[squirrelmail.git] / functions / global.php

<?php

/**
 * globals.php
 *
 * Copyright (c) 1999-2002 The SquirrelMail Project Team
 * Licensed under the GNU GPL. For full terms see the file COPYING.
 *
 * This includes code to update < 4.1.0 globals to the newer format 
 * It also has some session register functions that work across various
 * php versions. 
 *
 * $Id$
 */


/* convert old-style superglobals to current method
 * this is executed if you are running PHP 4.0.x.
 * it is run via a require_once directive in validate.php 
 * and redirect.php. Patch submitted by Ray Black.
 */ 

if ( (float)substr(PHP_VERSION,0,3) < 4.1 ) {
  global $_COOKIE, $_ENV, $_FILES, $_GET, $_POST, $_SERVER, $_SESSION;
  global $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_GET_VARS,
         $HTTP_POST_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS;
  $_COOKIE  =& $HTTP_COOKIE_VARS;
  $_ENV     =& $HTTP_ENV_VARS;
  $_FILES   =& $HTTP_POST_FILES;
  $_GET     =& $HTTP_GET_VARS;
  $_POST    =& $HTTP_POST_VARS;
  $_SERVER  =& $HTTP_SERVER_VARS;
  $_SESSION =& $HTTP_SESSION_VARS;
}

/* if running with magic_quotes_gpc then strip the slashes
   from POST and GET global arrays */

if (get_magic_quotes_gpc()) {
    sqstripslashes($_GET);
    sqstripslashes($_POST);
}

/* strip any tags added to the url from PHP_SELF.
   This fixes hand crafted url XXS expoits for any
   page that uses PHP_SELF as the FORM action */

strip_tags($_SERVER['PHP_SELF']);

function sqstripslashes(&$array) {
    foreach ($array as $index=>$value) {
        if (is_array($array["$index"])) {
            sqstripslashes($array["$index"]);
        }
        else {
            $array["$index"] = stripslashes($value);
        }
    }
}

function sqsession_register ($var, $name) {
    if ( (float)substr(PHP_VERSION,0,3) < 4.1 ) {
        global $HTTP_SESSION_VARS;
        $HTTP_SESSION_VARS["$name"] = $var;
    }
    else {
        $_SESSION["$name"] = $var; 
    }
}
function sqsession_unregister ($name) {
    if ( (float)substr(PHP_VERSION,0,3) < 4.1 ) {
        global $HTTP_SESSION_VARS;
        unset($HTTP_SESSION_VARS["$name"]);
    }
    else {
        unset($_SESSION["$name"]);
    }
}
function sqsession_is_registered ($name) {
    $test_name = &$name;
    $result = false;
    if ( (float)substr(PHP_VERSION,0,3) < 4.1 ) {
        global $HTTP_SESSION_VARS;
        if (isset($HTTP_SESSION_VARS[$test_name])) {
            $result = true;
        }
    }
    else {
        if (isset($_SESSION[$test_name])) {
            $result = true;
        }
    }
    return $result;
}


/**
 *  Search for the var $name in $_SESSION, $_POST, $_GET
 *  (in that order) and register it as a global var.
 */
function sqextractGlobalVar ($name) {
    if ( (float)substr(PHP_VERSION,0,3) < 4.1 ) {
        global $_SESSION, $_GET, $_POST;
    }
    global  $$name;
    if( isset($_SESSION[$name]) ) {
        $$name = $_SESSION[$name];
    }
    if( isset($_POST[$name]) ) {
        $$name = $_POST[$name];
    }
    else if ( isset($_GET[$name]) ) {
        $$name =  $_GET[$name];
    }
}

function sqsession_destroy() {
    global $base_uri;

    /* start session to be able to destroy it later */
    session_start();	

    if ( (float)substr(PHP_VERSION , 0 , 3) < 4.1) {
        global $HTTP_SESSION_VARS;
        $HTTP_SESSION_VARS = array();
    }
    else {		
        $_SESSION = array();
    }

    /*
     * now reset cookies to 5 seconds ago to delete from browser
     */

    @session_destroy();
    $cookie_params = session_get_cookie_params();	
    setcookie(session_name(), '', time() - 5, $cookie_params['path'], 
        $cookie_params['domain']);
    setcookie('username', '', time() - 5, $base_uri);
    setcookie('key', '', time() - 5 , $base_uri);
}

