[squirrelmail.git] / functions / global.php

<?php

/**
 * globals.php
 *
 * Copyright (c) 1999-2003 The SquirrelMail Project Team
 * Licensed under the GNU GPL. For full terms see the file COPYING.
 *
 * This includes code to update < 4.1.0 globals to the newer format 
 * It also has some session register functions that work across various
 * php versions. 
 *
 * $Id$
 */

require_once(SM_PATH . 'config/config.php');

/* set the name of the session cookie */
if(isset($session_name) && $session_name) {  
    ini_set('session.name' , $session_name);  
} else {  
    ini_set('session.name' , 'SQMSESSID');  
}

/* If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
 * Force magic_quotes_runtime off.
 * chilts@birdbrained.org - I put it here in the hopes that all SM code includes this.
 * If there's a better place, please let me know.
 */
ini_set('magic_quotes_runtime','0');

/* convert old-style superglobals to current method
 * this is executed if you are running PHP 4.0.x.
 * it is run via a require_once directive in validate.php 
 * and redirect.php. Patch submitted by Ray Black.
 */ 

if ( !check_php_version(4,1) ) {
  global $_COOKIE, $_ENV, $_FILES, $_GET, $_POST, $_SERVER, $_SESSION;
  global $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_GET_VARS,
         $HTTP_POST_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS;
  $_COOKIE  =& $HTTP_COOKIE_VARS;
  $_ENV     =& $HTTP_ENV_VARS;
  $_FILES   =& $HTTP_POST_FILES;
  $_GET     =& $HTTP_GET_VARS;
  $_POST    =& $HTTP_POST_VARS;
  $_SERVER  =& $HTTP_SERVER_VARS;
  $_SESSION =& $HTTP_SESSION_VARS;
}

/* if running with magic_quotes_gpc then strip the slashes
   from POST and GET global arrays */

if (get_magic_quotes_gpc()) {
    sqstripslashes($_GET);
    sqstripslashes($_POST);
}

/* strip any tags added to the url from PHP_SELF.
   This fixes hand crafted url XXS expoits for any
   page that uses PHP_SELF as the FORM action */

$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);

/** 
 * returns true if current php version is at mimimum a.b.c 
 * 
 * Called: check_php_version(4,1)
 */
function check_php_version ($a = '0', $b = '0', $c = '0')             
{
    global $SQ_PHP_VERSION;
 
    if(!isset($SQ_PHP_VERSION))
        $SQ_PHP_VERSION = substr( str_pad( preg_replace('/\D/','', PHP_VERSION), 3, '0'), 0, 3);

    return $SQ_PHP_VERSION >= ($a.$b.$c);
}

/**
 * returns true if the current internal SM version is at minimum a.b.c 
 * These are plain integer comparisons, as our internal version is 
 * constructed by us, as an array of 3 ints.
 *
 * Called: check_sm_version(1,3,3)
 */
function check_sm_version($a = 0, $b = 0, $c = 0)
{
    global $SQM_INTERNAL_VERSION;
    if ( !isset($SQM_INTERNAL_VERSION) ||
         $SQM_INTERNAL_VERSION[0] < $a ||
	 $SQM_INTERNAL_VERSION[1] < $b ||
	 ( $SQM_INTERNAL_VERSION[1] == $b &&
           $SQM_INTERNAL_VERSION[2] < $c ) ) {
        return FALSE;
    } 
    return TRUE;  
}


/* recursively strip slashes from the values of an array */
function sqstripslashes(&$array) {
    if(count($array) > 0) {
        foreach ($array as $index=>$value) {
            if (is_array($array[$index])) {
                sqstripslashes($array[$index]);
            }
            else {
                $array[$index] = stripslashes($value);
            }
        }
    }
}

function sqsession_register ($var, $name) {

    sqsession_is_active();

    if ( !check_php_version(4,1) ) {
        global $HTTP_SESSION_VARS;
        $HTTP_SESSION_VARS[$name] = $var;
    }
    else {
        $_SESSION["$name"] = $var; 
    }
    session_register("$name");
}

function sqsession_unregister ($name) {

    sqsession_is_active();

    if ( !check_php_version(4,1) ) {
        global $HTTP_SESSION_VARS;
        unset($HTTP_SESSION_VARS[$name]);
    }
    else {
        unset($_SESSION[$name]);
    }
    session_unregister("$name");
}

function sqsession_is_registered ($name) {
    $test_name = &$name;
    $result = false;
    if ( !check_php_version(4,1) ) {
        global $HTTP_SESSION_VARS;
        if (isset($HTTP_SESSION_VARS[$test_name])) {
            $result = true;
        }
    }
    else {
        if (isset($_SESSION[$test_name])) {
            $result = true;
        }
    }
    return $result;
}


define('SQ_INORDER',0);
define('SQ_GET',1);
define('SQ_POST',2);
define('SQ_SESSION',3);
define('SQ_COOKIE',4);
define('SQ_SERVER',5);

