From a32985a59fe460e2bf5c2e9ea2dd6004d0f66b54 Mon Sep 17 00:00:00 2001 From: kink Date: Sat, 21 Sep 2002 14:57:32 +0000 Subject: [PATCH] Start some register_globals = off fixes: Login, logout, and folder manipulation are now possible with rg=0. More to come. git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3698 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- functions/global.php | 36 +++++++++++- src/empty_trash.php | 10 +++- src/folders.php | 12 ++++ src/folders_create.php | 15 ++++- src/folders_delete.php | 12 +++- src/folders_rename_do.php | 15 ++++- src/folders_rename_getname.php | 13 ++++- src/folders_subscribe.php | 10 ++++ src/help.php | 6 +- src/left_main.php | 14 ++++- src/login.php | 1 + src/options.php | 22 ++++++- src/redirect.php | 55 +++++++++++------- src/right_main.php | 103 ++++++++++++++++++++++----------- src/signout.php | 4 +- src/webmail.php | 15 +++++ 16 files changed, 270 insertions(+), 73 deletions(-) diff --git a/functions/global.php b/functions/global.php index 7aa68ede..699dec03 100644 --- a/functions/global.php +++ b/functions/global.php @@ -10,7 +10,7 @@ * It also has two session register functions that work across various * php versions. * - * $Id$ + * $Id $ */ @@ -33,6 +33,34 @@ if ( (float)substr(PHP_VERSION,0,3) < 4.1 ) { $_SESSION =& $HTTP_SESSION_VARS; } +/* if running with register_globals = 0 and + magic_quotes_gpc then strip the slashes + from POST and GET global arrays */ + +if (get_magic_quotes_gpc()) { + if (ini_get('register_globals') == 0) { + sqstripslashes($_GET); + sqstripslashes($_POST); + } +} + +/* strip any tags added to the url from PHP_SELF. + This fixes hand crafted url XXS expoits for any + page that uses PHP_SELF as the FORM action */ + +strip_tags($_SERVER['PHP_SELF']); + +function sqstripslashes(&$array) { + foreach ($array as $index=>$value) { + if (is_array($array["$index"])) { + sqstripslashes($array["$index"]); + } + else { + $array["$index"] = stripslashes($value); + } + } +} + function sqsession_register ($var, $name) { $rg = ini_get('register_globals'); if ( (float)substr(PHP_VERSION,0,3) < 4.1 && empty($rg)) { @@ -59,8 +87,10 @@ function sqsession_unregister ($name) { * (in that order) and register it as a global var. */ function sqextractGlobalVar ($name) { - global $_SESSION, $_GET, $_POST, $$name; - + if ( (float)substr(PHP_VERSION,0,3) < 4.1 ) { + global $_SESSION, $_GET, $_POST; + } + global $$name; if( isset($_SESSION[$name]) ) { $$name = $_SESSION[$name]; } diff --git a/src/empty_trash.php b/src/empty_trash.php index 5fefb858..368bea86 100644 --- a/src/empty_trash.php +++ b/src/empty_trash.php @@ -22,13 +22,21 @@ require_once(SM_PATH . 'functions/imap.php'); require_once(SM_PATH . 'functions/array.php'); require_once(SM_PATH . 'functions/tree.php'); +/* get those globals */ + +$key = $_COOKIE['key']; +$username = $_SESSION['username']; +$onetimepad = $_SESSION['onetimepad']; +$delimiter = $_SESSION['delimiter']; + +/* finished globals */ + $imap_stream = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0); sqimap_mailbox_list($imap_stream); $mailbox = $trash_folder; $boxes = sqimap_mailbox_list($imap_stream); -global $delimiter; /* * According to RFC2060, a DELETE command should NOT remove inferiors (sub folders) diff --git a/src/folders.php b/src/folders.php index 5137cd8f..73d49b5e 100644 --- a/src/folders.php +++ b/src/folders.php @@ -26,6 +26,18 @@ require_once(SM_PATH . 'functions/html.php'); displayPageHeader($color, 'None'); +/* get globals we may need */ + +$username = $_SESSION['username']; +$key = $_COOKIE['key']; +$delimiter = $_SESSION['delimiter']; +$onetimepad = $_SESSION['onetimepad']; +if (isset($_GET['success'])) { + $success = $_GET['success']; +} + +/* end of get globals */ + echo '
