[squirrelmail.git] / functions / global.php

<?php

/**
 * globals.php
 *
 * Copyright (c) 1999-2002 The SquirrelMail Project Team
 * Licensed under the GNU GPL. For full terms see the file COPYING.
 *
 * This includes code to update < 4.1.0 globals to the newer format 
 * It also has some session register functions that work across various
 * php versions. 
 *
 * $Id$
 */

# If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
# Force magic_quotes_runtime off.
# chilts@birdbrained.org - I put it here in the hopes that all SM code includes this.
# If there's a better place, please let me know.
ini_set('magic_quotes_runtime','0');

/* convert old-style superglobals to current method
 * this is executed if you are running PHP 4.0.x.
 * it is run via a require_once directive in validate.php 
 * and redirect.php. Patch submitted by Ray Black.
 */ 

if ( !check_php_version(4,1) ) {
  global $_COOKIE, $_ENV, $_FILES, $_GET, $_POST, $_SERVER, $_SESSION;
  global $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_GET_VARS,
         $HTTP_POST_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS;
  $_COOKIE  =& $HTTP_COOKIE_VARS;
  $_ENV     =& $HTTP_ENV_VARS;
  $_FILES   =& $HTTP_POST_FILES;
  $_GET     =& $HTTP_GET_VARS;
  $_POST    =& $HTTP_POST_VARS;
  $_SERVER  =& $HTTP_SERVER_VARS;
  $_SESSION =& $HTTP_SESSION_VARS;
}

/* if running with magic_quotes_gpc then strip the slashes
   from POST and GET global arrays */

if (get_magic_quotes_gpc()) {
    sqstripslashes($_GET);
    sqstripslashes($_POST);
}

/* strip any tags added to the url from PHP_SELF.
   This fixes hand crafted url XXS expoits for any
   page that uses PHP_SELF as the FORM action */

strip_tags($_SERVER['PHP_SELF']);

/* returns true if current php version is at mimimum a.b.c */
function check_php_version ($a = '0', $b = '0', $c = '0')             
{
    global $SQ_PHP_VERSION;

    if(!isset($SQ_PHP_VERSION))
        $SQ_PHP_VERSION = substr( str_pad( preg_replace('/\D/','', PHP_VERSION), 3, '0'), 0, 3);

    return $SQ_PHP_VERSION >= ($a.$b.$c);
}

/* recursively strip slashes from the values of an array */
function sqstripslashes(&$array) {
    if(count($array) > 0) {
        foreach ($array as $index=>$value) {
            if (is_array($array[$index])) {
                sqstripslashes($array[$index]);
            }
            else {
                $array[$index] = stripslashes($value);
            }
        }
    }
}

function sqsession_register ($var, $name) {
    if ( !check_php_version(4,1) ) {
        global $HTTP_SESSION_VARS;
        $HTTP_SESSION_VARS[$name] = $var;
    }
    else {
        $_SESSION["$name"] = $var; 
    }
}

function sqsession_unregister ($name) {
    if ( !check_php_version(4,1) ) {
        global $HTTP_SESSION_VARS;
        unset($HTTP_SESSION_VARS[$name]);
    }
    else {
        unset($_SESSION[$name]);
    }
}

function sqsession_is_registered ($name) {
    $test_name = &$name;
    $result = false;
    if ( !check_php_version(4,1) ) {
        global $HTTP_SESSION_VARS;
        if (isset($HTTP_SESSION_VARS[$test_name])) {
            $result = true;
        }
    }
    else {
        if (isset($_SESSION[$test_name])) {
            $result = true;
        }
    }
    return $result;
}


/**
 *  Search for the var $name in $_SESSION, $_POST, $_GET
 *  (in that order) and register it as a global var.
 */
function sqextractGlobalVar ($name) {
    if ( !check_php_version(4,1) ) {
        global $_SESSION, $_GET, $_POST;
    }
    global  $$name;
    if( isset($_SESSION[$name]) ) {
        $$name = $_SESSION[$name];
    }
    if( isset($_POST[$name]) ) {
        $$name = $_POST[$name];
    }
    else if ( isset($_GET[$name]) ) {
        $$name =  $_GET[$name];
    }
}

function sqsession_destroy() {
    global $base_uri;

    /* start session to be able to destroy it later */
    session_start();	

    if ( !check_php_version(4,1) ) {
        global $HTTP_SESSION_VARS;
        $HTTP_SESSION_VARS = array();
    }
    else {		
        $_SESSION = array();
    }

    /*
     * now reset cookies to 5 seconds ago to delete from browser
     */

    @session_destroy();
    $cookie_params = session_get_cookie_params();	
    setcookie(session_name(), '', time() - 5, $cookie_params['path'], 
        $cookie_params['domain']);
    setcookie('username', '', time() - 5, $base_uri);
    setcookie('key', '', time() - 5 , $base_uri);
}

