* It also has two session register functions that work across various
* php versions.
*
- * $Id$
+ * $Id $
*/
$_SESSION =& $HTTP_SESSION_VARS;
}
+/* if running with register_globals = 0 and
+ magic_quotes_gpc then strip the slashes
+ from POST and GET global arrays */
+
+if (get_magic_quotes_gpc()) {
+ if (ini_get('register_globals') == 0) {
+ sqstripslashes($_GET);
+ sqstripslashes($_POST);
+ }
+}
+
+/* strip any tags added to the url from PHP_SELF.
+ This fixes hand crafted url XXS expoits for any
+ page that uses PHP_SELF as the FORM action */
+
+strip_tags($_SERVER['PHP_SELF']);
+
+function sqstripslashes(&$array) {
+ foreach ($array as $index=>$value) {
+ if (is_array($array["$index"])) {
+ sqstripslashes($array["$index"]);
+ }
+ else {
+ $array["$index"] = stripslashes($value);
+ }
+ }
+}
+
function sqsession_register ($var, $name) {
$rg = ini_get('register_globals');
if ( (float)substr(PHP_VERSION,0,3) < 4.1 && empty($rg)) {
* (in that order) and register it as a global var.
*/
function sqextractGlobalVar ($name) {
- global $_SESSION, $_GET, $_POST, $$name;
-
+ if ( (float)substr(PHP_VERSION,0,3) < 4.1 ) {
+ global $_SESSION, $_GET, $_POST;
+ }
+ global $$name;
if( isset($_SESSION[$name]) ) {
$$name = $_SESSION[$name];
}
require_once(SM_PATH . 'functions/array.php');
require_once(SM_PATH . 'functions/tree.php');
+/* get those globals */
+
+$key = $_COOKIE['key'];
+$username = $_SESSION['username'];
+$onetimepad = $_SESSION['onetimepad'];
+$delimiter = $_SESSION['delimiter'];
+
+/* finished globals */
+
$imap_stream = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
sqimap_mailbox_list($imap_stream);
$mailbox = $trash_folder;
$boxes = sqimap_mailbox_list($imap_stream);
-global $delimiter;
/*
* According to RFC2060, a DELETE command should NOT remove inferiors (sub folders)
displayPageHeader($color, 'None');
+/* get globals we may need */
+
+$username = $_SESSION['username'];
+$key = $_COOKIE['key'];
+$delimiter = $_SESSION['delimiter'];
+$onetimepad = $_SESSION['onetimepad'];
+if (isset($_GET['success'])) {
+ $success = $_GET['success'];
+}
+
+/* end of get globals */
+
echo '<br>' .
html_tag( 'table', '', 'center', $color[0], 'width="95%" cellpadding="1" cellspacing="0" border="0"' ) .
html_tag( 'tr' ) .
require_once(SM_PATH . 'functions/imap.php');
require_once(SM_PATH . 'functions/display_messages.php');
+/* get globals we may need */
+
+$username = $_SESSION['username'];
+$key = $_COOKIE['key'];
+$delimiter = $_SESSION['delimiter'];
+$onetimepad = $_SESSION['onetimepad'];
+$folder_name = $_POST['folder_name'];
+$subfolder = $_POST['subfolder'];
+if (isset($_POST['contain_subs'])) {
+ $contain_subs = $_POST['contain_subs'];
+}
+
+/* end of get globals */
+
$imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
-global $delimiter;
$folder_name = trim($folder_name);
* $mailbox - selected mailbox from the form
*/
+/* globals */
+$username = $_SESSION['username'];
+$key = $_COOKIE['key'];
+$delimiter = $_SESSION['delimiter'];
+$onetimepad = $_SESSION['onetimepad'];
+
+$mailbox = $_POST['mailbox'];
+
+/* end globals */
+
if ($mailbox == '') {
displayPageHeader($color, 'None');
echo "<html><body bgcolor=$color[4]>";
$imap_stream = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
