[squirrelmail.git] / functions / global.php

<?php

/**
 * global.php
 *
 * This includes code to update < 4.1.0 globals to the newer format
 * It also has some session register functions that work across various
 * php versions.
 *
 * @copyright &copy; 1999-2005 The SquirrelMail Project Team
 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
 * @version $Id$
 * @package squirrelmail
 */

/**
 */
define('SQ_INORDER',0);
define('SQ_GET',1);
define('SQ_POST',2);
define('SQ_SESSION',3);
define('SQ_COOKIE',4);
define('SQ_SERVER',5);
define('SQ_FORM',6);

/**
 * returns true if current php version is at mimimum a.b.c
 *
 * Called: check_php_version(4,1)
 * @param int a major version number
 * @param int b minor version number
 * @param int c release number
 * @return bool
 */
function check_php_version ($a = '0', $b = '0', $c = '0')
{
    return version_compare ( PHP_VERSION, "$a.$b.$c", 'ge' );
}

/**
 * returns true if the current internal SM version is at minimum a.b.c
 * These are plain integer comparisons, as our internal version is
 * constructed by us, as an array of 3 ints.
 *
 * Called: check_sm_version(1,3,3)
 * @param int a major version number
 * @param int b minor version number
 * @param int c release number
 * @return bool
 */
function check_sm_version($a = 0, $b = 0, $c = 0)
{
    global $SQM_INTERNAL_VERSION;
    if ( !isset($SQM_INTERNAL_VERSION) ||
         $SQM_INTERNAL_VERSION[0] < $a ||
         ( $SQM_INTERNAL_VERSION[0] == $a &&
           $SQM_INTERNAL_VERSION[1] < $b) ||
         ( $SQM_INTERNAL_VERSION[0] == $a &&
           $SQM_INTERNAL_VERSION[1] == $b &&
           $SQM_INTERNAL_VERSION[2] < $c ) ) {
        return FALSE;
    }
    return TRUE;
}


/**
 * Recursively strip slashes from the values of an array.
 * @param array array the array to strip, passed by reference
 * @return void
 */
function sqstripslashes(&$array) {
    if(count($array) > 0) {
        foreach ($array as $index=>$value) {
            if (is_array($array[$index])) {
                sqstripslashes($array[$index]);
            }
            else {
                $array[$index] = stripslashes($value);
            }
        }
    }
}

/**
 * Add a variable to the session.
 * @param mixed $var the variable to register
 * @param string $name the name to refer to this variable
 * @return void
 */
function sqsession_register ($var, $name) {

    sqsession_is_active();

    $_SESSION["$name"] = $var;

    session_register("$name");
}

/**
 * Delete a variable from the session.
 * @param string $name the name of the var to delete
 * @return void
 */
function sqsession_unregister ($name) {

    sqsession_is_active();

    unset($_SESSION[$name]);

    session_unregister("$name");
}

/**
 * Checks to see if a variable has already been registered
 * in the session.
 * @param string $name the name of the var to check
 * @return bool whether the var has been registered
 */
function sqsession_is_registered ($name) {
    $test_name = &$name;
    $result = false;

    if (isset($_SESSION[$test_name])) {
        $result = true;
    }

    return $result;
}

/**
 * Search for the var $name in $_SESSION, $_POST, $_GET, $_COOKIE, or $_SERVER
 * and set it in provided var.
 *
 * If $search is not provided, or if it is SQ_INORDER, it will search $_SESSION,
 * then $_POST, then $_GET. If $search is SQ_FORM it will search $_POST and
 * $_GET.  Otherwise, use one of the defined constants to look for a var in one
 * place specifically.
 *
 * Note: $search is an int value equal to one of the constants defined above.
 *
 * Example:
 * sqgetGlobalVar('username',$username,SQ_SESSION);
 * // No quotes around last param, it's a constant - not a string!
 *
 * @param string name the name of the var to search
 * @param mixed value the variable to return
 * @param int search constant defining where to look
 * @return bool whether variable is found.
 */
function sqgetGlobalVar($name, &$value, $search = SQ_INORDER) {