' . html_tag( 'table', '', 'center', $color[0], 'width="95%" cellpadding="1" cellspacing="0" border="0"' ) . html_tag( 'tr' ) . diff --git a/src/folders_create.php b/src/folders_create.php index 94a40dee..b847749c 100644 --- a/src/folders_create.php +++ b/src/folders_create.php @@ -20,8 +20,21 @@ require_once(SM_PATH . 'include/validate.php'); require_once(SM_PATH . 'functions/imap.php'); require_once(SM_PATH . 'functions/display_messages.php'); +/* get globals we may need */ + +$username = $_SESSION['username']; +$key = $_COOKIE['key']; +$delimiter = $_SESSION['delimiter']; +$onetimepad = $_SESSION['onetimepad']; +$folder_name = $_POST['folder_name']; +$subfolder = $_POST['subfolder']; +if (isset($_POST['contain_subs'])) { + $contain_subs = $_POST['contain_subs']; +} + +/* end of get globals */ + $imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0); -global $delimiter; $folder_name = trim($folder_name); diff --git a/src/folders_delete.php b/src/folders_delete.php index 42ecc12c..93022b07 100644 --- a/src/folders_delete.php +++ b/src/folders_delete.php @@ -27,6 +27,16 @@ require_once(SM_PATH . 'functions/display_messages.php'); * $mailbox - selected mailbox from the form */ +/* globals */ +$username = $_SESSION['username']; +$key = $_COOKIE['key']; +$delimiter = $_SESSION['delimiter']; +$onetimepad = $_SESSION['onetimepad']; + +$mailbox = $_POST['mailbox']; + +/* end globals */ + if ($mailbox == '') { displayPageHeader($color, 'None'); echo ""; @@ -37,7 +47,7 @@ if ($mailbox == '') { $imap_stream = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0); $boxes = sqimap_mailbox_list ($imap_stream); -global $delimiter, $delete_folder; +global $delete_folder; if (substr($mailbox, -1) == $delimiter) $mailbox_no_dm = substr($mailbox, 0, strlen($mailbox) - 1); diff --git a/src/folders_rename_do.php b/src/folders_rename_do.php index d3191419..8c596eaa 100644 --- a/src/folders_rename_do.php +++ b/src/folders_rename_do.php @@ -19,7 +19,18 @@ define('SM_PATH','../'); require_once(SM_PATH . 'include/validate.php'); require_once(SM_PATH . 'functions/imap.php'); -global $delimiter, $base_uri; +/* globals */ +$username = $_SESSION['username']; +$key = $_COOKIE['key']; +$delimiter = $_SESSION['delimiter']; +$onetimepad = $_SESSION['onetimepad']; +$base_uri = $_SESSION['base_uri']; + +$orig = $_POST['orig']; +$old_name = $_POST['old_name']; +$new_name = $_POST['new_name']; + +/* end globals */ $new_name = trim($new_name); @@ -51,5 +62,5 @@ if ($old_name <> $new_name) { sqimap_logout($imapConnection); } -header ('Location: ' . $base_uri . 'src/folders.php'); +header ('Location: ' . $base_uri . 'src/folders.php?success=rename'); ?> diff --git a/src/folders_rename_getname.php b/src/folders_rename_getname.php index f20f52b9..d1a66353 100644 --- a/src/folders_rename_getname.php +++ b/src/folders_rename_getname.php @@ -12,8 +12,6 @@ * $Id$ */ -global $delimiter; - /* Path for SquirrelMail required files. */ define('SM_PATH','../'); @@ -22,6 +20,17 @@ require_once(SM_PATH . 'include/validate.php'); require_once(SM_PATH . 'functions/imap.php'); require_once(SM_PATH . 