$boxes = sqimap_mailbox_list ($imap_stream);
-global $delimiter, $delete_folder;
+global $delete_folder;
if (substr($mailbox, -1) == $delimiter)
$mailbox_no_dm = substr($mailbox, 0, strlen($mailbox) - 1);
require_once(SM_PATH . 'include/validate.php');
require_once(SM_PATH . 'functions/imap.php');
-global $delimiter, $base_uri;
+/* globals */
+$username = $_SESSION['username'];
+$key = $_COOKIE['key'];
+$delimiter = $_SESSION['delimiter'];
+$onetimepad = $_SESSION['onetimepad'];
+$base_uri = $_SESSION['base_uri'];
+
+$orig = $_POST['orig'];
+$old_name = $_POST['old_name'];
+$new_name = $_POST['new_name'];
+
+/* end globals */
$new_name = trim($new_name);
sqimap_logout($imapConnection);
}
-header ('Location: ' . $base_uri . 'src/folders.php');
+header ('Location: ' . $base_uri . 'src/folders.php?success=rename');
?>
* $Id$
*/
-global $delimiter;
-
/* Path for SquirrelMail required files. */
define('SM_PATH','../');
require_once(SM_PATH . 'functions/imap.php');
require_once(SM_PATH . 'functions/html.php');
+/* get globals we may need */
+
+$username = $_SESSION['username'];
+$key = $_COOKIE['key'];
+$delimiter = $_SESSION['delimiter'];
+$onetimepad = $_SESSION['onetimepad'];
+
+$old = $_POST['old'];
+
+/* end of get globals */
+
if ($old == '') {
displayPageHeader($color, 'None');
echo "<html><body bgcolor=$color[4]>";
require_once(SM_PATH . 'functions/imap.php');
require_once(SM_PATH . 'functions/display_messages.php');
+/* globals */
+$username = $_SESSION['username'];
+$key = $_COOKIE['key'];
+$onetimepad = $_SESSION['onetimepad'];
+
+$method = $_GET['method'];
+$mailbox = $_POST['mailbox'];
+
+/* end globals */
+
$imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
$location = get_location();
html_tag( 'tr' ) .
html_tag( 'td' );
-if (isset($HTTP_REFERER)) {
- $ref = strtolower($HTTP_REFERER);
+if (isset($_SERVER['HTTP_REFERER'])) {
+ $ref = strtolower($_SERVER['HTTP_REFERER']);
if (strpos($ref, 'src/compose')){
$context = 'compose';
} else if (strpos($ref, 'src/addr')){
}
echo '<a href="../src/help.php">' . _("Table of Contents") . '</a>';
if ($chapter >= count($helpdir)){
- echo ' | <font color="$color[9]">' . _("Next") . '</font>';
+ echo ' | <font color="' . $color[9] . '">' . _("Next") . '</font>';
} else {
echo ' | <a href="../src/help.php?chapter=' . ($chapter+1)
. '">' . _("Next") . '</a>';
/* -------------------- MAIN ------------------------ */
-global $delimiter, $default_folder_prefix, $left_size;
+$key = $_COOKIE['key'];
+$onetimepad = $_SESSION['onetimepad'];
+$username = $_SESSION['username'];
+$delimiter = $_SESSION['delimiter'];
+
+if (isset($_GET['fold'])) {
+ $fold = $_GET['fold'];
+}
+if (isset($_GET['unfold'])) {
+ $unfold = $_GET['unfold'];
+}
// open a connection on the imap port (143)
$imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 10); // the 10 is to hide the output
/* Let the world know that autocreation is complete! Hurrah! */
$auto_create_done = TRUE;
- session_register('auto_create_done');
+ sqsession_register($auto_create_done, 'auto_create_done');
}
echo "\n<BODY BGCOLOR=\"$color[3]\" TEXT=\"$color[6]\" LINK=\"$color[6]\" VLINK=\"$color[6]\" ALINK=\"$color[6]\">\n";
require_once(SM_PATH . 'functions/constants.php');
require_once(SM_PATH . 'functions/page_header.php');
