merge from stable: sqsession_destroy
[squirrelmail.git] / functions / global.php
CommitLineData
61d9ec71 1<?php
2
3/**
4 * globals.php
5 *
6 * Copyright (c) 1999-2002 The SquirrelMail Project Team
7 * Licensed under the GNU GPL. For full terms see the file COPYING.
8 *
9 * This includes code to update < 4.1.0 globals to the newer format
10 * It also has two session register functions that work across various
11 * php versions.
12 *
a32985a5 13 * $Id $
61d9ec71 14 */
15
16
17/* convert old-style superglobals to current method
18 * this is executed if you are running PHP 4.0.x.
19 * it is run via a require_once directive in validate.php
20 * and redirect.php. Patch submitted by Ray Black.
21 */
22
23if ( (float)substr(PHP_VERSION,0,3) < 4.1 ) {
24 global $_COOKIE, $_ENV, $_FILES, $_GET, $_POST, $_SERVER, $_SESSION;
25 global $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_GET_VARS,
26 $HTTP_POST_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS;
27 $_COOKIE =& $HTTP_COOKIE_VARS;
28 $_ENV =& $HTTP_ENV_VARS;
29 $_FILES =& $HTTP_POST_FILES;
30 $_GET =& $HTTP_GET_VARS;
31 $_POST =& $HTTP_POST_VARS;
32 $_SERVER =& $HTTP_SERVER_VARS;
33 $_SESSION =& $HTTP_SESSION_VARS;
34}
35
a32985a5 36/* if running with register_globals = 0 and
37 magic_quotes_gpc then strip the slashes
38 from POST and GET global arrays */
39
40if (get_magic_quotes_gpc()) {
41 if (ini_get('register_globals') == 0) {
42 sqstripslashes($_GET);
43 sqstripslashes($_POST);
44 }
45}
46
47/* strip any tags added to the url from PHP_SELF.
48 This fixes hand crafted url XXS expoits for any
49 page that uses PHP_SELF as the FORM action */
50
51strip_tags($_SERVER['PHP_SELF']);
52
53function sqstripslashes(&$array) {
54 foreach ($array as $index=>$value) {
55 if (is_array($array["$index"])) {
56 sqstripslashes($array["$index"]);
57 }
58 else {
59 $array["$index"] = stripslashes($value);
60 }
61 }
62}
63
61d9ec71 64function sqsession_register ($var, $name) {
65 $rg = ini_get('register_globals');
66 if ( (float)substr(PHP_VERSION,0,3) < 4.1 && empty($rg)) {
67 global $HTTP_SESSION_VARS;
68 $HTTP_SESSION_VARS["$name"] = $var;
69 }
70 else {
71 session_register("$name");
72 }
73}
74function sqsession_unregister ($name) {
75 $rg = ini_get('register_globals');
76 if ( (float)substr(PHP_VERSION,0,3) < 4.1 && empty($rg)) {
77 global $HTTP_SESSION_VARS;
78 unset($HTTP_SESSION_VARS["$name"]);
79 }
80 else {
81 session_unregister("$name");
82 }
83}
84
85/**
86 * Search for the var $name in $_SESSION, $_POST, $_GET
87 * (in that order) and register it as a global var.
88 */
89function sqextractGlobalVar ($name) {
a32985a5 90 if ( (float)substr(PHP_VERSION,0,3) < 4.1 ) {
91 global $_SESSION, $_GET, $_POST;
92 }
93 global $$name;
61d9ec71 94 if( isset($_SESSION[$name]) ) {
95 $$name = $_SESSION[$name];
96 }
97 if( isset($_POST[$name]) ) {
98 $$name = $_POST[$name];
99 }
100 else if ( isset($_GET[$name]) ) {
101 $$name = $_GET[$name];
102 }
103}
513db22c 104
105function sqsession_destroy() {
106 global $base_uri;
107
108 if ( (float)substr(PHP_VERSION , 0 , 3) < 4.1) {
109 global $HTTP_SESSION_VARS;
110 $HTTP_SESSION_VARS = array();
111 }
112 else {
113 $_SESSION = array();
114 }
115
116 /*
117 * now reset cookies to 5 seconds ago to delete from browser
118 */
119
120 @session_destroy();
121 $cookie_params = session_get_cookie_params();
122 setcookie(session_name(), '', time() - 5, $cookie_params['path'],
123 $cookie_params['domain']);
124 setcookie('username', '', time() - 5, $base_uri);
125 setcookie('key', '', time() - 5 , $base_uri);
126
127}
128
61d9ec71 129?>