?>
Commit	Line	Data
61d9ec71	1	<?php
	2
	3	/**
	4	* globals.php
	5	*
	6	* Copyright (c) 1999-2002 The SquirrelMail Project Team
	7	* Licensed under the GNU GPL. For full terms see the file COPYING.
	8	*
	9	* This includes code to update < 4.1.0 globals to the newer format
242342d0	10	* It also has some session register functions that work across various
61d9ec71	11	* php versions.
61d9ec71	12	*
242342d0	13	* $Id$
61d9ec71	14	*/
	15
	16
	17	/* convert old-style superglobals to current method
	18	* this is executed if you are running PHP 4.0.x.
	19	* it is run via a require_once directive in validate.php
	20	* and redirect.php. Patch submitted by Ray Black.
	21	*/
	22
	23	if ( (float)substr(PHP_VERSION,0,3) < 4.1 ) {
	24	global $_COOKIE, $_ENV, $_FILES, $_GET, $_POST, $_SERVER, $_SESSION;
	25	global $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_GET_VARS,
	26	$HTTP_POST_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS;
	27	$_COOKIE =& $HTTP_COOKIE_VARS;
	28	$_ENV =& $HTTP_ENV_VARS;
	29	$_FILES =& $HTTP_POST_FILES;
	30	$_GET =& $HTTP_GET_VARS;
	31	$_POST =& $HTTP_POST_VARS;
	32	$_SERVER =& $HTTP_SERVER_VARS;
	33	$_SESSION =& $HTTP_SESSION_VARS;
	34	}
	35
180239ca	36	/* if running with magic_quotes_gpc then strip the slashes
a32985a5	37	from POST and GET global arrays */
	38
	39	if (get_magic_quotes_gpc()) {
180239ca	40	sqstripslashes($_GET);
180239ca	41	sqstripslashes($_POST);
a32985a5	42	}
	43
	44	/* strip any tags added to the url from PHP_SELF.
	45	This fixes hand crafted url XXS expoits for any
	46	page that uses PHP_SELF as the FORM action */
	47
	48	strip_tags($_SERVER['PHP_SELF']);
	49
	50	function sqstripslashes(&$array) {
	51	foreach ($array as $index=>$value) {
	52	if (is_array($array["$index"])) {
	53	sqstripslashes($array["$index"]);
	54	}
	55	else {
	56	$array["$index"] = stripslashes($value);
	57	}
	58	}
	59	}
	60
61d9ec71	61	function sqsession_register ($var, $name) {
d7c82551	62	if ( (float)substr(PHP_VERSION,0,3) < 4.1 ) {
61d9ec71	63	global $HTTP_SESSION_VARS;
	64	$HTTP_SESSION_VARS["$name"] = $var;
	65	}
	66	else {
d7c82551	67	$_SESSION["$name"] = $var;
61d9ec71	68	}
	69	}
	70	function sqsession_unregister ($name) {
d7c82551	71	if ( (float)substr(PHP_VERSION,0,3) < 4.1 ) {
d7c82551	72	global $HTTP_SESSION_VARS;
61d9ec71	73	unset($HTTP_SESSION_VARS["$name"]);
	74	}
	75	else {
d7c82551	76	unset($_SESSION["$name"]);
61d9ec71	77	}
61d9ec71	78	}
d7c82551	79	function sqsession_is_registered ($name) {
	80	$test_name = &$name;
	81	$result = false;
	82	if ( (float)substr(PHP_VERSION,0,3) < 4.1 ) {
	83	global $HTTP_SESSION_VARS;
	84	if (isset($HTTP_SESSION_VARS[$test_name])) {
	85	$result = true;
	86	}
	87	}
	88	else {
	89	if (isset($_SESSION[$test_name])) {
	90	$result = true;
	91	}
	92	}
	93	return $result;
	94	}
	95
61d9ec71	96
	97	/**
	98	* Search for the var $name in $_SESSION, $_POST, $_GET
	99	* (in that order) and register it as a global var.
	100	*/
	101	function sqextractGlobalVar ($name) {
a32985a5	102	if ( (float)substr(PHP_VERSION,0,3) < 4.1 ) {
	103	global $_SESSION, $_GET, $_POST;
	104	}
	105	global $$name;
61d9ec71	106	if( isset($_SESSION[$name]) ) {
	107	$$name = $_SESSION[$name];
	108	}
	109	if( isset($_POST[$name]) ) {
	110	$$name = $_POST[$name];
	111	}
	112	else if ( isset($_GET[$name]) ) {
	113	$$name = $_GET[$name];
	114	}
	115	}
513db22c	116
513db22c	117	function sqsession_destroy() {
242342d0	118	global $base_uri;
	119
	120	/* start session to be able to destroy it later */
	121	session_start();
	122
	123	if ( (float)substr(PHP_VERSION , 0 , 3) < 4.1) {
	124	global $HTTP_SESSION_VARS;
	125	$HTTP_SESSION_VARS = array();
	126	}
	127	else {
	128	$_SESSION = array();
	129	}
	130
	131	/*
	132	* now reset cookies to 5 seconds ago to delete from browser
	133	*/
	134
	135	@session_destroy();
	136	$cookie_params = session_get_cookie_params();
	137	setcookie(session_name(), '', time() - 5, $cookie_params['path'],
	138	$cookie_params['domain']);
	139	setcookie('username', '', time() - 5, $base_uri);
	140	setcookie('key', '', time() - 5 , $base_uri);
513db22c	141	}
513db22c	142
61d9ec71	143	?>