"'), array(''', '"'), $value); + else + return htmlspecialchars($value, $quote_style); + } + + // anything else gets returned with no changes + // + return $value; + +} This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2007-06-24 05:39:08
|
Revision: 12461 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=12461&view=rev Author: pdontthink Date: 2007-06-23 22:39:04 -0700 (Sat, 23 Jun 2007) Log Message: ----------- Few tweaks to list_files() and add new sq_popen() and friends. PLEASE NOTE that the lass commit mistakenly added sq_htmlspecialchars(), but I think we can leave it in. Modified Paths: -------------- trunk/squirrelmail/functions/global.php Modified: trunk/squirrelmail/functions/global.php =================================================================== --- trunk/squirrelmail/functions/global.php 2007-06-21 05:27:51 UTC (rev 12460) +++ trunk/squirrelmail/functions/global.php 2007-06-24 05:39:04 UTC (rev 12461) @@ -508,8 +508,11 @@ * * @param string $directory_path The path (relative or absolute) * to the desired directory. - * @param string $extension The file extension filter (optional; - * default is to return all files (dirs). + * @param mixed $extension The file extension filter - either + * an array of desired extension(s), + * or a comma-separated list of same + * (optional; default is to return + * all files (dirs). * @param boolean $return_filenames_only When TRUE, only file/dir names * are returned, otherwise the * $directory_path string is @@ -534,22 +537,36 @@ * files or all directories * (optional; default do not * split up return array). + * @param boolean $only_sm When TRUE, a security check will + * limit directory access to only + * paths within the SquirrelMail + * installation currently being used + * (optional; default TRUE) * - * * @return array The requested file/directory list(s). * * @since 1.5.2 * */ -function list_files($directory_path, $extension='', $return_filenames_only=TRUE, +function list_files($directory_path, $extensions='', $return_filenames_only=TRUE, $include_directories=TRUE, $directories_only=FALSE, - $separate_files_and_directories=FALSE) { + $separate_files_and_directories=FALSE, $only_sm=TRUE) { $files = array(); $directories = array(); -//FIXME: do we want to place security restrictions here like only allowing -// directories under SM_PATH? + + // make sure requested path is under SM_PATH if needed + // + if ($only_sm) { + if (strpos(realpath($directory_path), realpath(SM_PATH)) !== 0) { + //plain_error_message(_("Illegal filesystem access was requested")); + echo _("Illegal filesystem access was requested"); + exit; + } + } + + // validate given directory // if (empty($directory_path) @@ -559,7 +576,18 @@ } - if (!empty($extension)) $extension = '.' . trim($extension, '.'); + // ensure extensions is an array and is properly formatted + // + if (!empty($extensions)) { + if (!is_array($extensions)) + $extensions = explode(',', $extensions); + $temp_extensions = array(); + foreach ($extensions as $ext) + $temp_extensions[] = '.' . trim(trim($ext), '.'); + $extensions = $temp_extensions; + } else $extensions = array(); + + $directory_path = rtrim($directory_path, '/'); @@ -569,9 +597,10 @@ if ($file == '.' || $file == '..') continue; - if (!empty($extension) - && strrpos($file, $extension) !== (strlen($file) - strlen($extension))) - continue; + if (!empty($extensions)) + foreach ($extensions as $ext) + if (strrpos($file, $ext) !== (strlen($file) - strlen($ext))) + continue 2; // only use is_dir() if we really need to (be as efficient as possible) // @@ -646,7 +675,272 @@ print '</pre></div>'; } + /** + * SquirrelMail wrapper for popen()/proc_open() + * + * This emulates popen() by using proc_open() if at all + * possible (reverts seamlessly to popen() if proc_open() + * is not supported in current PHP installation). + * + * This is intended for use with the related sq_pclose(), + * sq_get_pipe_stdout() and sq_get_pipe_stderr() functions, + * the latter of which add an easy interface for retrieving + * output from a child process that was opened with traditional + * popen() syntax (in write mode), while not breaking under + * earlier versions of PHP. + * + * @param string $command The command identifying what to + * execute in the child process. + * @param string $mode The desired mode for the + * unidirectional pipe that is returned; + * either 'r' for read or 'w' for write. + * + * @return resource A handle on the desired read or write pipe + * to the child process, or FALSE if the + * process cannot be created. + * + * @since 1.5.2 + * + */ +function sq_popen($command, $mode) { + + $mode = strtolower($mode{0}); + + + if (!function_exists('proc_open')) + return popen($command, $mode); + + + // set up our process store