61d9ec71 |
1 | <?php |
2 | |
3 | /** |
4 | * globals.php |
5 | * |
6 | * Copyright (c) 1999-2002 The SquirrelMail Project Team |
7 | * Licensed under the GNU GPL. For full terms see the file COPYING. |
8 | * |
9 | * This includes code to update < 4.1.0 globals to the newer format |
10 | * It also has two session register functions that work across various |
11 | * php versions. |
12 | * |
a32985a5 |
13 | * $Id $ |
61d9ec71 |
14 | */ |
15 | |
16 | |
17 | /* convert old-style superglobals to current method |
18 | * this is executed if you are running PHP 4.0.x. |
19 | * it is run via a require_once directive in validate.php |
20 | * and redirect.php. Patch submitted by Ray Black. |
21 | */ |
22 | |
23 | if ( (float)substr(PHP_VERSION,0,3) < 4.1 ) { |
24 | global $_COOKIE, $_ENV, $_FILES, $_GET, $_POST, $_SERVER, $_SESSION; |
25 | global $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_GET_VARS, |
26 | $HTTP_POST_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS; |
27 | $_COOKIE =& $HTTP_COOKIE_VARS; |
28 | $_ENV =& $HTTP_ENV_VARS; |
29 | $_FILES =& $HTTP_POST_FILES; |
30 | $_GET =& $HTTP_GET_VARS; |
31 | $_POST =& $HTTP_POST_VARS; |
32 | $_SERVER =& $HTTP_SERVER_VARS; |
33 | $_SESSION =& $HTTP_SESSION_VARS; |
34 | } |
35 | |
a32985a5 |
36 | /* if running with register_globals = 0 and |
37 | magic_quotes_gpc then strip the slashes |
38 | from POST and GET global arrays */ |
39 | |
40 | if (get_magic_quotes_gpc()) { |
41 | if (ini_get('register_globals') == 0) { |
42 | sqstripslashes($_GET); |
43 | sqstripslashes($_POST); |
44 | } |
45 | } |
46 | |
47 | /* strip any tags added to the url from PHP_SELF. |
48 | This fixes hand crafted url XXS expoits for any |
49 | page that uses PHP_SELF as the FORM action */ |
50 | |
51 | strip_tags($_SERVER['PHP_SELF']); |
52 | |
53 | function sqstripslashes(&$array) { |
54 | foreach ($array as $index=>$value) { |
55 | if (is_array($array["$index"])) { |
56 | sqstripslashes($array["$index"]); |
57 | } |
58 | else { |
59 | $array["$index"] = stripslashes($value); |
60 | } |
61 | } |
62 | } |
63 | |
61d9ec71 |
64 | function sqsession_register ($var, $name) { |
65 | $rg = ini_get('register_globals'); |
66 | if ( (float)substr(PHP_VERSION,0,3) < 4.1 && empty($rg)) { |
67 | global $HTTP_SESSION_VARS; |
68 | $HTTP_SESSION_VARS["$name"] = $var; |
69 | } |
70 | else { |
71 | session_register("$name"); |
72 | } |
73 | } |
74 | function sqsession_unregister ($name) { |
75 | $rg = ini_get('register_globals'); |
76 | if ( (float)substr(PHP_VERSION,0,3) < 4.1 && empty($rg)) { |
77 | global $HTTP_SESSION_VARS; |
78 | unset($HTTP_SESSION_VARS["$name"]); |
79 | } |
80 | else { |
81 | session_unregister("$name"); |
82 | } |
83 | } |
84 | |
85 | /** |
86 | * Search for the var $name in $_SESSION, $_POST, $_GET |
87 | * (in that order) and register it as a global var. |
88 | */ |
89 | function sqextractGlobalVar ($name) { |
a32985a5 |
90 | if ( (float)substr(PHP_VERSION,0,3) < 4.1 ) { |
91 | global $_SESSION, $_GET, $_POST; |
92 | } |
93 | global $$name; |
61d9ec71 |
94 | if( isset($_SESSION[$name]) ) { |
95 | $$name = $_SESSION[$name]; |
96 | } |
97 | if( isset($_POST[$name]) ) { |
98 | $$name = $_POST[$name]; |
99 | } |
100 | else if ( isset($_GET[$name]) ) { |
101 | $$name = $_GET[$name]; |
102 | } |
103 | } |
104 | ?> |