From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/include/iniset.php |   17 +----------------
 1 files changed, 1 insertions(+), 16 deletions(-)

diff --git a/program/include/iniset.php b/program/include/iniset.php
index c166c57..8847e2e 100644
--- a/program/include/iniset.php
+++ b/program/include/iniset.php
@@ -21,23 +21,8 @@
 */
 
 // application constants
-define('RCMAIL_VERSION', '0.9-beta');
+define('RCMAIL_VERSION', '0.9.4');
 define('RCMAIL_START', microtime(true));
-
-$config = array(
-    // Some users are not using Installer, so we'll check some
-    // critical PHP settings here. Only these, which doesn't provide
-    // an error/warning in the logs later. See (#1486307).
-    'suhosin.session.encrypt' => 0,
-    'session.auto_start'      => 0,
-    'file_uploads'            => 1,
-);
-foreach ($config as $optname => $optval) {
-    if ($optval != ini_get($optname) && @ini_set($optname, $optval) === false) {
-        die("ERROR: Wrong '$optname' option value and it wasn't possible to set it to required value ($optval).\n"
-            ."Check your PHP configuration (including php_admin_flag).");
-    }
-}
 
 if (!defined('INSTALL_PATH')) {
     define('INSTALL_PATH', dirname($_SERVER['SCRIPT_FILENAME']).'/');

--
Gitblit v1.9.1