diff -ruN security/mailzu/files/patch-config_init.php security/mailzu.new/files/patch-config_init.php
--- security/mailzu/files/patch-config_init.php 1970-01-01 01:00:00.000000000 +0100
+++ security/mailzu.new/files/patch-config_init.php 2018-08-17 07:26:55.135394000 +0200
@@ -0,0 +1,11 @@
+--- config/init.php.orig 2007-06-14 19:00:15 UTC
++++ config/init.php
+@@ -35,7 +35,7 @@
+ session_start();
+
+ // Turn off magic quotes (do not edit!)
+-set_magic_quotes_runtime(0);
++// set_magic_quotes_runtime(0);
+
+ $conf['app']['version'] = '0.8RC3';
+
diff -ruN security/mailzu/files/patch-config_langs.php security/mailzu.new/files/patch-config_langs.php
--- security/mailzu/files/patch-config_langs.php 1970-01-01 01:00:00.000000000 +0100
+++ security/mailzu.new/files/patch-config_langs.php 2018-08-17 07:46:10.653708000 +0200
@@ -0,0 +1,11 @@
+--- config/langs.php.orig 2007-06-14 19:00:15 UTC
++++ config/langs.php
+@@ -113,7 +113,7 @@ function get_browser_lang() {
+ global $languages;
+
+ if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) && !empty($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
+- $http_accepted = split(',',$_SERVER['HTTP_ACCEPT_LANGUAGE']);
++ $http_accepted = str_split(',',$_SERVER['HTTP_ACCEPT_LANGUAGE']);
+ for ($i = 0; $i < count($http_accepted); $i++) {
+ foreach ($languages as $lang => $vals) {
+ if (eregi($vals[0], $http_accepted[$i]))
diff -ruN security/mailzu/files/patch-lib_Auth.class.php security/mailzu.new/files/patch-lib_Auth.class.php
--- security/mailzu/files/patch-lib_Auth.class.php 1970-01-01 01:00:00.000000000 +0100
+++ security/mailzu.new/files/patch-lib_Auth.class.php 2018-08-17 07:26:55.137757000 +0200
@@ -0,0 +1,129 @@
+--- lib/Auth.class.php.orig 2007-06-14 19:00:15 UTC
++++ lib/Auth.class.php
+@@ -43,42 +43,42 @@ class Auth {
+ * and start the session
+ * @param none
+ */
+- //function Auth() {
++ //public static function Auth() {
+ // $this->db = new AuthDB();
+ //}
+
+ /**
+ * Check if user is a super administrator
+- * This function checks to see if the currently
++ * This public static function checks to see if the currently
+ * logged in user is the administrator, granting
+ * them special permissions
+ * @param none
+ * @return boolean whether the user is a s_admin
+ */
+- function isAdmin() {
++ public static function isAdmin() {
+ return isset($_SESSION['sessionAdmin']);
+ }
+
+ /**
+ * Check if user is a mail administrator
+- * This function checks to see if the currently
++ * This public static function checks to see if the currently
+ * logged in user is the administrator, granting
+ * them special permissions
+ * @param none
+ * @return boolean whether the user is a m_admin
+ */
+- function isMailAdmin() {
++ public static function isMailAdmin() {
+ return (isset($_SESSION['sessionMailAdmin']) || isset($_SESSION['sessionAdmin']));
+ }
+
+ /**
+ * Check user login
+- * This function checks to see if the user has
++ * This public static function checks to see if the user has
+ * a valid session set (if they are logged in)
+ * @param none
+ * @return boolean whether the user is logged in
+ */
+- function is_logged_in() {
++ public static function is_logged_in() {
+ return isset($_SESSION['sessionID']);
+ }
+
+@@ -87,7 +87,7 @@ class Auth {
+ * @param none
+ * @return the userid, or null if the user is not logged in
+ */
+- function getCurrentID() {
++ public static function getCurrentID() {
+ return $_SESSION['sessionID'];//isset($_SESSION['sessionID']) ? $_SESSION['sessionID'] : null;
+ }
+
+@@ -281,7 +281,7 @@ class Auth {
+ }
+ }
+
+- function isAllowedToLogin( $username ) {
++ public static function isAllowedToLogin( $username ) {
+
+ global $conf;
+
+@@ -333,7 +333,7 @@ class Auth {
+ * @param none
+ * @return whether the user is attempting to log in
+ */
