This fix is for the problem Matthew Hagerty reported. (PHP appearing to execute code...
[squirrelmail.git] / functions / global.php
CommitLineData
61d9ec71 1<?php
2
3/**
4 * globals.php
5 *
6 * Copyright (c) 1999-2002 The SquirrelMail Project Team
7 * Licensed under the GNU GPL. For full terms see the file COPYING.
8 *
9 * This includes code to update < 4.1.0 globals to the newer format
242342d0 10 * It also has some session register functions that work across various
61d9ec71 11 * php versions.
12 *
242342d0 13 * $Id$
61d9ec71 14 */
15
388c855c 16/* If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
17 * Force magic_quotes_runtime off.
18 * chilts@birdbrained.org - I put it here in the hopes that all SM code includes this.
19 * If there's a better place, please let me know.
20 */
5f660901 21ini_set('magic_quotes_runtime','0');
61d9ec71 22
23/* convert old-style superglobals to current method
24 * this is executed if you are running PHP 4.0.x.
25 * it is run via a require_once directive in validate.php
26 * and redirect.php. Patch submitted by Ray Black.
27 */
28
9697c5ab 29if ( !check_php_version(4,1) ) {
61d9ec71 30 global $_COOKIE, $_ENV, $_FILES, $_GET, $_POST, $_SERVER, $_SESSION;
31 global $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_GET_VARS,
32 $HTTP_POST_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS;
33 $_COOKIE =& $HTTP_COOKIE_VARS;
34 $_ENV =& $HTTP_ENV_VARS;
35 $_FILES =& $HTTP_POST_FILES;
36 $_GET =& $HTTP_GET_VARS;
37 $_POST =& $HTTP_POST_VARS;
38 $_SERVER =& $HTTP_SERVER_VARS;
39 $_SESSION =& $HTTP_SESSION_VARS;
40}
41
180239ca 42/* if running with magic_quotes_gpc then strip the slashes
a32985a5 43 from POST and GET global arrays */
44
45if (get_magic_quotes_gpc()) {
180239ca 46 sqstripslashes($_GET);
47 sqstripslashes($_POST);
a32985a5 48}
49
50/* strip any tags added to the url from PHP_SELF.
51 This fixes hand crafted url XXS expoits for any
52 page that uses PHP_SELF as the FORM action */
53
388c855c 54$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
a32985a5 55
9697c5ab 56/* returns true if current php version is at mimimum a.b.c */
57function check_php_version ($a = '0', $b = '0', $c = '0')
58{
3aa17cf9 59 global $SQ_PHP_VERSION;
9697c5ab 60
3aa17cf9 61 if(!isset($SQ_PHP_VERSION))
5123154f 62 $SQ_PHP_VERSION = substr( str_pad( preg_replace('/\D/','', PHP_VERSION), 3, '0'), 0, 3);
9697c5ab 63
3aa17cf9 64 return $SQ_PHP_VERSION >= ($a.$b.$c);
9697c5ab 65}
66
3aa17cf9 67/* recursively strip slashes from the values of an array */
a32985a5 68function sqstripslashes(&$array) {
3aa17cf9 69 if(count($array) > 0) {
70 foreach ($array as $index=>$value) {
71 if (is_array($array[$index])) {
72 sqstripslashes($array[$index]);
73 }
74 else {
75 $array[$index] = stripslashes($value);
76 }
a32985a5 77 }
78 }
79}
80
61d9ec71 81function sqsession_register ($var, $name) {
9697c5ab 82 if ( !check_php_version(4,1) ) {
61d9ec71 83 global $HTTP_SESSION_VARS;
9697c5ab 84 $HTTP_SESSION_VARS[$name] = $var;
61d9ec71 85 }
86 else {
d7c82551 87 $_SESSION["$name"] = $var;
61d9ec71 88 }
3658a999 89 session_register("$name");
61d9ec71 90}
3aa17cf9 91
61d9ec71 92function sqsession_unregister ($name) {
9697c5ab 93 if ( !check_php_version(4,1) ) {
d7c82551 94 global $HTTP_SESSION_VARS;
9697c5ab 95 unset($HTTP_SESSION_VARS[$name]);
61d9ec71 96 }
97 else {
9697c5ab 98 unset($_SESSION[$name]);
61d9ec71 99 }
3658a999 100 session_unregister("$name");
61d9ec71 101}
3aa17cf9 102
d7c82551 103function sqsession_is_registered ($name) {
104 $test_name = &$name;
105 $result = false;
9697c5ab 106 if ( !check_php_version(4,1) ) {
d7c82551 107 global $HTTP_SESSION_VARS;
108 if (isset($HTTP_SESSION_VARS[$test_name])) {
109 $result = true;
110 }
111 }
112 else {
113 if (isset($_SESSION[$test_name])) {
114 $result = true;
115 }
116 }
117 return $result;
118}
119
61d9ec71 120
121/**
122 * Search for the var $name in $_SESSION, $_POST, $_GET
123 * (in that order) and register it as a global var.
124 */
125function sqextractGlobalVar ($name) {
9697c5ab 126 if ( !check_php_version(4,1) ) {
a32985a5 127 global $_SESSION, $_GET, $_POST;
128 }
129 global $$name;
61d9ec71 130 if( isset($_SESSION[$name]) ) {
131 $$name = $_SESSION[$name];
132 }
133 if( isset($_POST[$name]) ) {
134 $$name = $_POST[$name];
135 }
136 else if ( isset($_GET[$name]) ) {
137 $$name = $_GET[$name];
138 }
139}
513db22c 140
141function sqsession_destroy() {
242342d0 142 global $base_uri;
143
144 /* start session to be able to destroy it later */
145 session_start();
146
9697c5ab 147 if ( !check_php_version(4,1) ) {
242342d0 148 global $HTTP_SESSION_VARS;
149 $HTTP_SESSION_VARS = array();
150 }
151 else {
152 $_SESSION = array();
153 }
154
155 /*
156 * now reset cookies to 5 seconds ago to delete from browser
157 */
158
159 @session_destroy();
160 $cookie_params = session_get_cookie_params();
161 setcookie(session_name(), '', time() - 5, $cookie_params['path'],
162 $cookie_params['domain']);
163 setcookie('username', '', time() - 5, $base_uri);
164 setcookie('key', '', time() - 5 , $base_uri);
513db22c 165}
166
61d9ec71 167?>