Bug #8612: Automatically disable tidy.clean_output PHP setting

diff --git a/horde/lib/Test.php b/horde/lib/Test.php
index 0e78fed..1e265dc 100644 (file)
--- a/horde/lib/Test.php
+++ b/horde/lib/Test.php
@@ -189,9 +189,17 @@ class Horde_Test
      * @var array
      */
     protected $_settingsList = array(
+        'allow_url_include' => array(
+            'setting' => false,
+            'error' => 'This is a security hazard. Horde will attempt to disable automatically, but it is best to manually disable also.'
+        ),
         'magic_quotes_runtime' => array(
             'setting' => false,
-            'error' => 'magic_quotes_runtime may cause problems with database inserts, etc. Turn it off.'
+            'error' => 'magic_quotes_runtime may cause problems with database inserts, etc. Horde will attempt to disable automatically, but it is best to manually disable also.'
+        ),
+        'magic_quotes_sybase' => array(
+            'setting' => false,
+            'error' => 'magic_quotes_sybase may cause problems with database inserts, etc. Horde will attempt to disable automatically, but it is best to manually disable also.'
         ),
         'memory_limit' => array(
             'setting' => 'value',
@@ -224,10 +232,18 @@ class Horde_Test
             'setting' => false,
             'error' => 'Horde will work with session.use_trans_sid turned on, but you may see double session-ids in your URLs, and if the session name in php.ini differs from the session name configured in Horde, you may get two session ids and see other odd behavior. The URL-rewriting that use_trans_sid does also tends to break XHTML compliance. In short, you should really disable this.'
         ),
+        'tidy.clean_output' => array(
+            'setting' => false,
+            'error' => 'This will break output of any dynamically created, non-HTML content. Horde will attempt to disable automatically, but it is best to manually disable also.'
+        ),
         'zend_accelerator.compress_all' => array(
             'setting' => false,
             'error' => 'You should not enable output compression unconditionally because some browsers and scripts don\'t work well with output compression. Enable compression in Horde\'s configuration instead, so that we have full control over the conditions where to enable and disable it.'
         ),
+        'zend.ze1_compatibility_mode' => array(
+            'setting' => false,
+            'error' => 'Unneeded, deprecated PHP 4 compatibility option. Horde will attempt to disable automatically, but it is best to manually disable also.'
+        ),
         'zlib.output_compression' => array(
             'setting' => false,
             'error' => 'You should not enable output compression unconditionally because some browsers and scripts don\'t work well with output compression. Enable compression in Horde\'s configuration instead, so that we have full control over the conditions where to enable and disable it.'

diff --git a/horde/lib/core.php b/horde/lib/core.php
index 63490cf..2a275e4 100644 (file)
--- a/horde/lib/core.php
+++ b/horde/lib/core.php
@@ -12,10 +12,11 @@
  */
 
 /* Turn PHP stuff off that can really screw things up. */
-ini_set('magic_quotes_sybase', 0);
+ini_set('allow_url_include', 0);
 ini_set('magic_quotes_runtime', 0);
+ini_set('magic_quotes_sybase', 0);
+ini_set('tidy.clean_output', 0);
 ini_set('zend.ze1_compatibility_mode', 0);
-ini_set('allow_url_include', 0);
 
 /* Exit immediately if register_globals is active. */
 if (ini_get('register_globals')) {