}
/**
- * If register_globals are on, unregister all globals from $_GET, $_POST,
- * and $_COOKIE. Before 4.3.0 $_FILES globals are unregistered too. Code
- * requires PHP 4.1.0 or newer.
+ * If register_globals are on, unregister globals.
+ * Code requires PHP 4.1.0 or newer.
*/
if ((bool) @ini_get('register_globals')) {
+ /**
+ * Remove all globals from $_GET, $_POST, and $_COOKIE.
+ */
foreach ($_REQUEST as $key => $value) {
unset($GLOBALS[$key]);
}
+ /**
+ * Remove globalized $_FILES variables
+ * Before 4.3.0 $_FILES are included in $_REQUEST.
+ * Unglobalize them in separate call in order to remove dependency
+ * on PHP version.
+ */
+ foreach ($_FILES as $key => $value) {
+ unset($GLOBALS[$key]);
+ // there are three undocumented $_FILES globals.
+ unset($GLOBALS[$key.'_type']);
+ unset($GLOBALS[$key.'_name']);
+ unset($GLOBALS[$key.'_size']);
+ }
+ /**
+ * Remove globalized environment variables.
+ */
+ foreach ($_ENV as $key => $value) {
+ unset($GLOBALS[$key]);
+ }
+ /**
+ * Remove globalized server variables.
+ */
+ foreach ($_SERVER as $key => $value) {
+ unset($GLOBALS[$key]);
+ }
}
/* strip any tags added to the url from PHP_SELF.
sqsession_is_active();
+/**
+ * Remove globalized session data in rg=on setups
+ */
+if ((bool) @ini_get('register_globals')) {
+ foreach ($_SESSION as $key => $value) {
+ unset($GLOBALS[$key]);
+ }
+}
?>
\ No newline at end of file
do_err($mb_error);
}
-/**
- * We code with register_globals = off. SquirrelMail should work in such setup
- * since 1.2.9 and 1.3.0. Running SquirrelMail with register_globals = on can
- * cause variable corruption and security issues. Globals can be turned off in
- * php.ini, webserver config and .htaccess files. Scripts can turn off globals only
- * in php 4.2.3 or older.
- */
-if ((bool) ini_get('register_globals')) {
- $rg_error='You have enabled php register_globals.'
- .' Running PHP installation with register_globals=on can cause problems.'
- .' See <a href="http://www.php.net/manual/en/security.registerglobals.php">'
- .'security information about register_globals</a>.';
- do_err($rg_error);
-}
-
/* checking paths */
echo "Checking paths...<br />\n";