if not done already + // + global $processes; + if (empty($processes)) + $processes = array(); + + + // define read, write and error pipes + // + $descriptors = array(0 => array('pipe', 'r'), + 1 => array('pipe', 'w'), + 2 => array('pipe', 'w')); + + + // start the child process + // + $proc = proc_open($command, $descriptors, $pipes); + if (!is_resource($proc)) + return FALSE; + + + // when in read mode, we'll return a handle to the child's write pipe + // + if ($mode == 'r') + $return_value = $pipes[1]; + else if ($mode == 'w') + $return_value = $pipes[0]; + else + die('sq_popen() expects $mode to be "r" or "w"'); + + + // store the handle to the process and its pipes + // internally, keyed by whatever handle we'll be + // returning + // + $processes[$return_value] = array($proc, $pipes); + + + return $return_value; + +} + + +/** + * Get STDERR output from a child process + * + * This is designed to be used with processes that were + * opened with sq_popen(), and will return any output + * that may be available from STDERR of the child process + * at the current time. + * + * If a value is given for $timeout_seconds, this function + * will wait that long for output in case there is none + * right now. + * + * In PHP environments that do not support proc_open(), + * an empty string will always be returned. + * + * @param resource $handle The handle to the child process, + * as returned from sq_popen(). + * @param int $timeout_seconds The number of seconds to wait + * for output if there is none + * available immediately (OPTIONAL; + * default is not to wait) + * @param boolean $quiet When TRUE, errors are silently + * ignored (OPTIONAL; default is TRUE). + * + * @return string Any STDERR output that may have been found. + * + * @since 1.5.2 + * + */ +function sq_get_pipe_stderr($handle, $timeout_seconds=0, $quiet=TRUE) { + + // yes, we are testing for proc_OPEN + // because we need to know how the + // handle was actually OPENED + // + if (!function_exists('proc_open')) + return ''; + + + // get our process out of the process store + // + global $processes; + if (!is_array($processes) || !isset($processes[$handle])) { + if (!quiet) { + plain_error_message(_("Failed to find corresponding open process handle")); + } + return ''; + } + $proc = $processes[$handle]; + + + // get all we can from stderr, don't wait longer + // than our timeout for input + // + $contents = ''; + $read = array($proc[1][2]); + $write = NULL; + $except = NULL; + if (stream_select($read, $write, $except, $timeout_seconds)) + while (!feof($proc[1][2])) $contents .= fread($proc[1][2], 8192); + return $contents; + +} + + +/** + * Get STDOUT output from a child process + * + * This is designed to be used with processes that were + * opened with sq_popen(), and will return any output + * that may be available from STDOUT of the child process + * at the current time. + * + * If a value is given for $timeout_seconds, this function + * will wait that long for output in case there is none + * right now. + * + * In PHP environments that do not support proc_open(), + * an empty string will always be returned. + * + * @param resource $handle The handle to the child process, + * as returned from sq_popen(). + * @param int $timeout_seconds The number of seconds to wait + * for output if there is none + * available immediately (OPTIONAL; + * default is not to wait) + * @param boolean $quiet When TRUE, errors are silently + * ignored (OPTIONAL; default is TRUE). + * + * @return string Any STDOUT output that may have been found. + * + * @since 1.5.2 + * + */ +function sq_get_pipe_stdout($handle, $timeout_seconds=0, $quiet=TRUE) { + + // yes, we are testing for proc_OPEN + // because we need to know how the + // handle was actually OPENED + // + if (!function_exists('proc_open')) + return ''; + + + // get our process out of the process store + // + global $processes; + if (!is_array($processes) || !isset($processes[$handle])) { + if (!quiet) { + plain_error_message(_("Failed to find corresponding open process handle")); + } + return ''; + } + $proc = $processes[$handle]; + + + // get all we can from stdout, don't wait longer + // than our timeout for input + // + $contents = ''; + $read = array($proc[1][1]); + $write = NULL; + $except = NULL; + if (stream_select($read, $write, $except, $timeout_seconds)) + while (!feof($proc[1][1])) $contents .