require_once(SM_PATH . 'functions/html.php');
+require_once(SM_PATH . 'functions/global.php');
/*
* $squirrelmail_language is set by a cookie when the user selects
/* ---------------------------- main ---------------------------- */
+/* get the globals that we may need */
+if (isset($_GET['optpage'])) {
+ $optpage = $_GET['optpage'];
+}
+elseif (isset($_POST['optpage'])) {
+ $optpage = $_POST['optpage'];
+}
+if (isset($_POST['optmode'])) {
+ $optmode = $_POST['optmode'];
+}
+if (isset($_POST['optpage_data'])) {
+ $optpage_data = $_POST['optpage_data'];
+}
+$username = $_SESSION['username'];
+$key = $_COOKIE['key'];
+$onetimepad = $_SESSION['onetimepad'];
+$delimiter = $_SESSION['delimiter'];
+
+/* end of getting globals */
+
/* Make sure we have an Option Page set. Default to main. */
if ( !isset($optpage) || $optpage == '' ) {
$optpage = SMOPT_PAGE_MAIN;
/*** Second, load the option information for this page. ***/
/**********************************************************/
-if ( !is_file( $optpage_file ) ) {
+if ( !@is_file( $optpage_file ) ) {
$optpage = SMOPT_PAGE_MAIN;
} else if ($optpage != SMOPT_PAGE_MAIN ) {
/* Include the file for this optionpage. */
require_once(SM_PATH . 'functions/global.php');
// Remove slashes if PHP added them
+$REQUEST_METHOD = $_SERVER['REQUEST_METHOD'];
if (get_magic_quotes_gpc()) {
- global $REQUEST_METHOD;
-
if ($REQUEST_METHOD == 'POST') {
- global $HTTP_POST_VARS;
- RemoveSlashes($HTTP_POST_VARS);
+ RemoveSlashes($_POST);
} else if ($REQUEST_METHOD == 'GET') {
- global $HTTP_GET_VARS;
- RemoveSlashes($HTTP_GET_VARS);
+ RemoveSlashes($_GET);
}
}
session_unregister ('user_is_logged_in');
session_register ('base_uri');
-if (! isset($squirrelmail_language) ||
+/* get globals we me need */
+if (isset($_POST['login_username'])) {
+ $login_username = $_POST['login_username'];
+}
+if (!isset($_COOKIE['squirrelmail_language']) ||
$squirrelmail_language == '' ) {
$squirrelmail_language = $squirrelmail_default_language;
}
+else {
+ $squirrelmail_language = $_COOKIE['squirrelmail_language'];
+}
+if (isset($_POST['secretkey'])) {
+ $secretkey = $_POST['secretkey'];
+}
+if (isset($_POST['js_autodetect_results'])) {
+ $js_autodetect_results = $_POST['js_autodetect_results'];
+}
+/* end of get globals */
+
set_up_language($squirrelmail_language, true);
/* Refresh the language cookie. */
setcookie('squirrelmail_language', $squirrelmail_language, time()+2592000,
$onetimepad = OneTimePadCreate(strlen($secretkey));
$key = OneTimePadEncrypt($secretkey, $onetimepad);
- session_register('onetimepad');
+ sqsession_register($onetimepad, 'onetimepad');
/* remove redundant spaces */
$login_username = trim($login_username);
$delimiter = sqimap_get_delimiter ($imapConnection);
}
sqimap_logout($imapConnection);
- session_register('delimiter');
- global $username;
+ sqsession_register($delimiter, 'delimiter');
+
$username = $login_username;
- session_register ('username');
+ session_register ($username, 'username');
setcookie('key', $key, 0, $base_uri);
do_hook ('login_verified');
$just_logged_in = true;
/* And register with them with the session. */
-session_register ('user_is_logged_in');
-session_register ('just_logged_in');
+sqsession_register ($user_is_logged_in, 'user_is_logged_in');
