From 8a9f9d0964e91d21ffd490b105a011687d8c729f Mon Sep 17 00:00:00 2001 From: kink Date: Wed, 25 Sep 2002 16:53:30 +0000 Subject: [PATCH] rg=0 git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3729 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- plugins/squirrelspell/sqspell_config.php | 8 ++++++- plugins/squirrelspell/sqspell_functions.php | 26 +++++++++++++++++---- plugins/squirrelspell/sqspell_interface.php | 6 +++++ plugins/squirrelspell/sqspell_options.php | 8 ++++++- 4 files changed, 41 insertions(+), 7 deletions(-) diff --git a/plugins/squirrelspell/sqspell_config.php b/plugins/squirrelspell/sqspell_config.php index 2938a407..8d2fedce 100644 --- a/plugins/squirrelspell/sqspell_config.php +++ b/plugins/squirrelspell/sqspell_config.php @@ -13,7 +13,13 @@ require_once(SM_PATH . 'functions/prefs.php'); /* Just for poor wretched souls with E_ALL. :) */ -global $username, $data_dir; +global $data_dir; + +if ( (float)substr(PHP_VERSION,0,3) < 4.1 ) { + global $_SESSION; +} + +$username = $_SESSION['username']; /** * Example: diff --git a/plugins/squirrelspell/sqspell_functions.php b/plugins/squirrelspell/sqspell_functions.php index d73e0197..a3acfeb0 100644 --- a/plugins/squirrelspell/sqspell_functions.php +++ b/plugins/squirrelspell/sqspell_functions.php @@ -26,7 +26,18 @@ * @return void */ function sqspell_makePage($title, $scriptsrc, $body){ - global $color, $SQSPELL_VERSION, $MOD; + global $color, $SQSPELL_VERSION; + + if ( (float)substr(PHP_VERSION,0,3) < 4.1 ) { + global $_GET; + } + if (isset($_GET['MOD'])) { + $MOD = $_GET['MOD']; + } + else { + $MOD = 'options_main'; + } + displayPageHeader($color, 'None'); echo " 
\n"; /** @@ -331,9 +342,12 @@ function sqspell_getWords(){ * the user's old mailbox password. I admin, this is rather dirty, * but efficient. ;) */ - global $key, $onetimepad, $old_key; - if ($old_key) { - $clear_key=$old_key; + $key = $_COOKIE['key']; + $onetimepad = $_SESSION['onetimepad']; + $old_key = $_POST['old_key']; + + if ($old_key != '') { + $clear_key=$old_key; } else { /** * Get user's password (the key). @@ -443,7 +457,9 @@ function sqspell_writeWords($words){ * User wants to encrypt the file. So be it. * Get the user's password to use as a key. */ - global $key, $onetimepad; + $key = $_COOKIE['key']; + $onetimepad = $_SESSION['onetimepad']; + $clear_key=OneTimePadDecrypt($key, $onetimepad); /** * Try encrypting it. If fails, scream bloody hell. diff --git a/plugins/squirrelspell/sqspell_interface.php b/plugins/squirrelspell/sqspell_interface.php index 8f428040..2311efcd 100644 --- a/plugins/squirrelspell/sqspell_interface.php +++ b/plugins/squirrelspell/sqspell_interface.php @@ -42,6 +42,12 @@ require_once(SM_PATH . $SQSPELL_DIR . 'sqspell_functions.php'); * If $MOD is undefined, use "init", else check for security * breaches. */ +if(isset($_POST['MOD'])) { + $MOD = $_POST['MOD']; +} elseif (isset($_GET['MOD'])) { + $MOD = $_GET['MOD']; +} + if (!isset($MOD) || !$MOD){ $MOD='init'; } else { diff --git a/plugins/squirrelspell/sqspell_options.php b/plugins/squirrelspell/sqspell_options.php index 54a898f5..55c7fddc 100644 --- a/plugins/squirrelspell/sqspell_options.php +++ b/plugins/squirrelspell/sqspell_options.php @@ -38,7 +38,13 @@ require_once(SM_PATH . $SQSPELL_DIR . 'sqspell_functions.php'); * If $MOD is unspecified, assign "init" to it. Else check for * security breach attempts. */ -if (!isset($MOD) || !$MOD){ +if(isset($_POST['MOD'])) { + $MOD = $_POST['MOD']; +} elseif (isset($_GET['MOD'])) { + $MOD = $_GET['MOD']; +} + +if(!isset($MOD) || !$MOD) { $MOD = 'options_main'; } else { sqspell_ckMOD($MOD); -- 2.25.1