From 4cd8ae7de26f2915a4c98aa45fa528f543b4296a Mon Sep 17 00:00:00 2001 From: ebullient Date: Sat, 4 Jan 2003 01:12:14 +0000 Subject: [PATCH] Added new function: sqgetGlobalVar($name, $value [, location] ); This function looks for a variable named $name. If found, it sets the value into $value (in signature, is &$value) and returns true. If the variable is not found, the function returns false. The optional constant allows you to pick which location to check for the variable in. If none is specified, it will check, in this order, $_SESSION, $_POST, $_GET. These are defined constants for use with this function: SQ_INORDER - same as specifying nothing, check all three. SQ_SESSION SQ_POST SQ_GET It is recommended that plugins, all functions use this instead of directly accessing $_SESSION/$_POST/$_GET arrays, as we have already taken care of scope (global, etc). The Administration plugin has been updated to use this function, as an example. This is an alternative to sqextractGlobalVar($name), which looks for a var named $name in the SESSION/GET/POST arrays, and creates a global variable if defined. git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@4368 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- functions/global.php | 52 +++++++++++++++++++++++++++++++ plugins/administrator/auth.php | 6 +++- plugins/administrator/options.php | 44 +++++++++++++------------- 3 files changed, 78 insertions(+), 24 deletions(-) diff --git a/functions/global.php b/functions/global.php index be7cc55c..ef63d5a9 100644 --- a/functions/global.php +++ b/functions/global.php @@ -158,6 +158,58 @@ function sqsession_is_registered ($name) { } +define('SQ_INORDER',0); +define('SQ_GET',1); +define('SQ_POST',2); +define('SQ_SESSION',3); + +/** + * Search for the var $name in $_SESSION, $_POST, $_GET + * and set it in provided var. + * If $search is not provided, or == SQ_INORDER, it will search + * $_SESSION, then $_POST, then $_GET. Otherwise, + * use one of the defined constants to look for + * a var in one place specifically. + * Returns FALSE if variable is not found. + * Returns TRUE if it is. + */ +function sqgetGlobalVar($name, &$value, $search = SQ_INORDER) { + if ( !check_php_version(4,1) ) { + global $_SESSION, $_GET, $_POST; + } + + switch ($search) { + /* we want the default case to be first here, + so that if a valid value isn't specified, + all three arrays will be searched. */ + default: + case SQ_INORDER: + case SQ_SESSION: + if( isset($_SESSION[$name]) ) { + $value = $_SESSION[$name]; + return TRUE; + } elseif ( $search == SQ_SESSION ) { + break; + } + case SQ_POST: + if( isset($_POST[$name]) ) { + $value = $_POST[$name]; + return TRUE; + } elseif ( $search == SQ_POST ) { + break; + } + case SQ_GET: + if ( isset($_GET[$name]) ) { + $value = $_GET[$name]; + return TRUE; + } elseif ( $search == SQ_GET ) { + break; + } + } + return FALSE; +} + + /** * Search for the var $name in $_SESSION, $_POST, $_GET * (in that order) and register it as a global var. diff --git a/plugins/administrator/auth.php b/plugins/administrator/auth.php index 58350fa9..f04aa69f 100644 --- a/plugins/administrator/auth.php +++ b/plugins/administrator/auth.php @@ -11,8 +11,12 @@ function adm_check_user() { global $PHP_SELF; + require_once(SM_PATH . 