'functions/html.php'); +/* get globals we may need */ + +$username = $_SESSION['username']; +$key = $_COOKIE['key']; +$delimiter = $_SESSION['delimiter']; +$onetimepad = $_SESSION['onetimepad']; + +$old = $_POST['old']; + +/* end of get globals */ + if ($old == '') { displayPageHeader($color, 'None'); echo ""; diff --git a/src/folders_subscribe.php b/src/folders_subscribe.php index 7448164a..d7487b51 100644 --- a/src/folders_subscribe.php +++ b/src/folders_subscribe.php @@ -20,6 +20,16 @@ require_once(SM_PATH . 'include/validate.php'); require_once(SM_PATH . 'functions/imap.php'); require_once(SM_PATH . 'functions/display_messages.php'); +/* globals */ +$username = $_SESSION['username']; +$key = $_COOKIE['key']; +$onetimepad = $_SESSION['onetimepad']; + +$method = $_GET['method']; +$mailbox = $_POST['mailbox']; + +/* end globals */ + $imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0); $location = get_location(); diff --git a/src/help.php b/src/help.php index 5b43efa6..99671fbe 100644 --- a/src/help.php +++ b/src/help.php @@ -102,8 +102,8 @@ echo html_tag( 'table', '', 'center', '', 'width="90%" cellpadding="0" cellspaci html_tag( 'tr' ) . html_tag( 'td' ); -if (isset($HTTP_REFERER)) { - $ref = strtolower($HTTP_REFERER); +if (isset($_SERVER['HTTP_REFERER'])) { + $ref = strtolower($_SERVER['HTTP_REFERER']); if (strpos($ref, 'src/compose')){ $context = 'compose'; } else if (strpos($ref, 'src/addr')){ @@ -199,7 +199,7 @@ if ($help_exists == true) { } echo '' . _("Table of Contents") . ''; if ($chapter >= count($helpdir)){ - echo ' | ' . _("Next") . ''; + echo ' | ' . _("Next") . ''; } else { echo ' | ' . _("Next") . ''; diff --git a/src/left_main.php b/src/left_main.php index 5f221795..881f1042 100644 --- a/src/left_main.php +++ b/src/left_main.php @@ -489,7 +489,17 @@ function ListAdvancedBoxes ($boxes, $mbx, $j='ID.0000' ) { /* -------------------- MAIN ------------------------ */ -global $delimiter, $default_folder_prefix, $left_size; +$key = $_COOKIE['key']; +$onetimepad = $_SESSION['onetimepad']; +$username = $_SESSION['username']; +$delimiter = $_SESSION['delimiter']; + +if (isset($_GET['fold'])) { + $fold = $_GET['fold']; +} +if (isset($_GET['unfold'])) { + $unfold = $_GET['unfold']; +} // open a connection on the imap port (143) $imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 10); // the 10 is to hide the output @@ -784,7 +794,7 @@ if ($auto_create_special && !isset($auto_create_done)) { /* Let the world know that autocreation is complete! Hurrah! */ $auto_create_done = TRUE; - session_register('auto_create_done'); + sqsession_register($auto_create_done, 'auto_create_done'); } echo "\n\n"; diff --git a/src/login.php b/src/login.php index d87f7497..6da41967 100644 --- a/src/login.php +++ b/src/login.php @@ -23,6 +23,7 @@ require_once(SM_PATH . 'functions/plugin.php'); require_once(SM_PATH . 'functions/constants.php'); require_once(SM_PATH . 'functions/page_header.php'); require_once(SM_PATH . 'functions/html.php'); +require_once(SM_PATH . 'functions/global.php'); /* * $squirrelmail_language is set by a cookie when the user selects diff --git a/src/options.php b/src/options.php index 068810e4..abf23cc9 100644 --- a/src/options.php +++ b/src/options.php @@ -115,6 +115,26 @@ function print_optionpages_row($leftopt, $rightopt = false) { /* ---------------------------- main ---------------------------- */ +/* get the globals that we may need */ +if (isset($_GET['optpage'])) { + $optpage = $_GET['optpage']; +} +elseif (isset($_POST['optpage'])) { + $optpage = $_POST['optpage']; +} +if (isset($_POST['optmode'])) { + $optmode = $_POST['optmode']; +} +if (isset($_POST['optpage_data'])) { + $optpage_data = $_POST['optpage_data']; +} +$username = $_SESSION['username']; +$key = $_COOKIE['key']; +$onetimepad = $_SESSION['onetimepad']; +$delimiter = $_SESSION['delimiter']; + +/* end of getting globals */ + /* Make sure we have an Option Page set. Default to main. */ if ( !isset($optpage) || $optpage == '' ) { $optpage = SMOPT_PAGE_MAIN; @@ -177,7 +197,7 @@ switch ($optpage) { /*** Second, load the option information for this page. ***/ /**********************************************************/ -if ( !is_file( $optpage_file ) ) { +if ( !@is_file( $optpage_file ) ) { $optpage = SMOPT_PAGE_MAIN; } else if ($optpage != SMOPT_PAGE_MAIN ) { /* Include the file for this optionpage. */ diff --git a/src/redirect.php b/src/redirect.php index eb23e0bf..1a1140a9 100644 --- a/src/redirect.php +++ b/src/redirect.php @@ -27,15 +27,12 @@ require_once(SM_PATH . 'functions/page_header.php'); require_once(SM_PATH . 'functions/global.php'); // Remove slashes if PHP added them +$REQUEST_METHOD = $_SERVER['REQUEST_METHOD']; if (get_magic_quotes_gpc()) { - global $REQUEST_METHOD; - if ($REQUEST_METHOD == 'POST') { - global $HTTP_POST_VARS; - RemoveSlashes($HTTP_POST_VARS); + RemoveSlashes($_POST); } else if ($REQUEST_METHOD == 'GET') { - global $HTTP_GET_VARS; - RemoveSlashes($HTTP_GET_VARS); + RemoveSlashes($_GET); } } @@ -55,10 +52,25 @@ session_start(); session_unregister ('user_is_logged_in'); session_register ('base_uri'); -if (! isset($squirrelmail_language) || +/* get globals we me need */ +if (isset($_POST['login_username'])) { + $login_username = $_POST['login_username']; +} +if (!isset($_COOKIE['squirrelmail_language']) || $squirrelmail_language == '' ) { $squirrelmail_language = $squirrelmail_default_language; } +else { + $squirrelmail_language = $_COOKIE['squirrelmail_language']; +} +if (isset($_POST['secretkey'])) { + $secretkey = $_POST['secretkey']; +} +if (isset($_POST['js_autodetect_results'])) { + $js_autodetect_results = $_POST['js_autodetect_results']; +} +/* end of get globals */ + set_up_language($squirrelmail_language, true); /* Refresh the language cookie. */ setcookie('squirrelmail_language', $squirrelmail_language, time()+2592000, @@ -75,7 +87,7 @@ if (!session_is_registered('user_is_logged_in')) { $onetimepad = OneTimePadCreate(strlen($secretkey)); $key = OneTimePadEncrypt($secretkey, $onetimepad); - session_register('onetimepad'); + sqsession_register($onetimepad, 'onetimepad'); /* remove redundant spaces */ $login_username = trim($login_username); @@ -99,10 +111,10 @@ if (!session_is_registered('user_is_logged_in')) { $delimiter = sqimap_get_delimiter ($imapConnection); } sqimap_logout($imapConnection); - session_register('delimiter'); - global $username; + sqsession_register($delimiter, 'delimiter'); + $username = $login_username; - session_register ('username'); + session_register ($username, 'username'); setcookie('key', $key, 0, $base_uri); do_hook ('login_verified'); @@ -113,23 +125,24 @@ $user_is_logged_in = true; $just_logged_in = true; /* And register with them with the session. */ -session_register ('user_is_logged_in'); -session_register ('just_logged_in'); +sqsession_register ($user_is_logged_in, 'user_is_logged_in'); +sqsession_register ($just_logged_in, 'just_logged_in'); /* parse the accepted content-types of the client */ $attachment_common_types = array(); $attachment_common_types_parsed = array(); -session_register('attachment_common_types'); -session_register('attachment_common_types_parsed'); +sqsession_register($attachment_common_types, 