X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=functions%2Fglobal.php;h=498700b888d4857c7117e2256ea13543ab2cae20;hb=d9ad25253585e8da40d8bc979bc369e68ecb07f7;hp=5221b44ec909ea1bee7f608472e917b200a94474;hpb=f31687f676e7f2e695593f04730902cef5335a9d;p=squirrelmail.git diff --git a/functions/global.php b/functions/global.php index 5221b44e..498700b8 100644 --- a/functions/global.php +++ b/functions/global.php @@ -3,7 +3,7 @@ /** * globals.php * - * Copyright (c) 1999-2002 The SquirrelMail Project Team + * Copyright (c) 1999-2003 The SquirrelMail Project Team * Licensed under the GNU GPL. For full terms see the file COPYING. * * This includes code to update < 4.1.0 globals to the newer format @@ -13,6 +13,15 @@ * $Id$ */ +require_once(SM_PATH . 'config/config.php'); + +/* set the name of the session cookie */ +if(isset($session_name) && $session_name) { + ini_set('session.name' , $session_name); +} else { + ini_set('session.name' , 'SQMSESSID'); +} + /* If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways. * Force magic_quotes_runtime off. * chilts@birdbrained.org - I put it here in the hopes that all SM code includes this. @@ -29,7 +38,7 @@ ini_set('magic_quotes_runtime','0'); if ( !check_php_version(4,1) ) { global $_COOKIE, $_ENV, $_FILES, $_GET, $_POST, $_SERVER, $_SESSION; global $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_GET_VARS, - $HTTP_POST_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS; + $HTTP_POST_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $PHP_SELF; $_COOKIE =& $HTTP_COOKIE_VARS; $_ENV =& $HTTP_ENV_VARS; $_FILES =& $HTTP_POST_FILES; @@ -37,6 +46,9 @@ if ( !check_php_version(4,1) ) { $_POST =& $HTTP_POST_VARS; $_SERVER =& $HTTP_SERVER_VARS; $_SESSION =& $HTTP_SESSION_VARS; + if (!isset($PHP_SELF) || empty($PHP_SELF)) { + $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF']; + } } /* if running with magic_quotes_gpc then strip the slashes @@ -53,17 +65,42 @@ if (get_magic_quotes_gpc()) { $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']); -/* returns true if current php version is at mimimum a.b.c */ +/** + * returns true if current php version is at mimimum a.b.c + * + * Called: check_php_version(4,1) + */ function check_php_version ($a = '0', $b = '0', $c = '0') { global $SQ_PHP_VERSION; - + if(!isset($SQ_PHP_VERSION)) $SQ_PHP_VERSION = substr( str_pad( preg_replace('/\D/','', PHP_VERSION), 3, '0'), 0, 3); return $SQ_PHP_VERSION >= ($a.$b.$c); } +/** + * returns true if the current internal SM version is at minimum a.b.c + * These are plain integer comparisons, as our internal version is + * constructed by us, as an array of 3 ints. + * + * Called: check_sm_version(1,3,3) + */ +function check_sm_version($a = 0, $b = 0, $c = 0) +{ + global $SQM_INTERNAL_VERSION; + if ( !isset($SQM_INTERNAL_VERSION) || + $SQM_INTERNAL_VERSION[0] < $a || + $SQM_INTERNAL_VERSION[1] < $b || + ( $SQM_INTERNAL_VERSION[1] == $b && + $SQM_INTERNAL_VERSION[2] < $c ) ) { + return FALSE; + } + return TRUE; +} + + /* recursively strip slashes from the values of an array */ function sqstripslashes(&$array) { if(count($array) > 0) { @@ -124,24 +161,92 @@ function sqsession_is_registered ($name) { } +define('SQ_INORDER',0); +define('SQ_GET',1); +define('SQ_POST',2); +define('SQ_SESSION',3); +define('SQ_COOKIE',4); +define('SQ_SERVER',5); +define('SQ_FORM',6); + /** - * Search for the var $name in $_SESSION, $_POST, $_GET - * (in that order) and register it as a global var. + * Search for the var $name in $_SESSION, $_POST, $_GET, + * $_COOKIE, or $_SERVER and set it in provided var. + * + * If $search is not provided, or == SQ_INORDER, it will search + * $_SESSION, then $_POST, then $_GET. Otherwise, + * use one of the defined constants to look for + * a var in one place specifically. + * + * Note: $search is an int value equal to one of the + * constants defined above. + * + * example: + * sqgetGlobalVar('username',$username,SQ_SESSION); + * -- no quotes around last param! + * + * Returns FALSE if variable is not found. + * Returns TRUE if it is. */ -function sqextractGlobalVar ($name) { +function sqgetGlobalVar($name, &$value, $search = SQ_INORDER) { + if ( !check_php_version(4,1) ) { - global $_SESSION, $_GET, $_POST; - } - global $$name; - if( isset($_SESSION[$name]) ) { - $$name = $_SESSION[$name]; + global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS, + $HTTP_SERVER_VARS, $HTTP_SESSION_VARS; + + $_COOKIE =& $HTTP_COOKIE_VARS; + $_GET =& $HTTP_GET_VARS; + $_POST =& $HTTP_POST_VARS; + $_SERVER =& $HTTP_SERVER_VARS; + $_SESSION =& $HTTP_SESSION_VARS; } - if( isset($_POST[$name]) ) { - $$name = $_POST[$name]; - } - else if ( isset($_GET[$name]) ) { - $$name = $_GET[$name]; + + /* NOTE: DO NOT enclose the constants in the switch + statement with quotes. They are constant values, + enclosing them in quotes will cause them to evaluate + as strings. */ + switch ($search) { + /* we want the default case to be first here, + so that if a valid value isn't specified, + all three arrays will be searched. */ + default: + case SQ_INORDER: // check session, post, get + case SQ_SESSION: + if( isset($_SESSION[$name]) ) { + $value = $_SESSION[$name]; + return TRUE; + } elseif ( $search == SQ_SESSION ) { + break; + } + case SQ_FORM: // check post, get + case SQ_POST: + if( isset($_POST[$name]) ) { + $value = $_POST[$name]; + return TRUE; + } elseif ( $search == SQ_POST ) { + break; + } + case SQ_GET: + if ( isset($_GET[$name]) ) { + $value = $_GET[$name]; + return TRUE; + } + /* NO IF HERE. FOR SQ_INORDER CASE, EXIT after GET */ + break; + case SQ_COOKIE: + if ( isset($_COOKIE[$name]) ) { + $value = $_COOKIE[$name]; + return TRUE; + } + break; + case SQ_SERVER: + if ( isset($_SERVER[$name]) ) { + $value = $_SERVER[$name]; + return TRUE; + } + break; } + return FALSE; } function sqsession_destroy() { @@ -171,7 +276,7 @@ function sqsession_destroy() { } else { $_SESSION = array(); } - @session_destroy; + @session_destroy(); } }