= fread($proc[1][1], 8192); + return $contents; + +} + + +/** + * SquirrelMail wrapper for pclose()/proc_close() + * + * This is designed to be used with processes that were + * opened with sq_popen(), and will correctly close + * all pipes/handles that were opened as well as the + * child process itself. + * + * @param resource $handle The handle to the child process, + * as returned from sq_popen(). + * @param boolean $quiet When TRUE, errors are silently + * ignored (OPTIONAL; default is TRUE). + * + * @return int The termination status of the child process. + * + * @since 1.5.2 + * + */ +function sq_pclose($handle, $quiet=TRUE) { + + // yes, we are testing for proc_OPEN + // because we need to know how the + // handle was actually OPENED + // + if (!function_exists('proc_open')) + return pclose($handle); + + + // get our process out of the process store + // + global $processes; + if (!is_array($processes) || !isset($processes[$handle])) { + if (!quiet) { + plain_error_message(_("Failed to find corresponding open process handle")); + } + return 127; + } + $proc = $processes[$handle]; + unset($processes[$handle]); + + + // close all pipes + // + fclose($proc[1][0]); + fclose($proc[1][1]); + fclose($proc[1][2]); + + + // close process + // + return proc_close($proc[0]); + +} + + +/** * Sanitize a value using htmlspecialchars() or similar, but also * recursively run htmlspecialchars() (or similar) on array keys * and values. This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2007-07-01 07:29:00
|
Revision: 12500 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=12500&view=rev Author: pdontthink Date: 2007-07-01 00:28:59 -0700 (Sun, 01 Jul 2007) Log Message: ----------- Typos in sqsetcookie. This might explain a few things. :-) Modified Paths: -------------- trunk/squirrelmail/functions/global.php Modified: trunk/squirrelmail/functions/global.php =================================================================== --- trunk/squirrelmail/functions/global.php 2007-07-01 07:27:31 UTC (rev 12499) +++ trunk/squirrelmail/functions/global.php 2007-07-01 07:28:59 UTC (rev 12500) @@ -401,18 +401,18 @@ // broken we use the header function for php 5.2 as well. We might change that later. //setcookie($sName,$sValue,(int) $iExpire,$sPath,$sDomain,$bSecure,$bHttpOnly); } else { - if (!empty($Domain)) { + if (!empty($sDomain)) { // Fix the domain to accept domains with and without 'www.'. - if (strtolower(substr($Domain, 0, 4)) == 'www.') $Domain = substr($Domain, 4); - $Domain = '.' . $Domain; + if (strtolower(substr($sDomain, 0, 4)) == 'www.') $sDomain = substr($sDomain, 4); + $sDomain = '.' . $sDomain; // Remove port information. - $Port = strpos($Domain, ':'); - if ($Port !== false) $Domain = substr($Domain, 0, $Port); + $Port = strpos($sDomain, ':'); + if ($Port !== false) $sDomain = substr($sDomain, 0, $Port); } if (!$sValue) $sValue = 'deleted'; header('Set-Cookie: ' . rawurlencode($sName) . '=' . rawurlencode($sValue) - . (empty($iExpires) ? '' : '; expires=' . gmdate('D, d-M-Y H:i:s', $iExpires) . ' GMT') + . (empty($iExpire) ? '' : '; expires=' . gmdate('D, d-M-Y H:i:s', $iExpire) . ' GMT') . (empty($sPath) ? '' : '; path=' . $sPath) . (empty($sDomain) ? '' : '; domain=' . $sDomain) . (!$bSecure ? '' : '; secure') This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2007-07-19 12:28:18
|
Revision: 12557 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=12557&view=rev Author: pdontthink Date: 2007-07-19 05:28:16 -0700 (Thu, 19 Jul 2007) Log Message: ----------- Was a nice idea, but not all that useful and some processes might hang under certain conditions; remove all the sq_popen() stuff. Modified Paths: -------------- trunk/squirrelmail/functions/global.php Modified: trunk/squirrelmail/functions/global.php =================================================================== --- trunk/squirrelmail/functions/global.php 2007-07-19 11:01:01 UTC (rev 12556) +++ trunk/squirrelmail/functions/global.php 2007-07-19 12:28:16 UTC (rev 12557) @@ -677,270 +677,6 @@ /** - * SquirrelMail wrapper for popen()/proc_open() - * - * This emulates popen() by using proc_open() if at all - * possible (reverts seamlessly to popen() if proc_open() - * is not supported in current PHP installation). - * - * This is intended for use with the related sq_pclose(), - * sq_get_pipe_stdout() and sq_get_pipe_stderr() functions, - * the latter of which add an easy interface for retrieving - * output from a child process that was opened with traditional - * popen() syntax (in write mode), while not breaking under - * earlier versions of PHP. - * - * @param string $command The command identifying what to - * execute in the child process. - * @param string $mode The desired mode for the - * unidirectional pipe that is returned; - * either 'r' for read or 'w' for write. - * - * @return resource A handle on the desired read or write pipe - * to the child process, or FALSE if the - * process cannot be created. - * - * @since 1.5.2 - * - */ -function sq_popen($command, $mode) { - - $mode = strtolower($mode{0}); - - - if (!function_exists('proc_open')) - return popen($command, $mode); - - - // set