functions/global.php

   1 <?php
   2
   3 /**
   4  * globals.php
   5  *
   6  * Copyright (c) 1999-2002 The SquirrelMail Project Team
   7  * Licensed under the GNU GPL. For full terms see the file COPYING.
   8  *
   9  * This includes code to update < 4.1.0 globals to the newer format
  10  * It also has some session register functions that work across various
  11  * php versions.
  12  *
  13  * $Id$
  14  */
  15
  16 # If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
  17 # Force magic_quotes_runtime off.
  18 # chilts@birdbrained.org - I put it here in the hopes that all SM code includes this.
  19 # If there's a better place, please let me know.
  20 ini_set('magic_quotes_runtime','0');
  21
  22 /* convert old-style superglobals to current method
  23  * this is executed if you are running PHP 4.0.x.
  24  * it is run via a require_once directive in validate.php
  25  * and redirect.php. Patch submitted by Ray Black.
  26  */
  27
  28 if ( !check_php_version(4,1) ) {
  29   global $_COOKIE, $_ENV, $_FILES, $_GET, $_POST, $_SERVER, $_SESSION;
  30   global $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_GET_VARS,
  31          $HTTP_POST_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS;
  32   $_COOKIE  =& $HTTP_COOKIE_VARS;
  33   $_ENV     =& $HTTP_ENV_VARS;
  34   $_FILES   =& $HTTP_POST_FILES;
  35   $_GET     =& $HTTP_GET_VARS;
  36   $_POST    =& $HTTP_POST_VARS;
  37   $_SERVER  =& $HTTP_SERVER_VARS;
  38   $_SESSION =& $HTTP_SESSION_VARS;
  39 }
  40
  41 /* if running with magic_quotes_gpc then strip the slashes
  42    from POST and GET global arrays */
  43
  44 if (get_magic_quotes_gpc()) {
  45     sqstripslashes($_GET);
  46     sqstripslashes($_POST);
  47 }
  48
  49 /* strip any tags added to the url from PHP_SELF.
  50    This fixes hand crafted url XXS expoits for any
  51    page that uses PHP_SELF as the FORM action */
  52
  53 strip_tags($_SERVER['PHP_SELF']);
  54
  55 /* returns true if current php version is at mimimum a.b.c */
  56 function check_php_version ($a = '0', $b = '0', $c = '0')
  57 {
  58     global $SQ_PHP_VERSION;
  59
  60     if(!isset($SQ_PHP_VERSION))
  61         $SQ_PHP_VERSION = substr( str_pad( preg_replace('/\D/','', PHP_VERSION), 3, '0'), 0, 3);
  62
  63     return $SQ_PHP_VERSION >= ($a.$b.$c);
  64 }
  65
  66 /* recursively strip slashes from the values of an array */
  67 function sqstripslashes(&$array) {
  68     if(count($array) > 0) {
  69         foreach ($array as $index=>$value) {
  70             if (is_array($array[$index])) {
  71                 sqstripslashes($array[$index]);
  72             }
  73             else {
  74                 $array[$index] = stripslashes($value);
  75             }
  76         }
  77     }
  78 }
  79
  80 function sqsession_register ($var, $name) {
  81     if ( !check_php_version(4,1) ) {
  82         global $HTTP_SESSION_VARS;
  83         $HTTP_SESSION_VARS[$name] = $var;
  84     }
  85     else {
  86         $_SESSION["$name"] = $var;
  87     }
  88 }
  89
  90 function sqsession_unregister ($name) {
  91     if ( !check_php_version(4,1) ) {
  92         global $HTTP_SESSION_VARS;
  93         unset($HTTP_SESSION_VARS[$name]);
  94     }
  95     else {
  96         unset($_SESSION[$name]);
  97     }
  98 }
  99
 100 function sqsession_is_registered ($name) {
 101     $test_name = &$name;
 102     $result = false;
 103     if ( !check_php_version(4,1) ) {
 104         global $HTTP_SESSION_VARS;
 105         if (isset($HTTP_SESSION_VARS[$test_name])) {
 106             $result = true;
 107         }
 108     }
 109     else {
 110         if (isset($_SESSION[$test_name])) {
 111             $result = true;
 112         }
 113     }
 114     return $result;
 115 }
 116
 117
 118 /**
 119  *  Search for the var $name in $_SESSION, $_POST, $_GET
 120  *  (in that order) and register it as a global var.
 121  */
 122 function sqextractGlobalVar ($name) {
 123     if ( !check_php_version(4,1) ) {
 124         global $_SESSION, $_GET, $_POST;
 125     }
 126     global  $$name;
 127     if( isset($_SESSION[$name]) ) {
 128         $$name = $_SESSION[$name];
 129     }
 130     if( isset($_POST[$name]) ) {
 131         $$name = $_POST[$name];
 132     }
 133     else if ( isset($_GET[$name]) ) {
 134         $$name =  $_GET[$name];
 135     }
 136 }
 137
 138 function sqsession_destroy() {
 139     global $base_uri;
 140
 141     /* start session to be able to destroy it later */
 142     session_start();
 143
 144     if ( !check_php_version(4,1) ) {
 145         global $HTTP_SESSION_VARS;
 146         $HTTP_SESSION_VARS = array();
 147     }
 148     else {
 149         $_SESSION = array();
 150     }
 151
 152     /*
 153      * now reset cookies to 5 seconds ago to delete from browser
 154      */
 155
 156     @session_destroy();
 157     $cookie_params = session_get_cookie_params();
 158     setcookie(session_name(), '', time() - 5, $cookie_params['path'],
 159         $cookie_params['domain']);
 160     setcookie('username', '', time() - 5, $base_uri);
 161     setcookie('key', '', time() - 5 , $base_uri);
 162 }
 163
 164 ?>