    /* NOTE: DO NOT enclose the constants in the switch
       statement with quotes. They are constant values,
       enclosing them in quotes will cause them to evaluate
       as strings. */
    switch ($search) {
        /* we want the default case to be first here,
           so that if a valid value isn't specified,
           all three arrays will be searched. */
      default:
      case SQ_INORDER: // check session, post, get
      case SQ_SESSION:
        if( isset($_SESSION[$name]) ) {
            $value = $_SESSION[$name];
            return TRUE;
        } elseif ( $search == SQ_SESSION ) {
            break;
        }
      case SQ_FORM:   // check post, get
      case SQ_POST:
        if( isset($_POST[$name]) ) {
            $value = $_POST[$name];
            return TRUE;
        } elseif ( $search == SQ_POST ) {
          break;
        }
      case SQ_GET:
        if ( isset($_GET[$name]) ) {
            $value = $_GET[$name];
            return TRUE;
        }
        /* NO IF HERE. FOR SQ_INORDER CASE, EXIT after GET */
        break;
      case SQ_COOKIE:
        if ( isset($_COOKIE[$name]) ) {
            $value = $_COOKIE[$name];
            return TRUE;
        }
        break;
      case SQ_SERVER:
        if ( isset($_SERVER[$name]) ) {
            $value = $_SERVER[$name];
            return TRUE;
        }
        break;
    }
    /* Nothing found, return FALSE */
    return FALSE;
}

/**
 * Deletes an existing session, more advanced than the standard PHP
 * session_destroy(), it explicitly deletes the cookies and global vars.
 */
function sqsession_destroy() {

    /*
     * php.net says we can kill the cookie by setting just the name:
     * http://www.php.net/manual/en/function.setcookie.php
     * maybe this will help fix the session merging again.
     *
     * Changed the theory on this to kill the cookies first starting
     * a new session will provide a new session for all instances of
     * the browser, we don't want that, as that is what is causing the
     * merging of sessions.
     */

    global $base_uri;

    if (isset($_COOKIE[session_name()])) sqsetcookie(session_name(), '', 0, $base_uri);
    if (isset($_COOKIE['username'])) sqsetcookie('username','',0,$base_uri);
    if (isset($_COOKIE['key'])) sqsetcookie('key','',0,$base_uri);

    $sessid = session_id();
    if (!empty( $sessid )) {
        $_SESSION = array();
        @session_destroy();
    }

}

/**
 * Function to verify a session has been started.  If it hasn't
 * start a session up.  php.net doesn't tell you that $_SESSION
 * (even though autoglobal), is not created unless a session is
 * started, unlike $_POST, $_GET and such
 */
function sqsession_is_active() {
    $sessid = session_id();
    if ( empty( $sessid ) ) {
        sqsession_start();
    }
}

/**
 * Function to start the session and store the cookie with the session_id as
 * HttpOnly cookie which means that the cookie isn't accessible by javascript
 * (IE6 only)
 */
function sqsession_start() {
    global $PHP_SELF;

    $dirs = array('|src/.*|', '|plugins/.*|', '|functions/.*|');
    $repl = array('', '', '');
    $base_uri = preg_replace($dirs, $repl, $PHP_SELF);


    session_start();
    $sessid = session_id();
    // session_starts sets the sessionid cookie buth without the httponly var
    // setting the cookie again sets the httponly cookie attribute
    sqsetcookie(session_name(),$sessid,false,$base_uri);
}


/**
 * Set a cookie
 * @param string  $sName     The name of the cookie.
 * @param string  $sValue    The value of the cookie.
 * @param int     $iExpire   The time the cookie expires. This is a Unix timestamp so is in number of seconds since the epoch.
 * @param string  $sPath     The path on the server in which the cookie will be available on.
 * @param string  $sDomain   The domain that the cookie is available.
 * @param boolean $bSecure   Indicates that the cookie should only be transmitted over a secure HTTPS connection.
 * @param boolean $bHttpOnly Disallow JS to access the cookie (IE6 only)
 * @return void
 */
function sqsetcookie($sName,$sValue,$iExpire=false,$sPath="",$sDomain="",$bSecure=false,$bHttpOnly=true) {
    $sHeader = "Set-Cookie: $sName=$sValue";
    if ($sPath) {
        $sHeader .= "; Path=\"$sPath\"";
    }
    if ($iExpire !==false) {
        $sHeader .= "; Max-Age=$iExpire";
    }
    if ($sPath) {
        $sHeader .= "; Path=$sPath";
    }
    if ($sDomain) {
        $sHeader .= "; Domain=$sDomain";
    }
    if ($bSecure) {
        $sHeader .= "; Secure";
    }
    if ($bHttpOnly) {
        $sHeader .= "; HttpOnly";
    }
    $sHeader .= "; Version=1";

