Merge branch 'security-enforceUpgrade' into dev33

Author: michield

public_html/lists/admin/connect.php

@@ -503,17 +503,22 @@ function Fatal_Error($msg, $documentationURL = '')
         $_SESSION['fatalerror'] = 0;
     }
     ++$_SESSION['fatalerror'];
-    header('HTTP/1.0 509 Fatal error');
+    header('HTTP/1.0 500 Fatal error');
     if ($_SESSION['fatalerror'] > 5) {
         $_SESSION['logout_error'] = s('Too many errors, please login again');
+        $_SESSION['adminloggedin'] = '';
+        $_SESSION['logindetails'] = '';
+        session_destroy();
         Redirect('logout&err=2');
+        exit;
     }
 
     if ($GLOBALS['commandline']) {
         @ob_end_clean();
         echo "\n".$GLOBALS['I18N']->get('fatalerror').': '.strip_tags($msg)."\n";
         @ob_start();
     } else {
+        @ob_end_clean();
         if (isset($GLOBALS['I18N']) && is_object($GLOBALS['I18N'])) {
             echo '<div align="center" class="error">'.$GLOBALS['I18N']->get('fatalerror').": $msg ";
         } else {

public_html/lists/admin/home.php

@@ -31,7 +31,7 @@
 
 // check for latest version
 $checkinterval = sprintf('%d', getConfig('check_new_version'));
-if (!isset($checkinterval)) {
+if (empty($checkinterval)) {
     $checkinterval = 7;
 }
 
@@ -67,11 +67,11 @@
 
 if ($showUpdateAvail) {
     echo '<div class="newversion note">';
-    echo $GLOBALS['I18N']->get('A new version of phpList is available!');
+    echo s('A new version of phpList is available!');
     echo '<br/>';
-    echo '<br/>'.$GLOBALS['I18N']->get('The new version may have fixed security issues,<br/>so it is recommended to upgrade as soon as possible');
-    echo '<br/>'.$GLOBALS['I18N']->get('Your version').': <b>'.$thisversion.'</b>';
-    echo '<br/>'.$GLOBALS['I18N']->get('Latest version').': <b>'.$latestversion.'</b><br/>  ';
+    echo '<br/>'.s('The new version may have fixed security issues,<br/>so it is recommended to upgrade as soon as possible');
+    echo '<br/>'.s('Your version').': <b>'.$thisversion.'</b>';
+    echo '<br/>'.s('Latest version').': <b>'.$latestversion.'</b><br/>  ';
     echo '<a href="https://www.phplist.com/latestchanges?utm_source=pl'.$thisversion.'&amp;utm_medium=updatenews&amp;utm_campaign=phpList" title="'.s('Read what has changed in the new version').'" target="_blank">'.$GLOBALS['I18N']->get('View what has changed').'</a>&nbsp;&nbsp;';
     echo '<a href="https://www.phplist.com/download?utm_source=pl'.$thisversion.'&amp;utm_medium=updatedownload&amp;utm_campaign=phpList" title="'.s('Download the new version').'" target="_blank">'.$GLOBALS['I18N']->get('Download').'</a></div>';
 }

public_html/lists/admin/index.php

@@ -490,6 +490,17 @@ function mb_strtolower($string)
     if (version_compare(PHP_VERSION, '5.4.0', '<') && WARN_ABOUT_PHP_SETTINGS) {
         Error(s('Your PHP version is out of date. phpList requires PHP version 5.4.0 or higher.'));
     }
+    if (defined('RELEASEDATE') && ((time() - RELEASEDATE) / 31536000) > 2) {
+        Fatal_Error(s('Your phpList version is older than two years. Please %supgrade phpList</a> before continuing.</br>
+            Visit <a href="https://www.phplist.org/users/" title="'.s('Get some help').'">the support site</a> if you need some help.'
+            ,'<a href="https://www.phplist.com/download?utm_source=pl'.VERSION.'&amp;utm_medium=outdated-download-forced&amp;utm_campaign=phpList" title="'.s('Download the latest version').'" target="_blank">'));
+        return;
+    }
+
+    if (!defined('PHP_VERSION_ID') || PHP_VERSION_ID < 50300) {
+        Fatal_Error(s('Your PHP version is too old. Please upgrade PHP before continuing'));
+        return;
+    }
     if (defined('ENABLE_RSS') && ENABLE_RSS && !function_exists('xml_parse') && WARN_ABOUT_PHP_SETTINGS) {
         Warn($GLOBALS['I18N']->get('You are trying to use RSS, but XML is not included in your PHP'));
     }