X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=functions%2Fglobal.php;h=92a3705ecb343388958431594b2d30a3b895fe34;hb=93a29a5d713e2e06b0152b51c7dc0d27b3c8c1a8;hp=84db5ec529fdc020090151ac540d10da04af4976;hpb=abd74f7defe104b7d691be5670f59a46b0b7d025;p=squirrelmail.git diff --git a/functions/global.php b/functions/global.php index 84db5ec5..92a3705e 100644 --- a/functions/global.php +++ b/functions/global.php @@ -3,79 +3,44 @@ /** * global.php * - * Copyright (c) 1999-2004 The SquirrelMail Project Team - * Licensed under the GNU GPL. For full terms see the file COPYING. - * - * This includes code to update < 4.1.0 globals to the newer format + * This includes code to update < 4.1.0 globals to the newer format * It also has some session register functions that work across various - * php versions. + * php versions. * - * $Id$ + * @copyright © 1999-2009 The SquirrelMail Project Team + * @license http://opensource.org/licenses/gpl-license.php GNU Public License + * @version $Id$ * @package squirrelmail */ -/** Bring in the config file. */ -require_once(SM_PATH . 'config/config.php'); - -/** set the name of the session cookie */ -if(isset($session_name) && $session_name) { - ini_set('session.name' , $session_name); -} else { - ini_set('session.name' , 'SQMSESSID'); -} - -/** If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways. - * Force magic_quotes_runtime off. - * tassium@squirrelmail.org - I put it here in the hopes that all SM code includes this. - * If there's a better place, please let me know. - */ -ini_set('magic_quotes_runtime','0'); - -/* Since we decided all IMAP servers must implement the UID command as defined in - * the IMAP RFC, we force $uid_support to be on. +/** */ +define('SQ_INORDER',0); +define('SQ_GET',1); +define('SQ_POST',2); +define('SQ_SESSION',3); +define('SQ_COOKIE',4); +define('SQ_SERVER',5); +define('SQ_FORM',6); -global $uid_support; -$uid_support = true; - -sqsession_is_active(); - -/* if running with magic_quotes_gpc then strip the slashes - from POST and GET global arrays */ - -if (get_magic_quotes_gpc()) { - sqstripslashes($_GET); - sqstripslashes($_POST); -} - -/* strip any tags added to the url from PHP_SELF. - This fixes hand crafted url XXS expoits for any - page that uses PHP_SELF as the FORM action */ - -$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']); -/** - * returns true if current php version is at mimimum a.b.c - * +/** + * returns true if current php version is at mimimum a.b.c + * * Called: check_php_version(4,1) * @param int a major version number * @param int b minor version number * @param int c release number * @return bool */ -function check_php_version ($a = '0', $b = '0', $c = '0') +function check_php_version ($a = '0', $b = '0', $c = '0') { - global $SQ_PHP_VERSION; - - if(!isset($SQ_PHP_VERSION)) - $SQ_PHP_VERSION = substr( str_pad( preg_replace('/\D/','', PHP_VERSION), 3, '0'), 0, 3); - - return $SQ_PHP_VERSION >= ($a.$b.$c); + return version_compare ( PHP_VERSION, "$a.$b.$c", 'ge' ); } /** - * returns true if the current internal SM version is at minimum a.b.c - * These are plain integer comparisons, as our internal version is + * returns true if the current internal SM version is at minimum a.b.c + * These are plain integer comparisons, as our internal version is * constructed by us, as an array of 3 ints. * * Called: check_sm_version(1,3,3) @@ -89,12 +54,14 @@ function check_sm_version($a = 0, $b = 0, $c = 0) global $SQM_INTERNAL_VERSION; if ( !isset($SQM_INTERNAL_VERSION) || $SQM_INTERNAL_VERSION[0] < $a || - $SQM_INTERNAL_VERSION[1] < $b || - ( $SQM_INTERNAL_VERSION[1] == $b && + ( $SQM_INTERNAL_VERSION[0] == $a && + $SQM_INTERNAL_VERSION[1] < $b) || + ( $SQM_INTERNAL_VERSION[0] == $a && + $SQM_INTERNAL_VERSION[1] == $b && $SQM_INTERNAL_VERSION[2] < $c ) ) { return FALSE; - } - return TRUE; + } + return TRUE; } @@ -116,6 +83,54 @@ function sqstripslashes(&$array) { } } +/** + * Squelch error output to screen (only) for the given function. + * If the SquirrelMail debug mode SM_DEBUG_MODE_ADVANCED is not + * enabled, error output will not go to the log, either. + * + * This provides an alternative to the @ error-suppression + * operator where errors will not be shown in the interface + * but will show up in the server log file (assuming the + * administrator has configured PHP logging). + * + * @since 1.4.12 and 1.5.2 + * + * @param string $function The function to be executed + * @param array $args The arguments to be passed to the function + * (OPTIONAL; default no arguments) + * NOTE: The caller must take extra action if + * the function being called is supposed + * to use any of the parameters by + * reference. In the following example, + * $x is passed by reference and $y is + * passed by value to the "my_func" + * function. + * sq_call_function_suppress_errors('my_func', array(&$x, $y)); + * + * @return mixed The return value, if any, of the function being + * executed will be returned. + * + */ +function sq_call_function_suppress_errors($function, $args=NULL) { + global $sm_debug_mode; + + $display_errors = ini_get('display_errors'); + ini_set('display_errors', '0'); + + // if advanced debug mode isn't enabled, don't log the error, either + // + if (!($sm_debug_mode & SM_DEBUG_MODE_ADVANCED)) + $error_reporting = error_reporting(0); + + $ret = call_user_func_array($function, $args); + + if (!($sm_debug_mode & SM_DEBUG_MODE_ADVANCED)) + error_reporting($error_reporting); + + ini_set('display_errors', $display_errors); + return $ret; +} + /** * Add a variable to the session. * @param mixed $var the variable to register @@ -126,9 +141,7 @@ function sqsession_register ($var, $name) { sqsession_is_active(); - $_SESSION["$name"] = $var; - - session_register("$name"); + $_SESSION[$name] = $var; } /** @@ -141,8 +154,10 @@ function sqsession_unregister ($name) { sqsession_is_active(); unset($_SESSION[$name]); - - session_unregister("$name"); + + // starts throwing warnings in PHP 5.3.0 and is + // removed in PHP 6 and is redundant anyway + //session_unregister("$name"); } /** @@ -154,60 +169,139 @@ function sqsession_unregister ($name) { function sqsession_is_registered ($name) { $test_name = &$name; $result = false; - + if (isset($_SESSION[$test_name])) { $result = true; } - + return $result; } -define('SQ_INORDER',0); -define('SQ_GET',1); -define('SQ_POST',2); -define('SQ_SESSION',3); -define('SQ_COOKIE',4); -define('SQ_SERVER',5); -define('SQ_FORM',6); +/** + * Retrieves a form variable, from a set of possible similarly named + * form variables, based on finding a different, single field. This + * is intended to allow more than one same-named inputs in a single + *