    header($sHeader);
}

/**
 * php_self
 *
 * Creates an URL for the page calling this function, using either the PHP global
 * REQUEST_URI, or the PHP global PHP_SELF with QUERY_STRING added. Before 1.5.1
 * function was stored in function/strings.php.
 *
 * @return string the complete url for this page
 * @since 1.2.3
 */
function php_self () {
    if ( sqgetGlobalVar('REQUEST_URI', $req_uri, SQ_SERVER) && !empty($req_uri) ) {
      return $req_uri;
    }

    if ( sqgetGlobalVar('PHP_SELF', $php_self, SQ_SERVER) && !empty($php_self) ) {

      // need to add query string to end of PHP_SELF to match REQUEST_URI
      //
      if ( sqgetGlobalVar('QUERY_STRING', $query_string, SQ_SERVER) && !empty($query_string) ) {
         $php_self .= '?' . $query_string;
      }

      return $php_self;
    }

    return '';
}

/** set the name of the session cookie */
if(isset($session_name) && $session_name) {
    ini_set('session.name' , $session_name);
} else {
    ini_set('session.name' , 'SQMSESSID');
}

/**
 * If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
 * Force magic_quotes_runtime off.
 * tassium@squirrelmail.org - I put it here in the hopes that all SM code includes this.
 * If there's a better place, please let me know.
 */
ini_set('magic_quotes_runtime','0');

/* Since we decided all IMAP servers must implement the UID command as defined in
 * the IMAP RFC, we force $uid_support to be on.
 */

global $uid_support;
$uid_support = true;

/* if running with magic_quotes_gpc then strip the slashes
   from POST and GET global arrays */

if (get_magic_quotes_gpc()) {
    sqstripslashes($_GET);
    sqstripslashes($_POST);
}

/* strip any tags added to the url from PHP_SELF.
   This fixes hand crafted url XXS expoits for any
   page that uses PHP_SELF as the FORM action */
$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);

$PHP_SELF = php_self();

sqsession_is_active();

