Sync'ing global.php with stable to fix multi-session merges, and also
[squirrelmail.git] / functions / global.php
CommitLineData
61d9ec71 1<?php
2
3/**
4 * globals.php
5 *
6 * Copyright (c) 1999-2002 The SquirrelMail Project Team
7 * Licensed under the GNU GPL. For full terms see the file COPYING.
8 *
9 * This includes code to update < 4.1.0 globals to the newer format
242342d0 10 * It also has some session register functions that work across various
61d9ec71 11 * php versions.
12 *
242342d0 13 * $Id$
61d9ec71 14 */
15
388c855c 16/* If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
17 * Force magic_quotes_runtime off.
18 * chilts@birdbrained.org - I put it here in the hopes that all SM code includes this.
19 * If there's a better place, please let me know.
20 */
5f660901 21ini_set('magic_quotes_runtime','0');
61d9ec71 22
23/* convert old-style superglobals to current method
24 * this is executed if you are running PHP 4.0.x.
25 * it is run via a require_once directive in validate.php
26 * and redirect.php. Patch submitted by Ray Black.
27 */
28
9697c5ab 29if ( !check_php_version(4,1) ) {
61d9ec71 30 global $_COOKIE, $_ENV, $_FILES, $_GET, $_POST, $_SERVER, $_SESSION;
31 global $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_GET_VARS,
32 $HTTP_POST_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS;
33 $_COOKIE =& $HTTP_COOKIE_VARS;
34 $_ENV =& $HTTP_ENV_VARS;
35 $_FILES =& $HTTP_POST_FILES;
36 $_GET =& $HTTP_GET_VARS;
37 $_POST =& $HTTP_POST_VARS;
38 $_SERVER =& $HTTP_SERVER_VARS;
39 $_SESSION =& $HTTP_SESSION_VARS;
40}
41
180239ca 42/* if running with magic_quotes_gpc then strip the slashes
a32985a5 43 from POST and GET global arrays */
44
45if (get_magic_quotes_gpc()) {
180239ca 46 sqstripslashes($_GET);
47 sqstripslashes($_POST);
a32985a5 48}
49
50/* strip any tags added to the url from PHP_SELF.
51 This fixes hand crafted url XXS expoits for any
52 page that uses PHP_SELF as the FORM action */
53
388c855c 54$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
a32985a5 55
9697c5ab 56/* returns true if current php version is at mimimum a.b.c */
57function check_php_version ($a = '0', $b = '0', $c = '0')
58{
3aa17cf9 59 global $SQ_PHP_VERSION;
9697c5ab 60
3aa17cf9 61 if(!isset($SQ_PHP_VERSION))
5123154f 62 $SQ_PHP_VERSION = substr( str_pad( preg_replace('/\D/','', PHP_VERSION), 3, '0'), 0, 3);
9697c5ab 63
3aa17cf9 64 return $SQ_PHP_VERSION >= ($a.$b.$c);
9697c5ab 65}
66
3aa17cf9 67/* recursively strip slashes from the values of an array */
a32985a5 68function sqstripslashes(&$array) {
3aa17cf9 69 if(count($array) > 0) {
70 foreach ($array as $index=>$value) {
71 if (is_array($array[$index])) {
72 sqstripslashes($array[$index]);
73 }
74 else {
75 $array[$index] = stripslashes($value);
76 }
a32985a5 77 }
78 }
79}
80
61d9ec71 81function sqsession_register ($var, $name) {
281c3d5b 82
83 sqsession_is_active();
84
9697c5ab 85 if ( !check_php_version(4,1) ) {
61d9ec71 86 global $HTTP_SESSION_VARS;
9697c5ab 87 $HTTP_SESSION_VARS[$name] = $var;
61d9ec71 88 }
89 else {
d7c82551 90 $_SESSION["$name"] = $var;
61d9ec71 91 }
3658a999 92 session_register("$name");
61d9ec71 93}
3aa17cf9 94
61d9ec71 95function sqsession_unregister ($name) {
281c3d5b 96
97 sqsession_is_active();
98
9697c5ab 99 if ( !check_php_version(4,1) ) {
d7c82551 100 global $HTTP_SESSION_VARS;
9697c5ab 101 unset($HTTP_SESSION_VARS[$name]);
61d9ec71 102 }
103 else {
9697c5ab 104 unset($_SESSION[$name]);
61d9ec71 105 }
3658a999 106 session_unregister("$name");
61d9ec71 107}
3aa17cf9 108
d7c82551 109function sqsession_is_registered ($name) {
110 $test_name = &$name;
111 $result = false;
9697c5ab 112 if ( !check_php_version(4,1) ) {
d7c82551 113 global $HTTP_SESSION_VARS;
114 if (isset($HTTP_SESSION_VARS[$test_name])) {
115 $result = true;
116 }
117 }
118 else {
119 if (isset($_SESSION[$test_name])) {
120 $result = true;
121 }
122 }
123 return $result;
124}
125
61d9ec71 126
127/**
128 * Search for the var $name in $_SESSION, $_POST, $_GET
129 * (in that order) and register it as a global var.
130 */
131function sqextractGlobalVar ($name) {
9697c5ab 132 if ( !check_php_version(4,1) ) {
a32985a5 133 global $_SESSION, $_GET, $_POST;
134 }
135 global $$name;
61d9ec71 136 if( isset($_SESSION[$name]) ) {
137 $$name = $_SESSION[$name];
138 }
139 if( isset($_POST[$name]) ) {
140 $$name = $_POST[$name];
141 }
142 else if ( isset($_GET[$name]) ) {
143 $$name = $_GET[$name];
144 }
145}
513db22c 146
147function sqsession_destroy() {
242342d0 148
281c3d5b 149 /*
150 * php.net says we can kill the cookie by setting just the name:
151 * http://www.php.net/manual/en/function.setcookie.php
152 * maybe this will help fix the session merging again.
153 *
154 * Changed the theory on this to kill the cookies first starting
155 * a new session will provide a new session for all instances of
156 * the browser, we don't want that, as that is what is causing the
157 * merging of sessions.
158 */
242342d0 159
281c3d5b 160 setcookie(session_name());
161 setcookie('username');
162 setcookie('key');
163
164 $sessid = session_id();
165 if (!empty( $sessid )) {
166 if ( !check_php_version(4,1) ) {
167 global $HTTP_SESSION_VARS;
168 $HTTP_SESSION_VARS = array();
169 } else {
170 $_SESSION = array();
171 }
172 @session_destroy;
242342d0 173 }
174
281c3d5b 175}
242342d0 176
281c3d5b 177/*
178 * Function to verify a session has been started. If it hasn't
179 * start a session up. php.net doesn't tell you that $_SESSION
180 * (even though autoglobal), is not created unless a session is
181 * started, unlike $_POST, $_GET and such
182 */
183
184function sqsession_is_active() {
185
186 $sessid = session_id();
187 if ( empty( $sessid ) ) {
188 session_start();
189 }
513db22c 190}
191
281c3d5b 192
61d9ec71 193?>