?>
Commit	Line	Data
61d9ec71	1	<?php
	2
	3	/**
	4	* globals.php
	5	*
	6	* Copyright (c) 1999-2002 The SquirrelMail Project Team
	7	* Licensed under the GNU GPL. For full terms see the file COPYING.
	8	*
	9	* This includes code to update < 4.1.0 globals to the newer format
242342d0	10	* It also has some session register functions that work across various
61d9ec71	11	* php versions.
61d9ec71	12	*
242342d0	13	* $Id$
61d9ec71	14	*/
61d9ec71	15
5f660901	16	# If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
	17	# Force magic_quotes_runtime off.
	18	# chilts@birdbrained.org - I put it here in the hopes that all SM code includes this.
	19	# If there's a better place, please let me know.
	20	ini_set('magic_quotes_runtime','0');
61d9ec71	21
	22	/* convert old-style superglobals to current method
	23	* this is executed if you are running PHP 4.0.x.
	24	* it is run via a require_once directive in validate.php
	25	* and redirect.php. Patch submitted by Ray Black.
	26	*/
	27
9697c5ab	28	if ( !check_php_version(4,1) ) {
61d9ec71	29	global $_COOKIE, $_ENV, $_FILES, $_GET, $_POST, $_SERVER, $_SESSION;
	30	global $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_GET_VARS,
	31	$HTTP_POST_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS;
	32	$_COOKIE =& $HTTP_COOKIE_VARS;
	33	$_ENV =& $HTTP_ENV_VARS;
	34	$_FILES =& $HTTP_POST_FILES;
	35	$_GET =& $HTTP_GET_VARS;
	36	$_POST =& $HTTP_POST_VARS;
	37	$_SERVER =& $HTTP_SERVER_VARS;
	38	$_SESSION =& $HTTP_SESSION_VARS;
	39	}
	40
180239ca	41	/* if running with magic_quotes_gpc then strip the slashes
a32985a5	42	from POST and GET global arrays */
	43
	44	if (get_magic_quotes_gpc()) {
180239ca	45	sqstripslashes($_GET);
180239ca	46	sqstripslashes($_POST);
a32985a5	47	}
	48
	49	/* strip any tags added to the url from PHP_SELF.
	50	This fixes hand crafted url XXS expoits for any
	51	page that uses PHP_SELF as the FORM action */
	52
	53	strip_tags($_SERVER['PHP_SELF']);
	54
9697c5ab	55	/* returns true if current php version is at mimimum a.b.c */
	56	function check_php_version ($a = '0', $b = '0', $c = '0')
	57	{
3aa17cf9	58	global $SQ_PHP_VERSION;
9697c5ab	59
3aa17cf9	60	if(!isset($SQ_PHP_VERSION))
5123154f	61	$SQ_PHP_VERSION = substr( str_pad( preg_replace('/\D/','', PHP_VERSION), 3, '0'), 0, 3);
9697c5ab	62
3aa17cf9	63	return $SQ_PHP_VERSION >= ($a.$b.$c);
9697c5ab	64	}
9697c5ab	65
3aa17cf9	66	/* recursively strip slashes from the values of an array */
a32985a5	67	function sqstripslashes(&$array) {
3aa17cf9	68	if(count($array) > 0) {
	69	foreach ($array as $index=>$value) {
	70	if (is_array($array[$index])) {
	71	sqstripslashes($array[$index]);
	72	}
	73	else {
	74	$array[$index] = stripslashes($value);
	75	}
a32985a5	76	}
	77	}
	78	}
	79
61d9ec71	80	function sqsession_register ($var, $name) {
9697c5ab	81	if ( !check_php_version(4,1) ) {
61d9ec71	82	global $HTTP_SESSION_VARS;
9697c5ab	83	$HTTP_SESSION_VARS[$name] = $var;
61d9ec71	84	}
61d9ec71	85	else {
d7c82551	86	$_SESSION["$name"] = $var;
61d9ec71	87	}
61d9ec71	88	}
3aa17cf9	89
61d9ec71	90	function sqsession_unregister ($name) {
9697c5ab	91	if ( !check_php_version(4,1) ) {
d7c82551	92	global $HTTP_SESSION_VARS;
9697c5ab	93	unset($HTTP_SESSION_VARS[$name]);
61d9ec71	94	}
61d9ec71	95	else {
9697c5ab	96	unset($_SESSION[$name]);
61d9ec71	97	}
61d9ec71	98	}
3aa17cf9	99
d7c82551	100	function sqsession_is_registered ($name) {
	101	$test_name = &$name;
	102	$result = false;
9697c5ab	103	if ( !check_php_version(4,1) ) {
d7c82551	104	global $HTTP_SESSION_VARS;
	105	if (isset($HTTP_SESSION_VARS[$test_name])) {
	106	$result = true;
	107	}
	108	}
	109	else {
	110	if (isset($_SESSION[$test_name])) {
	111	$result = true;
	112	}
	113	}
	114	return $result;
	115	}
	116
61d9ec71	117
	118	/**
	119	* Search for the var $name in $_SESSION, $_POST, $_GET
	120	* (in that order) and register it as a global var.
	121	*/
	122	function sqextractGlobalVar ($name) {
9697c5ab	123	if ( !check_php_version(4,1) ) {
a32985a5	124	global $_SESSION, $_GET, $_POST;
	125	}
	126	global $$name;
61d9ec71	127	if( isset($_SESSION[$name]) ) {
	128	$$name = $_SESSION[$name];
	129	}
	130	if( isset($_POST[$name]) ) {
	131	$$name = $_POST[$name];
	132	}
	133	else if ( isset($_GET[$name]) ) {
	134	$$name = $_GET[$name];
	135	}
	136	}
513db22c	137
513db22c	138	function sqsession_destroy() {
242342d0	139	global $base_uri;
	140
	141	/* start session to be able to destroy it later */
	142	session_start();
	143
9697c5ab	144	if ( !check_php_version(4,1) ) {
242342d0	145	global $HTTP_SESSION_VARS;
	146	$HTTP_SESSION_VARS = array();
	147	}
	148	else {
	149	$_SESSION = array();
	150	}
	151
	152	/*
	153	* now reset cookies to 5 seconds ago to delete from browser
	154	*/
	155
	156	@session_destroy();
	157	$cookie_params = session_get_cookie_params();
	158	setcookie(session_name(), '', time() - 5, $cookie_params['path'],
	159	$cookie_params['domain']);
	160	setcookie('username', '', time() - 5, $base_uri);
	161	setcookie('key', '', time() - 5 , $base_uri);
513db22c	162	}
513db22c	163
61d9ec71	164	?>