?>
Commit	Line	Data
61d9ec71	1	<?php
	2
	3	/**
0c701a88	4	* global.php
61d9ec71	5	*
62f7daa5	6	* This includes code to update < 4.1.0 globals to the newer format
242342d0	7	* It also has some session register functions that work across various
62f7daa5	8	* php versions.
61d9ec71	9	*
4b4abf93	10	* @copyright © 1999-2005 The SquirrelMail Project Team
4b4abf93	11	* @license http://opensource.org/licenses/gpl-license.php GNU Public License
31841a9e	12	* @version $Id$
d6c32258	13	* @package squirrelmail
61d9ec71	14	*/
61d9ec71	15
051f6245	16	/**
2ca4c65a	17	*/
7f62aaef	18	define('SQ_INORDER',0);
	19	define('SQ_GET',1);
	20	define('SQ_POST',2);
	21	define('SQ_SESSION',3);
	22	define('SQ_COOKIE',4);
	23	define('SQ_SERVER',5);
	24	define('SQ_FORM',6);
a32985a5	25
62f7daa5	26	/**
	27	* returns true if current php version is at mimimum a.b.c
	28	*
97bdc607	29	* Called: check_php_version(4,1)
8b096f0a	30	* @param int a major version number
	31	* @param int b minor version number
	32	* @param int c release number
	33	* @return bool
97bdc607	34	*/
62f7daa5	35	function check_php_version ($a = '0', $b = '0', $c = '0')
9697c5ab	36	{
5673cabe	37	return version_compare ( PHP_VERSION, "$a.$b.$c", 'ge' );
9697c5ab	38	}
9697c5ab	39
97bdc607	40	/**
62f7daa5	41	* returns true if the current internal SM version is at minimum a.b.c
62f7daa5	42	* These are plain integer comparisons, as our internal version is
97bdc607	43	* constructed by us, as an array of 3 ints.
	44	*
	45	* Called: check_sm_version(1,3,3)
8b096f0a	46	* @param int a major version number
	47	* @param int b minor version number
	48	* @param int c release number
	49	* @return bool
97bdc607	50	*/
	51	function check_sm_version($a = 0, $b = 0, $c = 0)
	52	{
	53	global $SQM_INTERNAL_VERSION;
	54	if ( !isset($SQM_INTERNAL_VERSION) \|\|
	55	$SQM_INTERNAL_VERSION[0] < $a \|\|
150c28d6	56	( $SQM_INTERNAL_VERSION[0] == $a &&
	57	$SQM_INTERNAL_VERSION[1] < $b) \|\|
	58	( $SQM_INTERNAL_VERSION[0] == $a &&
	59	$SQM_INTERNAL_VERSION[1] == $b &&
97bdc607	60	$SQM_INTERNAL_VERSION[2] < $c ) ) {
97bdc607	61	return FALSE;
62f7daa5	62	}
62f7daa5	63	return TRUE;
97bdc607	64	}
	65
	66
8b096f0a	67	/**
	68	* Recursively strip slashes from the values of an array.
	69	* @param array array the array to strip, passed by reference
	70	* @return void
	71	*/
a32985a5	72	function sqstripslashes(&$array) {
3aa17cf9	73	if(count($array) > 0) {
	74	foreach ($array as $index=>$value) {
	75	if (is_array($array[$index])) {
	76	sqstripslashes($array[$index]);
	77	}
	78	else {
	79	$array[$index] = stripslashes($value);
	80	}
a32985a5	81	}
	82	}
	83	}
	84
8b096f0a	85	/**
	86	* Add a variable to the session.
	87	* @param mixed $var the variable to register
	88	* @param string $name the name to refer to this variable
	89	* @return void
	90	*/
61d9ec71	91	function sqsession_register ($var, $name) {
281c3d5b	92
	93	sqsession_is_active();
	94
62f7daa5	95	$_SESSION["$name"] = $var;
62f7daa5	96
dcc1cc82	97	session_register("$name");
61d9ec71	98	}
3aa17cf9	99
8b096f0a	100	/**
	101	* Delete a variable from the session.
	102	* @param string $name the name of the var to delete
	103	* @return void
	104	*/
61d9ec71	105	function sqsession_unregister ($name) {
281c3d5b	106
	107	sqsession_is_active();
	108
abd74f7d	109	unset($_SESSION[$name]);
62f7daa5	110
dcc1cc82	111	session_unregister("$name");
61d9ec71	112	}
3aa17cf9	113
8b096f0a	114	/**
	115	* Checks to see if a variable has already been registered
	116	* in the session.
	117	* @param string $name the name of the var to check
	118	* @return bool whether the var has been registered
	119	*/
d7c82551	120	function sqsession_is_registered ($name) {
	121	$test_name = &$name;
	122	$result = false;
62f7daa5	123
abd74f7d	124	if (isset($_SESSION[$test_name])) {
abd74f7d	125	$result = true;
d7c82551	126	}
62f7daa5	127
d7c82551	128	return $result;
	129	}
	130
4cd8ae7d	131	/**
2d055f0a	132	* Search for the var $name in $_SESSION, $_POST, $_GET, $_COOKIE, or $_SERVER
2d055f0a	133	* and set it in provided var.
d1975c5b	134	*