+- function isAttempting() {
++ public static function isAttempting() {
+ return $this->is_attempt;
+ }
+
+@@ -341,7 +341,7 @@ class Auth {
+ * Kills app
+ * @param none
+ */
+- function kill() {
++ public static function kill() {
+ die;
+ }
+
+@@ -349,7 +349,7 @@ class Auth {
+ * Destroy any lingering sessions
+ * @param none
+ */
+- function clean() {
++ public static function clean() {
+ // Destroy all session variables
+ unset($_SESSION['sessionID']);
+ unset($_SESSION['sessionName']);
+@@ -359,11 +359,11 @@ class Auth {
+ }
+
+ /**
+- * Wrapper function to call template 'printLoginForm' function
++ * Wrapper public static function to call template 'printLoginForm' function
+ * @param string $msg error messages to display for user
+ * @param string $resume page to resume after a login
+ */
+- function printLoginForm($msg = '', $resume = '') {
++ public static function printLoginForm($msg = '', $resume = '') {
+ printLoginForm($msg, $resume);
+ }
+
+@@ -371,7 +371,7 @@ class Auth {
+ * Prints a message telling the user to log in
+ * @param boolean $kill whether to end the program or not
+ */
+- function print_login_msg($kill = true) {
++ public static function print_login_msg($kill = true) {
+ CmnFns::redirect(CmnFns::getScriptURL() . '/index.php?auth=no&resume=' . urlencode($_SERVER['PHP_SELF']) . '?' . urlencode($_SERVER['QUERY_STRING']));
+ }
+
+@@ -379,7 +379,7 @@ class Auth {
+ * Prints out the latest success box
+ * @param none
+ */
+- function print_success_box() {
++ public static function print_success_box() {
+ CmnFns::do_message_box($this->success);
+ }
+ }
diff -ruN security/mailzu/files/patch-lib_CmnFns.class.php security/mailzu.new/files/patch-lib_CmnFns.class.php
--- security/mailzu/files/patch-lib_CmnFns.class.php 1970-01-01 01:00:00.000000000 +0100
+++ security/mailzu.new/files/patch-lib_CmnFns.class.php 2018-08-17 07:26:55.138937000 +0200
@@ -0,0 +1,296 @@
+--- lib/CmnFns.class.php.orig 2007-06-14 19:00:15 UTC
++++ lib/CmnFns.class.php
+@@ -53,7 +53,7 @@ class CmnFns {
+ * @param double $time time to convert in minutes
+ * @return string time in 12 hour time
+ */
+- function formatTime($time) {
++ public static function formatTime($time) {
+ global $conf;
+
+ // Set up time array with $timeArray[0]=hour, $timeArray[1]=minute
+@@ -82,7 +82,7 @@ class CmnFns {
+ * @param string $date string (yyyy-mm-dd)
+ * @return int timestamp
+ */
+- function formatDateISO($date) {
++ public static function formatDateISO($date) {
+
+ $time = strtotime($date);
+ return $time;
+@@ -94,7 +94,7 @@ class CmnFns {
+ * @param string $format format to put datestamp into
+ * @return string date as $format or as default format
+ */
+- function formatDate($date, $format = '') {
++ public static function formatDate($date, $format = '') {
+ global $dates;
+
+ if (empty($format)) $format = $dates['general_date'];
+@@ -108,7 +108,7 @@ class CmnFns {
+ * @param string $format format to put datestamp into
+ * @return string date/time as $format or as default format
+ */
+- function formatDateTime($ts, $format = '') {
++ public static function formatDateTime($ts, $format = '') {
+ global $conf;
+ global $dates;
+
+@@ -123,7 +123,7 @@ class CmnFns {
+ * @param int $minutes minutes to convert
+ * @return string version of hours and minutes
+ */
+- function minutes_to_hours($minutes) {
++ public static function minutes_to_hours($minutes) {
+ if ($minutes == 0)
+ return '0 ' . translate('hours');
+
+@@ -137,7 +137,7 @@ class CmnFns {
+ * @param none
+ * @return url url of curent script directory
+ */
+- function getScriptURL() {
++ public static function getScriptURL() {
+ global $conf;
+ $uri = $conf['app']['weburi'];
+ return (strrpos($uri, '/') === false) ? $uri : substr($uri, 0, strlen($uri));
+@@ -150,7 +150,7 @@ class CmnFns {
