_("Security settings have not been defined for your user account.")
. "<br>" . _("Please contact your system administrator.")
: _("Please remove \$security_groups and \$security_headings arrays from config.php file!");
- } elseif (!$_SESSION['SysPrefs']->db_ok && !$_SESSION["wa_current_user"]->can_access('SA_SOFTWAREUPGRADE')) {
+ } elseif (!$_SESSION['SysPrefs']->db_ok && !$_SESSION["wa_current_user"]->can_access('SA_SOFTWAREUPGRADE'))
+ {
$msg = _('Access to application has been blocked until database upgrade is completed by system administrator.');
}
return $data;
}
+/*
+ htmlspecialchars does not support certain encodings.
+ ISO-8859-2 fortunately has the same special characters positions as
+ ISO-8859-1, so fix is easy. If any other unsupported encoding is used,
+ add workaround here.
+*/
+function html_specials_encode($str)
+{
+ return htmlspecialchars($str, ENT_QUOTES, $_SESSION['language']->encoding=='iso-8859-2' ?
+ 'ISO-8859-1' : $_SESSION['language']->encoding);
+}
+
function html_cleanup(&$parms)
{
foreach($parms as $name => $value) {
-// $value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
if (is_array($value))
html_cleanup($parms[$name]);
else
- $parms[$name] = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding=='iso-8859-2' ? 'ISO-8859-1' : $_SESSION['language']->encoding);
+ $parms[$name] = html_specials_encode($value);
}
reset($parms); // needed for direct key() usage later throughout the sources
}
$path_to_root = ".";
}
-//----------------------------------------------------------------------------------------
-// set to reasonable values if not set in config file (pre-2.3.12 installations)
-
-if ((!isset($SysPrefs->login_delay)) || ($SysPrefs->login_delay < 0))
- $SysPrefs->login_delay = 10;
-
-if ((!isset($SysPrefs->login_max_attempts)) || ($SysPrefs->login_max_attempts < 0))
- $SysPrefs->login_max_attempts = 3;
-
-
// Prevent register_globals vulnerability
if (isset($_GET['path_to_root']) || isset($_POST['path_to_root']))
die("Restricted access");
$SysPrefs = &$_SESSION['SysPrefs'];
+//----------------------------------------------------------------------------------------
+// set to reasonable values if not set in config file (pre-2.3.12 installations)
+
+if ((!isset($SysPrefs->login_delay)) || ($SysPrefs->login_delay < 0))
+ $SysPrefs->login_delay = 10;
+
+if ((!isset($SysPrefs->login_max_attempts)) || ($SysPrefs->login_max_attempts < 0))
+ $SysPrefs->login_max_attempts = 3;
+
if ($SysPrefs->go_debug > 0)
error_reporting(-1);
else
{
// strip ajax marker from uri, to force synchronous page reload
$_SESSION['timeout'] = array( 'uri'=>preg_replace('/JsHttpRequest=(?:(\d+)-)?([^&]+)/s',
- '', @htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES, $_SESSION['language']->encoding=='iso-8859-2'
- ? 'ISO-8859-1' : $_SESSION['language']->encoding)),
+ '', html_specials_encode($_SERVER['REQUEST_URI'])),
'post' => $_POST);
include($path_to_root . "/access/login.php");