2d055f0a	135	* If $search is not provided, or if it is SQ_INORDER, it will search $_SESSION,
	136	* then $_POST, then $_GET. If $search is SQ_FORM it will search $_POST and
	137	* $_GET. Otherwise, use one of the defined constants to look for a var in one
	138	* place specifically.
d1975c5b	139	*
2d055f0a	140	* Note: $search is an int value equal to one of the constants defined above.
d1975c5b	141	*
2d055f0a	142	* Example:
	143	* sqgetGlobalVar('username',$username,SQ_SESSION);
	144	* // No quotes around last param, it's a constant - not a string!
d1975c5b	145	*
8b096f0a	146	* @param string name the name of the var to search
	147	* @param mixed value the variable to return
	148	* @param int search constant defining where to look
	149	* @return bool whether variable is found.
4cd8ae7d	150	*/
4cd8ae7d	151	function sqgetGlobalVar($name, &$value, $search = SQ_INORDER) {
f79c19a4	152
d1975c5b	153	/* NOTE: DO NOT enclose the constants in the switch
	154	statement with quotes. They are constant values,
	155	enclosing them in quotes will cause them to evaluate
	156	as strings. */
4cd8ae7d	157	switch ($search) {
62f7daa5	158	/* we want the default case to be first here,
051f6245	159	so that if a valid value isn't specified,
051f6245	160	all three arrays will be searched. */
d1975c5b	161	default:
d9ad2525	162	case SQ_INORDER: // check session, post, get
d1975c5b	163	case SQ_SESSION:
d1975c5b	164	if( isset($_SESSION[$name]) ) {
4cd8ae7d	165	$value = $_SESSION[$name];
d1975c5b	166	return TRUE;
	167	} elseif ( $search == SQ_SESSION ) {
	168	break;
	169	}
d9ad2525	170	case SQ_FORM: // check post, get
d1975c5b	171	case SQ_POST:
d1975c5b	172	if( isset($_POST[$name]) ) {
4cd8ae7d	173	$value = $_POST[$name];
d1975c5b	174	return TRUE;
d1975c5b	175	} elseif ( $search == SQ_POST ) {
27d0841c	176	break;
d1975c5b	177	}
	178	case SQ_GET:
	179	if ( isset($_GET[$name]) ) {
	180	$value = $_GET[$name];
	181	return TRUE;
62f7daa5	182	}
d1975c5b	183	/* NO IF HERE. FOR SQ_INORDER CASE, EXIT after GET */
	184	break;
	185	case SQ_COOKIE:
	186	if ( isset($_COOKIE[$name]) ) {
	187	$value = $_COOKIE[$name];
62f7daa5	188	return TRUE;
d1975c5b	189	}
	190	break;
	191	case SQ_SERVER:
d1975c5b	192	if ( isset($_SERVER[$name]) ) {
	193	$value = $_SERVER[$name];
	194	return TRUE;
	195	}
	196	break;
4cd8ae7d	197	}
511f5c33	198	/* Nothing found, return FALSE */
4cd8ae7d	199	return FALSE;
	200	}
	201
8b096f0a	202	/**
	203	* Deletes an existing session, more advanced than the standard PHP
	204	* session_destroy(), it explicitly deletes the cookies and global vars.
	205	*/
513db22c	206	function sqsession_destroy() {
242342d0	207
281c3d5b	208	/*
	209	* php.net says we can kill the cookie by setting just the name:
	210	* http://www.php.net/manual/en/function.setcookie.php
	211	* maybe this will help fix the session merging again.
	212	*
	213	* Changed the theory on this to kill the cookies first starting
	214	* a new session will provide a new session for all instances of
	215	* the browser, we don't want that, as that is what is causing the
	216	* merging of sessions.
	217	*/
242342d0	218
f9902ccb	219	global $base_uri;
f31687f6	220
3a1de9f1	221	if (isset($_COOKIE[session_name()])) sqsetcookie(session_name(), '', 0, $base_uri);
	222	if (isset($_COOKIE['username'])) sqsetcookie('username','',0,$base_uri);
	223	if (isset($_COOKIE['key'])) sqsetcookie('key','',0,$base_uri);
281c3d5b	224
	225	$sessid = session_id();
	226	if (!empty( $sessid )) {
abd74f7d	227	$_SESSION = array();
21e18f59	228	@session_destroy();
242342d0	229	}
242342d0	230
281c3d5b	231	}
242342d0	232
8b096f0a	233	/**
281c3d5b	234	* Function to verify a session has been started. If it hasn't
	235	* start a session up. php.net doesn't tell you that $_SESSION
	236	* (even though autoglobal), is not created unless a session is
	237	* started, unlike $_POST, $_GET and such
	238	*/
281c3d5b	239	function sqsession_is_active() {
281c3d5b	240	$sessid = session_id();
281c3d5b	241	if ( empty( $sessid ) ) {
3a1de9f1	242	sqsession_start();
281c3d5b	243	}
513db22c	244	}
513db22c	245
3a1de9f1	246	/**