up our process store if not done already - // - global $processes; - if (empty($processes)) - $processes = array(); - - - // define read, write and error pipes - // - $descriptors = array(0 => array('pipe', 'r'), - 1 => array('pipe', 'w'), - 2 => array('pipe', 'w')); - - - // start the child process - // - $proc = proc_open($command, $descriptors, $pipes); - if (!is_resource($proc)) - return FALSE; - - - // when in read mode, we'll return a handle to the child's write pipe - // - if ($mode == 'r') - $return_value = $pipes[1]; - else if ($mode == 'w') - $return_value = $pipes[0]; - else - die('sq_popen() expects $mode to be "r" or "w"'); - - - // store the handle to the process and its pipes - // internally, keyed by whatever handle we'll be - // returning - // - $processes[$return_value] = array($proc, $pipes); - - - return $return_value; - -} - - -/** - * Get STDERR output from a child process - * - * This is designed to be used with processes that were - * opened with sq_popen(), and will return any output - * that may be available from STDERR of the child process - * at the current time. - * - * If a value is given for $timeout_seconds, this function - * will wait that long for output in case there is none - * right now. - * - * In PHP environments that do not support proc_open(), - * an empty string will always be returned. - * - * @param resource $handle The handle to the child process, - * as returned from sq_popen(). - * @param int $timeout_seconds The number of seconds to wait - * for output if there is none - * available immediately (OPTIONAL; - * default is not to wait) - * @param boolean $quiet When TRUE, errors are silently - * ignored (OPTIONAL; default is TRUE). - * - * @return string Any STDERR output that may have been found. - * - * @since 1.5.2 - * - */ -function sq_get_pipe_stderr($handle, $timeout_seconds=0, $quiet=TRUE) { - - // yes, we are testing for proc_OPEN - // because we need to know how the - // handle was actually OPENED - // - if (!function_exists('proc_open')) - return ''; - - - // get our process out of the process store - // - global $processes; - if (!is_array($processes) || !isset($processes[$handle])) { - if (!quiet) { - plain_error_message(_("Failed to find corresponding open process handle")); - } - return ''; - } - $proc = $processes[$handle]; - - - // get all we can from stderr, don't wait longer - // than our timeout for input - // - $contents = ''; - $read = array($proc[1][2]); - $write = NULL; - $except = NULL; - if (stream_select($read, $write, $except, $timeout_seconds)) - while (!feof($proc[1][2])) $contents .= fread($proc[1][2], 8192); - return $contents; - -} - - -/** - * Get STDOUT output from a child process - * - * This is designed to be used with processes that were - * opened with sq_popen(), and will return any output - * that may be available from STDOUT of the child process - * at the current time. - * - * If a value is given for $timeout_seconds, this function - * will wait that long for output in case there is none - * right now. - * - * In PHP environments that do not support proc_open(), - * an empty string will always be returned. - * - * @param resource $handle The handle to the child process, - * as returned from sq_popen(). - * @param int $timeout_seconds The number of seconds to wait - * for output if there is none - * available immediately (OPTIONAL; - * default is not to wait) - * @param boolean $quiet When TRUE, errors are silently - * ignored (OPTIONAL; default is TRUE). - * - * @return string Any STDOUT output that may have been found. - * - * @since 1.5.2 - * - */ -function sq_get_pipe_stdout($handle, $timeout_seconds=0, $quiet=TRUE) { - - // yes, we are testing for proc_OPEN - // because we need to know how the - // handle was actually OPENED - // - if (!function_exists('proc_open')) - return ''; - - - // get our process out of the process store - // - global $processes; - if (!is_array($processes) || !isset($processes[$handle])) { - if (!quiet) { - plain_error_message(_("Failed to find corresponding open process handle")); - } - return ''; - } - $proc = $processes[$handle]; - - - // get all we can from stdout, don't wait longer - // than our timeout for input - // - $contents = ''; - $read = array($proc[1][1]); - $write = NULL; - $except = NULL; - if (stream_select($read, $write, $except, $timeout_seconds)) - while (!feof($proc[1][1])) $contents .