From: fidian Date: Sat, 3 Feb 2001 16:58:14 +0000 (+0000) Subject: * All incoming form values now have stripslashes() ran on them automatically X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=d51894be063bf2e1349762bc554358c62d368e36;p=squirrelmail.git * All incoming form values now have stripslashes() ran on them automatically (if PHP escaped them) if you include strings.php * Removed sqStripSlahes (no need anymore) * Completely fixed problem with some data needing escapes, some not, and some accidentally getting escaped twice (often in compose.php). To use: * Load strings.php at the beginning of your script * All form variables are accessable as globals (as usual), but are without the escape backslashes (if PHP put any in). git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@1050 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- diff --git a/functions/mime.php b/functions/mime.php index 2af69c78..0731f7ba 100644 --- a/functions/mime.php +++ b/functions/mime.php @@ -509,7 +509,7 @@ if (($body_message->header->type0 == "text") || ($body_message->header->type0 == "rfc822")) { - $body = mime_fetch_body ($imap_stream, $id, $ent_num); + $body = mime_fetch_body ($imap_stream, $id, $ent_num); $body = decodeBody($body, $body_message->header->encoding); // If there are other types that shouldn't be formatted, add diff --git a/functions/page_header.php b/functions/page_header.php index 28852d5d..0a9e40ba 100644 --- a/functions/page_header.php +++ b/functions/page_header.php @@ -62,7 +62,6 @@ /** Here is the header and wrapping table **/ $shortBoxName = readShortMailboxName($mailbox, "."); - $shortBoxName = sqStripSlashes($shortBoxName); echo "\n"; echo "\n"; echo " \n"; diff --git a/functions/smtp.php b/functions/smtp.php index a6057f78..7fe5e285 100644 --- a/functions/smtp.php +++ b/functions/smtp.php @@ -146,7 +146,7 @@ $bcc_list = getLineOfAddrs($bcc); /* Encoding 8-bit characters and making from line */ - $subject = sqStripSlashes(encodeHeader($subject)); + $subject = encodeHeader($subject); if ($from == '') $from = "<$from_addr>"; else @@ -247,7 +247,7 @@ $body .= "Content-Type: text/plain\r\n"; $body .= "Content-Transfer-Encoding: 8bit\r\n\r\n"; - $body .= sqStripSlashes($passedBody) . "\r\n\r\n"; + $body .= $passedBody . "\r\n\r\n"; fputs ($fp, $body); $attachmentlength = attachFiles($fp); @@ -256,7 +256,7 @@ $postbody .= "\r\n--".mimeBoundary()."--\r\n\r\n"; fputs ($fp, $postbody); } else { - $body = sqStripSlashes($passedBody) . "\r\n"; + $body = $passedBody . "\r\n"; fputs ($fp, $body); $postbody = "\r\n"; fputs ($fp, $postbody); diff --git a/functions/strings.php b/functions/strings.php index f9f25850..b089620b 100644 --- a/functions/strings.php +++ b/functions/strings.php @@ -3,6 +3,44 @@ /* $Id$ */ $strings_php = true; + + // Remove all slashes for form values + if (get_magic_quotes_gpc()) + { + global $REQUEST_METHOD; + if ($REQUEST_METHOD == "POST") + { + global $HTTP_POST_VARS; + RemoveSlashes($HTTP_POST_VARS); + } + elseif ($REQUEST_METHOD == "GET") + { + global $HTTP_GET_VARS; + RemoveSlashes($HTTP_GET_VARS); + } + } + + + function RemoveSlashes($array) + { + foreach ($array as $k => $v) + { + global $$k; + if (is_array($$k)) + { + foreach ($$k as $k2 => $v2) + { + $newArray[stripslashes($k2)] = stripslashes($v2); + } + $$k = $newArray; + } + else + { + $$k = stripslashes($v); + } + } + } + //************************************************************************* // Count the number of occurances of $needle are in $haystack. @@ -285,13 +323,6 @@ return $path; } - function sqStripSlashes($string) { - if (get_magic_quotes_gpc()) { - $string = stripslashes($string); - } - return $string; - } - // These functions are used to encrypt the passowrd before it is // stored in a cookie. diff --git a/src/addrbook_search_html.php b/src/addrbook_search_html.php index 2fee39e9..fae1d4f3 100644 --- a/src/addrbook_search_html.php +++ b/src/addrbook_search_html.php @@ -113,12 +113,6 @@ // Initialize addressbook $abook = addressbook_init(); - $body = sqStripSlashes($body); - $send_to = sqStripSlashes($send_to); - $send_to_cc = sqStripSlashes($send_to_cc); - $send_to_bcc = sqStripSlashes($send_to_bcc); - $subject = sqStripSlashes($subject); - ?>