	247	* Function to start the session and store the cookie with the session_id as
	248	* HttpOnly cookie which means that the cookie isn't accessible by javascript
	249	* (IE6 only)
	250	*/
	251	function sqsession_start() {
	252	global $PHP_SELF;
	253
	254	$dirs = array('\|src/.\|', '\|plugins/.\|', '\|functions/.*\|');
	255	$repl = array('', '', '');
	256	$base_uri = preg_replace($dirs, $repl, $PHP_SELF);
	257
7f62aaef	258
3a1de9f1	259	session_start();
	260	$sessid = session_id();
	261	// session_starts sets the sessionid cookie buth without the httponly var
	262	// setting the cookie again sets the httponly cookie attribute
	263	sqsetcookie(session_name(),$sessid,false,$base_uri);
	264	}
	265
	266
	267	/**
	268	* Set a cookie
	269	* @param string $sName The name of the cookie.
	270	* @param string $sValue The value of the cookie.
	271	* @param int $iExpire The time the cookie expires. This is a Unix timestamp so is in number of seconds since the epoch.
	272	* @param string $sPath The path on the server in which the cookie will be available on.
	273	* @param string $sDomain The domain that the cookie is available.
	274	* @param boolean $bSecure Indicates that the cookie should only be transmitted over a secure HTTPS connection.
	275	* @param boolean $bHttpOnly Disallow JS to access the cookie (IE6 only)
	276	* @return void
	277	*/
	278	function sqsetcookie($sName,$sValue,$iExpire=false,$sPath="",$sDomain="",$bSecure=false,$bHttpOnly=true) {
	279	$sHeader = "Set-Cookie: $sName=$sValue";
	280	if ($sPath) {
	281	$sHeader .= "; Path=\"$sPath\"";
	282	}
	283	if ($iExpire !==false) {
	284	$sHeader .= "; Max-Age=$iExpire";
	285	}
	286	if ($sPath) {
	287	$sHeader .= "; Path=$sPath";
	288	}
	289	if ($sDomain) {
	290	$sHeader .= "; Domain=$sDomain";
	291	}
	292	if ($bSecure) {
	293	$sHeader .= "; Secure";
	294	}
	295	if ($bHttpOnly) {
	296	$sHeader .= "; HttpOnly";
	297	}
	298	$sHeader .= "; Version=1";
	299
	300	header($sHeader);
	301	}
7f62aaef	302
	303	/**
	304	* php_self
	305	*
	306	* Creates an URL for the page calling this function, using either the PHP global
	307	* REQUEST_URI, or the PHP global PHP_SELF with QUERY_STRING added. Before 1.5.1
	308	* function was stored in function/strings.php.
	309	*
	310	* @return string the complete url for this page
	311	* @since 1.2.3
	312	*/
	313	function php_self () {
	314	if ( sqgetGlobalVar('REQUEST_URI', $req_uri, SQ_SERVER) && !empty($req_uri) ) {
	315	return $req_uri;
	316	}
	317
	318	if ( sqgetGlobalVar('PHP_SELF', $php_self, SQ_SERVER) && !empty($php_self) ) {
	319
	320	// need to add query string to end of PHP_SELF to match REQUEST_URI
	321	//
	322	if ( sqgetGlobalVar('QUERY_STRING', $query_string, SQ_SERVER) && !empty($query_string) ) {
	323	$php_self .= '?' . $query_string;
	324	}
	325
	326	return $php_self;
	327	}
	328
	329	return '';
	330	}
	331
	332	/** set the name of the session cookie */
	333	if(isset($session_name) && $session_name) {
	334	ini_set('session.name' , $session_name);
	335	} else {
	336	ini_set('session.name' , 'SQMSESSID');
	337	}
	338
	339	/**
	340	* If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
	341	* Force magic_quotes_runtime off.
	342	* tassium@squirrelmail.org - I put it here in the hopes that all SM code includes this.
	343	* If there's a better place, please let me know.
	344	*/
	345	ini_set('magic_quotes_runtime','0');
	346
	347	/* Since we decided all IMAP servers must implement the UID command as defined in
	348	* the IMAP RFC, we force $uid_support to be on.
	349	*/
	350
	351	global $uid_support;
	352	$uid_support = true;
	353
	354	/* if running with magic_quotes_gpc then strip the slashes
	355	from POST and GET global arrays */
	356
	357	if (get_magic_quotes_gpc()) {
	358	sqstripslashes($_GET);
	359	sqstripslashes($_POST);
	360	}
	361
	362	/* strip any tags added to the url from PHP_SELF.
	363	This fixes hand crafted url XXS expoits for any
	364	page that uses PHP_SELF as the FORM action */
	365	$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
366
367	$PHP_SELF = php_self();
368
369	sqsession_is_active();
370
f8a1ed5a	371	?>