= fread($proc[1][1], 8192); - return $contents; - -} - - -/** - * SquirrelMail wrapper for pclose()/proc_close() - * - * This is designed to be used with processes that were - * opened with sq_popen(), and will correctly close - * all pipes/handles that were opened as well as the - * child process itself. - * - * @param resource $handle The handle to the child process, - * as returned from sq_popen(). - * @param boolean $quiet When TRUE, errors are silently - * ignored (OPTIONAL; default is TRUE). - * - * @return int The termination status of the child process. - * - * @since 1.5.2 - * - */ -function sq_pclose($handle, $quiet=TRUE) { - - // yes, we are testing for proc_OPEN - // because we need to know how the - // handle was actually OPENED - // - if (!function_exists('proc_open')) - return pclose($handle); - - - // get our process out of the process store - // - global $processes; - if (!is_array($processes) || !isset($processes[$handle])) { - if (!quiet) { - plain_error_message(_("Failed to find corresponding open process handle")); - } - return 127; - } - $proc = $processes[$handle]; - unset($processes[$handle]); - - - // close all pipes - // - fclose($proc[1][0]); - fclose($proc[1][1]); - fclose($proc[1][2]); - - - // close process - // - return proc_close($proc[0]); - -} - - -/** * Sanitize a value using htmlspecialchars() or similar, but also * recursively run htmlspecialchars() (or similar) on array keys * and values. This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2008-01-06 04:42:43
|
Revision: 12872 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=12872&view=rev Author: pdontthink Date: 2008-01-05 20:42:42 -0800 (Sat, 05 Jan 2008) Log Message: ----------- sqsetcookie is called every time sqsession_is_active is called, which results in headers-already-sent notices after output has been initiated... here is a fix Modified Paths: -------------- trunk/squirrelmail/functions/global.php Modified: trunk/squirrelmail/functions/global.php =================================================================== --- trunk/squirrelmail/functions/global.php 2008-01-06 03:16:00 UTC (rev 12871) +++ trunk/squirrelmail/functions/global.php 2008-01-06 04:42:42 UTC (rev 12872) @@ -416,12 +416,19 @@ // was: @session_start(); $session_id = session_id(); - // session_starts sets the sessionid cookie buth without the httponly var + // session_starts sets the sessionid cookie but without the httponly var // setting the cookie again sets the httponly cookie attribute - sqsetcookie(session_name(),$session_id,false,$base_uri); + // + // need to check if headers have been sent, since sqsession_is_active() + // has become just a passthru to this function, so the sqsetcookie() + // below is called every time, even after headers have already been sent + // + if (!headers_sent()) + sqsetcookie(session_name(),$session_id,false,$base_uri); } + /** * Set a cookie * @param string $sName The name of the cookie. This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: Marc G. K. <ma...@sq...> - 2007-02-27 15:20:04
|
Now that PHP > 4.1.0 is the minimal PHP version the $HTTP_..._VARS backwards compatibility code can be removed as well. Marc. On Fri, February 23, 2007 9:40 am, ki...@us... wrote: > Revision: 12275 > http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=12275&view=rev > Author: kink > Date: 2007-02-23 00:40:17 -0800 (Fri, 23 Feb 2007) > > > Log Message: > ----------- > drop call to session_register, this is redundant in PHP >4.1.0, which we > require as minimum version, and triggers a bug in PHP4.4.5 (#1664155) > > > Modified Paths: > -------------- > trunk/squirrelmail/functions/global.php > > Modified: trunk/squirrelmail/functions/global.php > =================================================================== > --- trunk/squirrelmail/functions/global.php 2007-02-18 18:47:48 UTC (rev > 12274) > +++ trunk/squirrelmail/functions/global.php 2007-02-23 08:40:17 UTC (rev > 12275) > @@ -93,9 +93,7 @@ > > > sqsession_is_active(); > > - $_SESSION["$name"] = $var; > - > - session_register("$name"); > + $_SESSION[$name] = $var; > } > > > /** > > > > This was sent by the SourceForge.net collaborative development platform, > the world's largest Open Source development site. > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share > your opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > -- > squirrelmail-cvs mailing list List Address: > squ...@li... List Info: > https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs > http://squirrelmail.org/cvs > > |
From: Thijs K. <ki...@sq...> - 2007-02-27 15:40:26
|
On Tue, 2007-02-27 at 16:19 +0100, Marc Groot Koerkamp wrote: > Now that PHP > 4.1.0 is the minimal PHP version the $HTTP_..._VARS > backwards compatibility code can be removed as well. It already has been removed, in devel (stable lists 4.0.6 as minimum and there hasn't been a convincing reason to upgrade it). Only thing left is the HTTP_* globals deregistering code in init.php, but since these vars can still be present when people have register_long_arrays On, I think we can just as well leave it, it does no harm. Thijs |