X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=functions%2Fglobal.php;h=9c5bafb78625537bec5b17fee5eb984b9eb2caf7;hb=30460a05016c7e066ad7b28df7788539e4054a99;hp=c20249f55192adcf23e8d0b835b03fce46000d77;hpb=4b4abf93a9624311afef0c385023724ee46a2b60;p=squirrelmail.git diff --git a/functions/global.php b/functions/global.php index c20249f5..9c5bafb7 100644 --- a/functions/global.php +++ b/functions/global.php @@ -7,50 +7,22 @@ * It also has some session register functions that work across various * php versions. * - * @copyright © 1999-2005 The SquirrelMail Project Team + * @copyright 1999-2009 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail */ - -/** set the name of the session cookie */ -if(isset($session_name) && $session_name) { - ini_set('session.name' , $session_name); -} else { - ini_set('session.name' , 'SQMSESSID'); -} - /** - * If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways. - * Force magic_quotes_runtime off. - * tassium@squirrelmail.org - I put it here in the hopes that all SM code includes this. - * If there's a better place, please let me know. */ -ini_set('magic_quotes_runtime','0'); - -/* Since we decided all IMAP servers must implement the UID command as defined in - * the IMAP RFC, we force $uid_support to be on. - */ - -global $uid_support; -$uid_support = true; - -sqsession_is_active(); - -/* if running with magic_quotes_gpc then strip the slashes - from POST and GET global arrays */ - -if (get_magic_quotes_gpc()) { - sqstripslashes($_GET); - sqstripslashes($_POST); -} - -/* strip any tags added to the url from PHP_SELF. - This fixes hand crafted url XXS expoits for any - page that uses PHP_SELF as the FORM action */ +define('SQ_INORDER',0); +define('SQ_GET',1); +define('SQ_POST',2); +define('SQ_SESSION',3); +define('SQ_COOKIE',4); +define('SQ_SERVER',5); +define('SQ_FORM',6); -$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']); /** * returns true if current php version is at mimimum a.b.c @@ -111,6 +83,54 @@ function sqstripslashes(&$array) { } } +/** + * Squelch error output to screen (only) for the given function. + * If the SquirrelMail debug mode SM_DEBUG_MODE_ADVANCED is not + * enabled, error output will not go to the log, either. + * + * This provides an alternative to the @ error-suppression + * operator where errors will not be shown in the interface + * but will show up in the server log file (assuming the + * administrator has configured PHP logging). + * + * @since 1.4.12 and 1.5.2 + * + * @param string $function The function to be executed + * @param array $args The arguments to be passed to the function + * (OPTIONAL; default no arguments) + * NOTE: The caller must take extra action if + * the function being called is supposed + * to use any of the parameters by + * reference. In the following example, + * $x is passed by reference and $y is + * passed by value to the "my_func" + * function. + * sq_call_function_suppress_errors('my_func', array(&$x, $y)); + * + * @return mixed The return value, if any, of the function being + * executed will be returned. + * + */ +function sq_call_function_suppress_errors($function, $args=NULL) { + global $sm_debug_mode; + + $display_errors = ini_get('display_errors'); + ini_set('display_errors', '0'); + + // if advanced debug mode isn't enabled, don't log the error, either + // + if (!($sm_debug_mode & SM_DEBUG_MODE_ADVANCED)) + $error_reporting = error_reporting(0); + + $ret = call_user_func_array($function, $args); + + if (!($sm_debug_mode & SM_DEBUG_MODE_ADVANCED)) + error_reporting($error_reporting); + + ini_set('display_errors', $display_errors); + return $ret; +} + /** * Add a variable to the session. * @param mixed $var the variable to register @@ -121,9 +141,7 @@ function sqsession_register ($var, $name) { sqsession_is_active(); - $_SESSION["$name"] = $var; - - session_register("$name"); + $_SESSION[$name] = $var; } /** @@ -137,7 +155,9 @@ function sqsession_unregister ($name) { unset($_SESSION[$name]); - session_unregister("$name"); + // starts throwing warnings in PHP 5.3.0 and is + // removed in PHP 6 and is redundant anyway + //session_unregister("$name"); } /** @@ -158,41 +178,119 @@ function sqsession_is_registered ($name) { } -define('SQ_INORDER',0); -define('SQ_GET',1); -define('SQ_POST',2); -define('SQ_SESSION',3); -define('SQ_COOKIE',4); -define('SQ_SERVER',5); -define('SQ_FORM',6); +/** + * Retrieves a form variable, from a set of possible similarly named + * form variables, based on finding a different, single field. This + * is intended to allow more than one same-named inputs in a single + *