+sqsession_register ($just_logged_in, 'just_logged_in');
/* parse the accepted content-types of the client */
$attachment_common_types = array();
$attachment_common_types_parsed = array();
-session_register('attachment_common_types');
-session_register('attachment_common_types_parsed');
+sqsession_register($attachment_common_types, 'attachment_common_types');
+sqsession_register($attachment_common_types_parsed, 'attachment_common_types_parsed');
$debug = false;
-if (isset($HTTP_SERVER_VARS['HTTP_ACCEPT']) &&
- !isset($attachment_common_types_parsed[$HTTP_SERVER_VARS['HTTP_ACCEPT']])) {
- attachment_common_parse($HTTP_SERVER_VARS['HTTP_ACCEPT'], $debug);
+
+if (isset($_SERVER['HTTP_ACCEPT']) &&
+ !isset($attachment_common_types_parsed[$_SERVER['HTTP_ACCEPT']])) {
+ attachment_common_parse($_SERVER['HTTP_ACCEPT'], $debug);
}
-if (isset($HTTP_ACCEPT) &&
- !isset($attachment_common_types_parsed[$HTTP_ACCEPT])) {
- attachment_common_parse($HTTP_ACCEPT, $debug);
+if (isset($_SERVER['HTTP_ACCEPT']) &&
+ !isset($attachment_common_types_parsed[$_SERVER['HTTP_ACCEPT']])) {
+ attachment_common_parse($_SERVER['HTTP_ACCEPT'], $debug);
}
/* Complete autodetection of Javascript. */
* $mailbox Full Mailbox name *
* *
* incoming from cookie: *
- * $username duh *
* $key pass *
+ * incoming from session: *
+ * $username duh *
+ * *
***********************************************************/
+
+/* lets get the global vars we may need */
+$username = $_SESSION['username'];
+$key = $_COOKIE['key'];
+$onetimepad = $_SESSION['onetimepad'];
+$base_uri = $_SESSION['base_uri'];
+$delimiter = $_SESSION['delimiter'];
+
+if (isset($_GET['startMessage'])) {
+ $startMessage = $_GET['startMessage'];
+}
+if (isset($_GET['mailbox'])) {
+ $mailbox = $_GET['mailbox'];
+}
+if (isset($_GET['PG_SHOWNUM'])) {
+ $PG_SHOWNUM = $_GET['PG_SHOWNUM'];
+}
+elseif (isset($_SESSION['PG_SHOWNUM'])) {
+ $PG_SHOWNUM = $_SESSION['PG_SHOWNUM'];
+}
+if (isset($_GET['PG_SHOWALL'])) {
+ $PG_SHOWALL = $_GET['PG_SHOWALL'];
+}
+if (isset($_GET['newsort'])) {
+ $newsort = $_GET['newsort'];
+}
+if (isset($_GET['checkall'])) {
+ $checkall = $_GET['checkall'];
+}
+if (isset($_GET['set_thread'])) {
+ $set_thread = $_GET['set_thread'];
+}
+if (isset($_SESSION['lastTargetMailbox'])) {
+ $lastTargetMailbox =$_SESSION['lastTargetMailbox'];
+}
+
+/* end of get globals */
+
+
/* Open a connection on the imap port (143) */
$imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
-global $PG_SHOWNUM;
if (isset($PG_SHOWALL)) {
if ($PG_SHOWALL) {
$PG_SHOWNUM=999999;
$show_num=$PG_SHOWNUM;
- session_register('PG_SHOWNUM');
+ sqsession_register($PG_SHOWNUM, 'PG_SHOWNUM');
}
else {
- session_unregister('PG_SHOWNUM');
+ sqsession_unregister('PG_SHOWNUM');
unset($PG_SHOWNUM);
}
}
}
/* decide if we are thread sorting or not */
-global $allow_thread_sort;
if ($allow_thread_sort == TRUE) {
if (isset($set_thread)) {
if ($set_thread == 1) {
$thread_sort_messages = 0;
}
-global $color;
-
-do_hook ("generic_header");
+do_hook ('generic_header');
sqimap_mailbox_select($imapConnection, $mailbox);
if (isset($composenew) && $composenew) {
- $comp_uri = "../src/compose.php?mailbox=". urlencode($mailbox).
+ $comp_uri = '../src/compose.php?mailbox='. urlencode($mailbox).