'functions/global.php'); - $username = ( !isset($_SESSION['username']) ? '' : $_SESSION['username'] ); + if ( !sqgetGlobalVar('username',$username,SQ_SESSION) ) { + $username = ''; + } + /* This needs to be first, for all non_options pages */ if (strpos('options.php', $PHP_SELF)) { $auth = FALSE; diff --git a/plugins/administrator/options.php b/plugins/administrator/options.php index cf9cb62a..cceb0b20 100644 --- a/plugins/administrator/options.php +++ b/plugins/administrator/options.php @@ -234,8 +234,8 @@ $colapse = array( 'Titles' => 'off', 'Group7' => getPref($data_dir, $username, 'adm_Group7', 'on' ), 'Group8' => getPref($data_dir, $username, 'adm_Group8', 'on' ) ); -if ( isset( $_GET['switch'] ) ) { - $switch = $_GET['switch']; +/* look in $_GET array for 'switch' */ +if ( sqgetGlobalVar('switch', $switch, SQ_GET) ) { if ( $colapse[$switch] == 'on' ) { $colapse[$switch] = 'off'; } else { @@ -331,8 +331,9 @@ foreach ( $newcfg as $k => $v ) { echo "\n"; break; case SMOPT_TYPE_INTEGER: - if ( isset( $HTTP_POST_VARS[$e] ) ) { - $v = intval( $HTTP_POST_VARS[$e] ); + /* look for variable $e in POST, fill into $v */ + if ( sqgetGlobalVar($e, $v, SQ_POST) ) { + $v = intval( $v ); $newcfg[$k] = $v; } echo "$name". @@ -343,8 +344,7 @@ foreach ( $newcfg as $k => $v ) { echo "\n"; break; case SMOPT_TYPE_NUMLIST: - if ( isset( $HTTP_POST_VARS[$e] ) ) { - $v = $HTTP_POST_VARS[$e]; + if ( sqgetGlobalVar($e, $v, SQ_POST) ) { $newcfg[$k] = $v; } echo "$name"; @@ -363,8 +363,8 @@ foreach ( $newcfg as $k => $v ) { echo "\n"; break; case SMOPT_TYPE_STRLIST: - if ( isset( $HTTP_POST_VARS[$e] ) ) { - $v = '"' . $HTTP_POST_VARS[$e] . '"'; + if ( sqgetGlobalVar($e, $v, SQ_POST) ) { + $v = '"' . $v . '"'; $newcfg[$k] = $v; } echo "$name". @@ -384,8 +384,8 @@ foreach ( $newcfg as $k => $v ) { break; case SMOPT_TYPE_TEXTAREA: - if ( isset( $HTTP_POST_VARS[$e] ) ) { - $v = '"' . $HTTP_POST_VARS[$e] . '"'; + if ( sqgetGlobalVar($e, $v, SQ_POST) ) { + $v = '"' . $v . '"'; $newcfg[$k] = str_replace( "\n", '', $v ); } echo "$name". @@ -396,8 +396,8 @@ foreach ( $newcfg as $k => $v ) { echo "\n"; break; case SMOPT_TYPE_STRING: - if ( isset( $HTTP_POST_VARS[$e] ) ) { - $v = '"' . $HTTP_POST_VARS[$e] . '"'; + if ( sqgetGlobalVar($e, $v, SQ_POST) ) { + $v = '"' . $v . '"'; $newcfg[$k] = $v; } if ( $v == '""' && isset( $defcfg[$k]['default'] ) ) { @@ -412,8 +412,7 @@ foreach ( $newcfg as $k => $v ) { echo "\n"; break; case SMOPT_TYPE_BOOLEAN: - if ( isset( $HTTP_POST_VARS[$e] ) ) { - $v = $HTTP_POST_VARS[$e]; + if ( sqgetGlobalVar($e, $v, SQ_POST) ) { $newcfg[$k] = $v; } else { $v = strtoupper( $v ); @@ -434,8 +433,8 @@ foreach ( $newcfg as $k => $v ) { echo "\n"; break; case SMOPT_TYPE_PATH: - if ( isset( $HTTP_POST_VARS[$e] ) ) { - $v = change_to_sm_path($HTTP_POST_VARS[$e]); + if ( sqgetGlobalVar($e, $v, SQ_POST) ) { + $v = change_to_sm_path($v); $newcfg[$k] = $v; } if ( $v == "''" && isset( $defcfg[$k]['default'] ) ) { @@ -469,8 +468,8 @@ if ( $colapse['Group7'] == 'off' ) { while ( isset( $newcfg["\$theme[$i]['NAME']"] ) ) { $k1 = "\$theme[$i]['NAME']"; $e1 = "theme_name_$i"; - if ( isset( $HTTP_POST_VARS[$e1] ) ) { - $v1 = '"' . str_replace( '\"', '"', $HTTP_POST_VARS[$e1] ) . '"'; + if ( sqgetGlobalVar($e, $v1, SQ_POST) ) { + $v1 = '"' . str_replace( '\"', '"', $v1 ) . '"'; $v1 = '"' . str_replace( '"', '\"', $v1 ) . '"'; $newcfg[$k1] = $v1; } else { @@ -478,8 +477,8 @@ if ( $colapse['Group7'] == 'off' ) { } $k2 = "\$theme[$i]['PATH']"; $e2 = "theme_path_$i"; - if ( isset( $HTTP_POST_VARS[$e2] ) ) { - $v2 = change_to_sm_path($HTTP_POST_VARS[$e2]); + if ( sqgetGlobalVar($e, $v2, SQ_POST) ) { + $v2 = change_to_sm_path($v2); $newcfg[$k2] = $v2; } else { $v2 = $newcfg[$k2]; @@ -523,10 +522,9 @@ if( $colapse['Group8'] == 'off' ) { /* Lets get the plugins that are active */ $plugins = array(); - if ( isset( $HTTP_POST_VARS['plg'] ) ) { + if ( sqgetGlobalVar('plg', $v, SQ_POST) ) { foreach ( $op_plugin as $plg ) { - if ( isset( $HTTP_POST_VARS["plgs_$plg"] ) && - $HTTP_POST_VARS["plgs_$plg"] == 'on' ) { + if ( sqgetGlobalVar("plgs_$plg", $v, SQ_POST) && $v == 'on' ) { $plugins[] = $plg; } } -- 2.25.1