'attachment_common_types'); +sqsession_register($attachment_common_types_parsed, 'attachment_common_types_parsed'); $debug = false; -if (isset($HTTP_SERVER_VARS['HTTP_ACCEPT']) && - !isset($attachment_common_types_parsed[$HTTP_SERVER_VARS['HTTP_ACCEPT']])) { - attachment_common_parse($HTTP_SERVER_VARS['HTTP_ACCEPT'], $debug); + +if (isset($_SERVER['HTTP_ACCEPT']) && + !isset($attachment_common_types_parsed[$_SERVER['HTTP_ACCEPT']])) { + attachment_common_parse($_SERVER['HTTP_ACCEPT'], $debug); } -if (isset($HTTP_ACCEPT) && - !isset($attachment_common_types_parsed[$HTTP_ACCEPT])) { - attachment_common_parse($HTTP_ACCEPT, $debug); +if (isset($_SERVER['HTTP_ACCEPT']) && + !isset($attachment_common_types_parsed[$_SERVER['HTTP_ACCEPT']])) { + attachment_common_parse($_SERVER['HTTP_ACCEPT'], $debug); } /* Complete autodetection of Javascript. */ diff --git a/src/right_main.php b/src/right_main.php index c65a4c20..9e39d732 100644 --- a/src/right_main.php +++ b/src/right_main.php @@ -34,23 +34,63 @@ require_once(SM_PATH . 'functions/html.php'); * $mailbox Full Mailbox name * * * * incoming from cookie: * - * $username duh * * $key pass * + * incoming from session: * + * $username duh * + * * ***********************************************************/ + +/* lets get the global vars we may need */ +$username = $_SESSION['username']; +$key = $_COOKIE['key']; +$onetimepad = $_SESSION['onetimepad']; +$base_uri = $_SESSION['base_uri']; +$delimiter = $_SESSION['delimiter']; + +if (isset($_GET['startMessage'])) { + $startMessage = $_GET['startMessage']; +} +if (isset($_GET['mailbox'])) { + $mailbox = $_GET['mailbox']; +} +if (isset($_GET['PG_SHOWNUM'])) { + $PG_SHOWNUM = $_GET['PG_SHOWNUM']; +} +elseif (isset($_SESSION['PG_SHOWNUM'])) { + $PG_SHOWNUM = $_SESSION['PG_SHOWNUM']; +} +if (isset($_GET['PG_SHOWALL'])) { + $PG_SHOWALL = $_GET['PG_SHOWALL']; +} +if (isset($_GET['newsort'])) { + $newsort = $_GET['newsort']; +} +if (isset($_GET['checkall'])) { + $checkall = $_GET['checkall']; +} +if (isset($_GET['set_thread'])) { + $set_thread = $_GET['set_thread']; +} +if (isset($_SESSION['lastTargetMailbox'])) { + $lastTargetMailbox =$_SESSION['lastTargetMailbox']; +} + +/* end of get globals */ + + /* Open a connection on the imap port (143) */ $imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0); -global $PG_SHOWNUM; if (isset($PG_SHOWALL)) { if ($PG_SHOWALL) { $PG_SHOWNUM=999999; $show_num=$PG_SHOWNUM; - session_register('PG_SHOWNUM'); + sqsession_register($PG_SHOWNUM, 'PG_SHOWNUM'); } else { - session_unregister('PG_SHOWNUM'); + sqsession_unregister('PG_SHOWNUM'); unset($PG_SHOWNUM); } } @@ -83,7 +123,6 @@ if ($imap_server_type == 'uw' && (strstr($mailbox, '../') || } /* decide if we are thread sorting or not */ -global $allow_thread_sort; if ($allow_thread_sort == TRUE) { if (isset($set_thread)) { if ($set_thread == 1) { @@ -103,14 +142,12 @@ else { $thread_sort_messages = 0; } -global $color; - -do_hook ("generic_header"); +do_hook ('generic_header'); sqimap_mailbox_select($imapConnection, $mailbox); if (isset($composenew) && $composenew) { - $comp_uri = "../src/compose.php?mailbox=". urlencode($mailbox). + $comp_uri = '../src/compose.php?mailbox='. urlencode($mailbox). "&session=$composesession"; displayPageHeader($color, $mailbox, "comp_in_new('$comp_uri');", false); } else { @@ -121,27 +158,30 @@ if (isset($note)) { echo html_tag( 'div', '' . $note .'', 'center' ) . "