+ * @param string $style inline CSS style definition to apply to box
+ * @param boolean $die whether to kill the app or not
+ */
+- function do_error_box($msg, $style='', $die = true) {
++ public static function do_error_box($msg, $style='', $die = true) {
+ global $conf;
+
+ echo '
' . $msg . '
';
+@@ -171,7 +171,7 @@ class CmnFns {
+ * @param string $msg message to print out
+ * @param string $style inline CSS style definition to apply to box
+ */
+- function do_message_box($msg, $style='') {
++ public static function do_message_box($msg, $style='') {
+ echo '
' . $msg . '
';
+ }
+
+@@ -181,7 +181,7 @@ class CmnFns {
+ * @param none
+ * @return Link object
+ */
+- function getNewLink() {
++ public static function getNewLink() {
+ return new Link();
+ }
+
+@@ -191,7 +191,7 @@ class CmnFns {
+ * @param none
+ * @return Pager object
+ */
+- function getNewPager() {
++ public static function getNewPager() {
+ return new Pager();
+ }
+
+@@ -200,7 +200,7 @@ class CmnFns {
+ * @param none
+ * @return array of cleaned up POST values
+ */
+- function cleanPostVals() {
++ public static function cleanPostVals() {
+ $return = array();
+
+ foreach ($_POST as $key => $val)
+@@ -214,7 +214,7 @@ class CmnFns {
+ * @param none
+ * @return array of cleaned up data
+ */
+- function cleanVals($data) {
++ public static function cleanVals($data) {
+ $return = array();
+
+ foreach ($data as $key => $val)
+@@ -228,7 +228,7 @@ class CmnFns {
+ * @param string $vert value of vertical order
+ * @return string vertical order
+ */
+- function get_vert_order($get_name = 'vert') {
++ public static function get_vert_order($get_name = 'vert') {
+ // If no vertical value is specified, use DESC
+ $vert = isset($_GET[$get_name]) ? $_GET[$get_name] : 'DESC';
+
+@@ -251,7 +251,7 @@ class CmnFns {
+ * @param array $orders all valid order names
+ * @return string order of recorset
+ */
+- function get_value_order($orders = array(), $get_name = 'order') {
++ public static function get_value_order($orders = array(), $get_name = 'order') {
+ if (empty($orders)) // Return null if the order array is empty
+ return NULL;
+
+@@ -269,12 +269,12 @@ class CmnFns {
+
+
+ /**
+- * Opposite of php's nl2br function.
++ * Opposite of php's nl2br public static function.
+ * Subs in a newline for all brs
+ * @param string $subject line to make subs on
+ * @return reformatted line
+ */
+- function br2nl($subject) {
++ public static function br2nl($subject) {
+ return str_replace(' ', "\n", $subject);
+ }
+
+@@ -284,7 +284,7 @@ class CmnFns {
+ * @param string $userid memeber id of user performing the action
+ * @param string $ip ip address of user performing the action
+ */
+- function write_log($string, $userid = NULL, $ip = NULL) {
++ public static function write_log($string, $userid = NULL, $ip = NULL) {
+ global $conf;
+ $delim = "\t";
+ $file = $conf['app']['logfile'];
+@@ -319,7 +319,7 @@ class CmnFns {
+ * @param int $day_of_week day of the week
+ * @param int $type how to return the day name (0 = full, 1 = one letter, 2 = two letter, 3 = three letter)
+ */
+- function get_day_name($day_of_week, $type = 0) {
++ public static function get_day_name($day_of_week, $type = 0) {
+ global $days_full;
+ global $days_abbr;
+ global $days_letter;
+@@ -343,7 +343,7 @@ class CmnFns {
+ * @param string $location new http location
+ * @param int $time time in seconds to wait before redirect
+ */
+- function redirect($location, $time = 0, $die = true) {
++ public static function redirect($location, $time = 0, $die = true) {
+ header("Refresh: $time; URL=$location");
+ if ($die) exit;
+ }
+@@ -352,7 +352,7 @@ class CmnFns {
+ * Prints out the HTML to choose a language
+ * @param none
+ */
+- function print_language_pulldown() {
++ public static function print_language_pulldown() {
+ global $conf;
+ ?>
+