From 6a2a6e446a39418d90aa31b7e1b951888c9338c8 Mon Sep 17 00:00:00 2001 From: stekkel Date: Wed, 5 Apr 2006 18:49:44 +0000 Subject: [PATCH] the register globals check was deleting $base_uri from the global scope. Reordening init.php solved this. In the future we probably should use the constand SM_BASE_URI which doesn't suffer from weird global behaviour git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@11024 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- include/init.php | 85 ++++++++++++++++++++++++------------------------ 1 file changed, 43 insertions(+), 42 deletions(-) diff --git a/include/init.php b/include/init.php index 80a17c5c..93e87525 100644 --- a/include/init.php +++ b/include/init.php @@ -32,6 +32,45 @@ $SQM_INTERNAL_VERSION = array(1,5,2); error_reporting(E_ALL); +/** + * If register_globals are on, unregister globals. + * Code requires PHP 4.1.0 or newer. + */ +if ((bool) @ini_get('register_globals')) { + /** + * Remove all globals from $_GET, $_POST, and $_COOKIE. + */ + foreach ($_REQUEST as $key => $value) { + unset($GLOBALS[$key]); + } + /** + * Remove globalized $_FILES variables + * Before 4.3.0 $_FILES are included in $_REQUEST. + * Unglobalize them in separate call in order to remove dependency + * on PHP version. + */ + foreach ($_FILES as $key => $value) { + unset($GLOBALS[$key]); + // there are three undocumented $_FILES globals. + unset($GLOBALS[$key.'_type']); + unset($GLOBALS[$key.'_name']); + unset($GLOBALS[$key.'_size']); + } + /** + * Remove globalized environment variables. + */ + foreach ($_ENV as $key => $value) { + unset($GLOBALS[$key]); + } + /** + * Remove globalized server variables. + */ + foreach ($_SERVER as $key => $value) { + unset($GLOBALS[$key]); + } +} + + /** * calculate SM_PATH and calculate the base_uri * assumptions made: init.php is only called from plugins or from the src dir. @@ -53,10 +92,8 @@ for($i = count($a) -2;$i > -1; --$i) { $base_uri = implode('/',array_slice($a,0,$i)). '/'; - - define('SM_PATH',$sSM_PATH); - +define('SM_BASE_URI', $base_uri); /** * global var $bInit is used to check if initialisation took place. * At this moment it's a workarounf for the include of addrbook_search_html @@ -88,43 +125,6 @@ if (get_magic_quotes_gpc()) { sqstripslashes($_POST); } -/** - * If register_globals are on, unregister globals. - * Code requires PHP 4.1.0 or newer. - */ -if ((bool) @ini_get('register_globals')) { - /** - * Remove all globals from $_GET, $_POST, and $_COOKIE. - */ - foreach ($_REQUEST as $key => $value) { - unset($GLOBALS[$key]); - } - /** - * Remove globalized $_FILES variables - * Before 4.3.0 $_FILES are included in $_REQUEST. - * Unglobalize them in separate call in order to remove dependency - * on PHP version. - */ - foreach ($_FILES as $key => $value) { - unset($GLOBALS[$key]); - // there are three undocumented $_FILES globals. - unset($GLOBALS[$key.'_type']); - unset($GLOBALS[$key.'_name']); - unset($GLOBALS[$key.'_size']); - } - /** - * Remove globalized environment variables. - */ - foreach ($_ENV as $key => $value) { - unset($GLOBALS[$key]); - } - /** - * Remove globalized server variables. - */ - foreach ($_SERVER as $key => $value) { - unset($GLOBALS[$key]); - } -} /* strip any tags added to the url from PHP_SELF. This fixes hand crafted url XXS expoits for any @@ -150,8 +150,6 @@ ini_set('session.name' , $session_name); session_set_cookie_params (0, $base_uri); sqsession_is_active(); -sqsession_register($base_uri, 'base_uri'); - /** * Remove globalized session data in rg=on setups */ @@ -160,6 +158,9 @@ if ((bool) @ini_get('register_globals')) { unset($GLOBALS[$key]); } } + +sqsession_register($base_uri, SM_BASE_URI); + /** * Retrieve the language cookie */ -- 2.25.1