\n"; } -if ($just_logged_in == true) { - $just_logged_in = false; - - if (strlen(trim($motd)) > 0) { - echo html_tag( 'table', - html_tag( 'tr', - html_tag( 'td', - html_tag( 'table', - html_tag( 'tr', - html_tag( 'td', $motd, 'center' ) - ) , - '', $color[4], 'width="100%" cellpadding="5" cellspacing="1" border="0"' ) - ) - ) , - 'center', $color[9], 'width="70%" cellpadding="0" cellspacing="3" border="0"' ); +if (isset($_SESSION['just_logged_in'])) { + $just_logged_in = $_SESSION['just_logged_in']; + if ($just_logged_in == true) { + $just_logged_in = false; + + if (strlen(trim($motd)) > 0) { + echo html_tag( 'table', + html_tag( 'tr', + html_tag( 'td', + html_tag( 'table', + html_tag( 'tr', + html_tag( 'td', $motd, 'center' ) + ) , + '', $color[4], 'width="100%" cellpadding="5" cellspacing="1" border="0"' ) + ) + ) , + 'center', $color[9], 'width="70%" cellpadding="0" cellspacing="3" border="0"' ); + } } } if (isset($newsort)) { $sort = $newsort; - session_register('sort'); + sqsession_register($sort, 'sort'); } /********************************************************************* @@ -154,13 +194,6 @@ if (! isset($use_mailbox_cache)) { $use_mailbox_cache = 0; } -/* There is a problem with registered vars in 4.1 */ -/* -if( substr( phpversion(), 0, 3 ) == '4.1' ) { - $use_mailbox_cache = FALSE; -} -*/ - if ($use_mailbox_cache && session_is_registered('msgs')) { showMessagesForMailbox($imapConnection, $mailbox, $numMessages, $startMessage, $sort, $color, $show_num, $use_mailbox_cache); } else { @@ -183,16 +216,16 @@ if ($use_mailbox_cache && session_is_registered('msgs')) { $use_mailbox_cache); if (session_is_registered('msgs') && isset($msgs)) { - session_register('msgs'); + sqsession_register($msgs, 'msgs'); $_SESSION['msgs'] = $msgs; } if (session_is_registered('msort') && isset($msort)) { - session_register('msort'); + sqsession_register($msort, 'msort'); $_SESSION['msort'] = $msort; } - session_register('numMessages'); + sqsession_register($numMessages, 'numMessages'); $_SESSION['numMessages'] = $numMessages; } do_hook('right_main_bottom'); diff --git a/src/signout.php b/src/signout.php index ef307e9e..ce7eda8e 100644 --- a/src/signout.php +++ b/src/signout.php @@ -39,11 +39,13 @@ if (!isset($frame_top)) { /* If a user hits reload on the last page, $base_uri isn't set * because it was deleted with the session. */ -if (!isset($base_uri)) { +if (!isset($_SESSION['base_uri'])) { if (!function_exists('sqm_baseuri')){ require_once(SM_PATH . 'functions/display_messages.php'); } $base_uri = sqm_baseuri(); +} else { + $base_uri = $_SESSION['base_uri']; } do_hook('logout'); diff --git a/src/webmail.php b/src/webmail.php index dda16fca..c02846cb 100644 --- a/src/webmail.php +++ b/src/webmail.php @@ -24,6 +24,7 @@ require_once(SM_PATH . 'functions/imap.php'); require_once(SM_PATH . 'functions/plugin.php'); require_once(SM_PATH . 'functions/i18n.php'); require_once(SM_PATH . 'functions/auth.php'); +require_once(SM_PATH . 'functions/global.php'); if (!function_exists('sqm_baseuri')){ require_once(SM_PATH . 'functions/display_messages.php'); @@ -31,6 +32,20 @@ if (!function_exists('sqm_baseuri')){ $base_uri = sqm_baseuri(); session_start(); + +if (isset($_SESSION['username'])) { + $username = $_SESSION['username']; +} +if (isset($_SESSION['delimiter'])) { + $delimiter = $_SESSION['delimiter']; +} +if (isset($_SESSION['onetimepad'])) { + $onetimepad = $_SESSION['onetimepad']; +} +if (isset($_GET['right_frame'])) { + $right_frame = $_GET['right_frame']; +} + is_logged_in(); do_hook('webmail_top'); -- 2.25.1