"&session=$composesession";
displayPageHeader($color, $mailbox, "comp_in_new('$comp_uri');", false);
} else {
echo html_tag( 'div', '<b>' . $note .'</b>', 'center' ) . "<br>\n";
}
-if ($just_logged_in == true) {
- $just_logged_in = false;
-
- if (strlen(trim($motd)) > 0) {
- echo html_tag( 'table',
- html_tag( 'tr',
- html_tag( 'td',
- html_tag( 'table',
- html_tag( 'tr',
- html_tag( 'td', $motd, 'center' )
- ) ,
- '', $color[4], 'width="100%" cellpadding="5" cellspacing="1" border="0"' )
- )
- ) ,
- 'center', $color[9], 'width="70%" cellpadding="0" cellspacing="3" border="0"' );
+if (isset($_SESSION['just_logged_in'])) {
+ $just_logged_in = $_SESSION['just_logged_in'];
+ if ($just_logged_in == true) {
+ $just_logged_in = false;
+
+ if (strlen(trim($motd)) > 0) {
+ echo html_tag( 'table',
+ html_tag( 'tr',
+ html_tag( 'td',
+ html_tag( 'table',
+ html_tag( 'tr',
+ html_tag( 'td', $motd, 'center' )
+ ) ,
+ '', $color[4], 'width="100%" cellpadding="5" cellspacing="1" border="0"' )
+ )
+ ) ,
+ 'center', $color[9], 'width="70%" cellpadding="0" cellspacing="3" border="0"' );
+ }
}
}
if (isset($newsort)) {
$sort = $newsort;
- session_register('sort');
+ sqsession_register($sort, 'sort');
}
/*********************************************************************
$use_mailbox_cache = 0;
}
-/* There is a problem with registered vars in 4.1 */
-/*
-if( substr( phpversion(), 0, 3 ) == '4.1' ) {
- $use_mailbox_cache = FALSE;
-}
-*/
-
if ($use_mailbox_cache && session_is_registered('msgs')) {
showMessagesForMailbox($imapConnection, $mailbox, $numMessages, $startMessage, $sort, $color, $show_num, $use_mailbox_cache);
} else {
$use_mailbox_cache);
if (session_is_registered('msgs') && isset($msgs)) {
- session_register('msgs');
+ sqsession_register($msgs, 'msgs');
$_SESSION['msgs'] = $msgs;
}
if (session_is_registered('msort') && isset($msort)) {
- session_register('msort');
+ sqsession_register($msort, 'msort');
$_SESSION['msort'] = $msort;
}
- session_register('numMessages');
+ sqsession_register($numMessages, 'numMessages');
$_SESSION['numMessages'] = $numMessages;
}
do_hook('right_main_bottom');
/* If a user hits reload on the last page, $base_uri isn't set
* because it was deleted with the session. */
-if (!isset($base_uri)) {
+if (!isset($_SESSION['base_uri'])) {
if (!function_exists('sqm_baseuri')){
require_once(SM_PATH . 'functions/display_messages.php');
}
$base_uri = sqm_baseuri();
+} else {
+ $base_uri = $_SESSION['base_uri'];
}
do_hook('logout');
require_once(SM_PATH . 'functions/plugin.php');
require_once(SM_PATH . 'functions/i18n.php');
require_once(SM_PATH . 'functions/auth.php');
+require_once(SM_PATH . 'functions/global.php');
if (!function_exists('sqm_baseuri')){
require_once(SM_PATH . 'functions/display_messages.php');
$base_uri = sqm_baseuri();
session_start();
+
+if (isset($_SESSION['username'])) {
+ $username = $_SESSION['username'];
+}
+if (isset($_SESSION['delimiter'])) {
+ $delimiter = $_SESSION['delimiter'];
+}
+if (isset($_SESSION['onetimepad'])) {
+ $onetimepad = $_SESSION['onetimepad'];
+}
+if (isset($_GET['right_frame'])) {
+ $right_frame = $_GET['right_frame'];
+}
+
is_logged_in();
do_hook('webmail_top');
projects / squirrelmail.git / commitdiff