diff --git a/src/compose.php b/src/compose.php index 302cab44..8495f7eb 100644 --- a/src/compose.php +++ b/src/compose.php @@ -14,7 +14,7 @@ ** ** $Id$ **/ - + session_start(); if (!isset($strings_php)) @@ -48,9 +48,9 @@ global $forward_id, $imapConnection, $msg, $ent_num, $body_ary, $body, $reply_id, $send_to, $send_to_cc, $mailbox, $send_to_bcc, $editor_size; - $send_to = sqStripSlashes(decodeHeader($send_to)); - $send_to_cc = sqStripSlashes(decodeHeader($send_to_cc)); - $send_to_bcc = sqStripSlashes(decodeHeader($send_to_bcc)); + $send_to = decodeHeader($send_to); + $send_to_cc = decodeHeader($send_to_cc); + $send_to_bcc = decodeHeader($send_to_bcc); if ($forward_id) $id = $forward_id; @@ -197,7 +197,7 @@ $send_to_bcc, $reply_id, $mailbox, $from_htmladdr_search, $location_of_buttons; - $subject = sqStripSlashes(decodeHeader($subject)); + $subject = decodeHeader($subject); $reply_subj = decodeHeader($reply_subj); $forward_subj = decodeHeader($forward_subj); @@ -253,7 +253,6 @@ echo "
\n"; if ($reply_subj) { $reply_subj = str_replace("\"", "'", $reply_subj); - $reply_subj = sqStripSlashes($reply_subj); $reply_subj = trim($reply_subj); if (substr(strtolower($reply_subj), 0, 3) != "re:") $reply_subj = "Re: $reply_subj"; @@ -261,7 +260,6 @@ htmlspecialchars($reply_subj)); } else if ($forward_subj) { $forward_subj = str_replace("\"", "'", $forward_subj); - $forward_subj = sqStripSlashes($forward_subj); $forward_subj = trim($forward_subj); if ((substr(strtolower($forward_subj), 0, 4) != "fwd:") && (substr(strtolower($forward_subj), 0, 5) != "[fwd:") && @@ -429,10 +427,6 @@ is_logged_in(); displayPageHeader($color, $mailbox); - $send_to = sqStripSlashes($send_to); - $send_to_cc = sqStripSlashes($send_to_cc); - $send_to_bcc = sqStripSlashes($send_to_bcc); - for ($i=0; $i < count($send_to_search); $i++) { if ($send_to) $send_to .= ", "; diff --git a/src/download.php b/src/download.php index a5b0382a..4a1b061d 100644 --- a/src/download.php +++ b/src/download.php @@ -117,9 +117,9 @@ header("Content-type: application/octet-stream; name=\"$filename\""); set_up_language(getPref($data_dir, $username, "language")); if ($type1 == "plain") { - echo _("Subject") . ": " . decodeHeader(sqStripSlashes($top_header->subject)) . "\n"; - echo " " . _("From") . ": " . decodeHeader(sqStripSlashes($top_header->from)) . "\n"; - echo " " . _("To") . ": " . decodeHeader(sqStripSlashes(getLineOfAddrs($top_header->to))) . "\n"; + echo _("Subject") . ": " . decodeHeader($top_header->subject) . "\n"; + echo " " . _("From") . ": " . decodeHeader($top_header->from) . "\n"; + echo " " . _("To") . ": " . decodeHeader(getLineOfAddrs($top_header->to)) . "\n"; echo " " . _("Date") . ": " . getLongDateString($top_header->date) . "\n\n"; } echo trim($body); diff --git a/src/folders_create.php b/src/folders_create.php index 2f4975b8..da146046 100644 --- a/src/folders_create.php +++ b/src/folders_create.php @@ -50,7 +50,7 @@ $subfolder_orig = $subfolder; } - if ((trim($subfolder_orig) == "[ None ]") || (trim(sqStripSlashes($subfolder_orig)) == "[ None ]")) { + if ((trim($subfolder_orig) == "[ None ]") || (trim($subfolder_orig) == "[ None ]")) { sqimap_mailbox_create ($imapConnection, $folder_prefix.$folder_name, ""); } else { sqimap_mailbox_create ($imapConnection, $subfolder.$dm.$folder_name, ""); diff --git a/src/folders_delete.php b/src/folders_delete.php index f2b245d6..d49be2d3 100644 --- a/src/folders_delete.php +++ b/src/folders_delete.php @@ -37,7 +37,6 @@ $imap_stream = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0); $boxes = sqimap_mailbox_list ($imap_stream); $dm = sqimap_get_delimiter($imap_stream); - $mailbox = sqStripSlashes($mailbox); if (substr($mailbox, -1) == $dm) $mailbox_no_dm = substr($mailbox, 0, strlen($mailbox) - 1); diff --git a/src/folders_rename_do.php b/src/folders_rename_do.php index 740a96da..7c8bb47b 100644 --- a/src/folders_rename_do.php +++ b/src/folders_rename_do.php @@ -44,9 +44,6 @@ else $newone = "$new_name"; - $orig = sqStripSlashes($orig); - $newone = sqStripSlashes($newone); - fputs ($imapConnection, ". RENAME \"$orig\" \"$newone\"\r\n"); $data = sqimap_read_data($imapConnection, ".", true, $a, $b); diff --git a/src/folders_rename_getname.php b/src/folders_rename_getname.php index 087391bc..ca143f9b 100644 --- a/src/folders_rename_getname.php +++ b/src/folders_rename_getname.php @@ -40,8 +40,6 @@ $old_parent = ""; } - $old_name = sqStripSlashes($old_name); - displayPageHeader($color, "None"); echo "
"; echo "
"; diff --git a/src/options.php b/src/options.php index 8b38ad2b..f37155fe 100644 --- a/src/options.php +++ b/src/options.php @@ -49,11 +49,11 @@ header->subject))); + $url_subj = urlencode(trim($message->header->subject)); $urlMailbox = urlencode($mailbox); $url_replyto = urlencode($message->header->replyto);