/**
 * Search for the var $name in $_SESSION, $_POST, $_GET,
 * $_COOKIE, or $_SERVER and set it in provided var. 
 * If $search is not provided,  or == SQ_INORDER, it will search
 * $_SESSION, then $_POST, then $_GET. Otherwise,
 * use one of the defined constants to look for 
 * a var in one place specifically.
 * Returns FALSE if variable is not found.
 * Returns TRUE if it is.
 */
function sqgetGlobalVar($name, &$value, $search = SQ_INORDER) {
    if ( !check_php_version(4,1) ) {
        global $_SESSION, $_GET, $_POST, $_COOKIE, $_SERVER;
    }
    
    switch ($search) {
        /* we want the default case to be first here,  
	   so that if a valid value isn't specified, 
	   all three arrays will be searched. */
	default:
	case 'SQ_INORDER':
	case 'SQ_SESSION':
	  if( isset($_SESSION[$name]) ) {
            $value = $_SESSION[$name];
	    return TRUE;
          } elseif ( $search == SQ_SESSION ) {
	    break;
	  }
	case 'SQ_POST':
	  if( isset($_POST[$name]) ) {
            $value = $_POST[$name];
	    return TRUE;
	  } elseif ( $search == SQ_POST ) {
	    break;
	  }
       	case 'SQ_GET':
	  if ( isset($_GET[$name]) ) {
            $value = $_GET[$name];
	    return TRUE;
	  } 
	  /* NO IF HERE. FOR SQ_INORDER CASE, EXIT after GET */
	  break;
        case 'SQ_COOKIE':
          if ( isset($_COOKIE[$name]) ) {
             $value = $_COOKIE[$name];
             return TRUE;
          }
	  break;
	case 'SQ_SERVER':
          if ( isset($_SERVER[$name]) ) {
             $value = $_SERVER[$name];
             return TRUE;
          }
          break;
    }
    return FALSE;
}

function sqsession_destroy() {

    /*
     * php.net says we can kill the cookie by setting just the name:
     * http://www.php.net/manual/en/function.setcookie.php
     * maybe this will help fix the session merging again.
     *
     * Changed the theory on this to kill the cookies first starting
     * a new session will provide a new session for all instances of
     * the browser, we don't want that, as that is what is causing the
     * merging of sessions.
     */

    global $base_uri;

    if (isset($_COOKIE[session_name()])) setcookie(session_name(), '', time() - 5, $base_uri);
    if (isset($_COOKIE['username'])) setcookie('username','',time() - 5,$base_uri);
    if (isset($_COOKIE['key'])) setcookie('key','',time() - 5,$base_uri);

    $sessid = session_id();
    if (!empty( $sessid )) {
        if ( !check_php_version(4,1) ) {
            global $HTTP_SESSION_VARS;
            $HTTP_SESSION_VARS = array();
        } else {
            $_SESSION = array();
        }
        @session_destroy;
    }

}

/*
 * Function to verify a session has been started.  If it hasn't
 * start a session up.  php.net doesn't tell you that $_SESSION
 * (even though autoglobal), is not created unless a session is
 * started, unlike $_POST, $_GET and such
 */

function sqsession_is_active() {

    $sessid = session_id();
    if ( empty( $sessid ) ) {
        session_start();
    }
}


?>
Commit	Line	Data
61d9ec71	1	<?php
	2
	3	/**
	4	* globals.php
	5	*
76911253	6	* Copyright (c) 1999-2003 The SquirrelMail Project Team
61d9ec71	7	* Licensed under the GNU GPL. For full terms see the file COPYING.
	8	*
	9	* This includes code to update < 4.1.0 globals to the newer format
242342d0	10	* It also has some session register functions that work across various
61d9ec71	11	* php versions.
61d9ec71	12	*
242342d0	13	* $Id$
61d9ec71	14	*/
61d9ec71	15
ebabf3f5	16	require_once(SM_PATH . 'config/config.php');
	17
	18	/* set the name of the session cookie */
	19	if(isset($session_name) && $session_name) {
	20	ini_set('session.name' , $session_name);
	21	} else {
	22	ini_set('session.name' , 'SQMSESSID');
	23	}
	24
388c855c	25	/* If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
	26	* Force magic_quotes_runtime off.
	27	* chilts@birdbrained.org - I put it here in the hopes that all SM code includes this.
	28	* If there's a better place, please let me know.
	29	*/
5f660901	30	ini_set('magic_quotes_runtime','0');
61d9ec71	31
	32	/* convert old-style superglobals to current method
	33	* this is executed if you are running PHP 4.0.x.
	34	* it is run via a require_once directive in validate.php
	35	* and redirect.php. Patch submitted by Ray Black.
	36	*/
	37
9697c5ab	38	if ( !check_php_version(4,1) ) {
61d9ec71	39	global $_COOKIE, $_ENV, $_FILES, $_GET, $_POST, $_SERVER, $_SESSION;
	40	global $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_GET_VARS,
	41	$HTTP_POST_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS;
	42	$_COOKIE =& $HTTP_COOKIE_VARS;
	43	$_ENV =& $HTTP_ENV_VARS;
	44	$_FILES =& $HTTP_POST_FILES;
	45	$_GET =& $HTTP_GET_VARS;
	46	$_POST =& $HTTP_POST_VARS;
	47	$_SERVER =& $HTTP_SERVER_VARS;
	48	$_SESSION =& $HTTP_SESSION_VARS;
	49	}
	50
180239ca	51	/* if running with magic_quotes_gpc then strip the slashes
a32985a5	52	from POST and GET global arrays */
	53
	54	if (get_magic_quotes_gpc()) {
180239ca	55	sqstripslashes($_GET);
180239ca	56	sqstripslashes($_POST);
a32985a5	57	}
	58
	59	/* strip any tags added to the url from PHP_SELF.
	60	This fixes hand crafted url XXS expoits for any
	61	page that uses PHP_SELF as the FORM action */
	62
388c855c	63	$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
a32985a5	64
97bdc607	65	/**
	66	* returns true if current php version is at mimimum a.b.c
	67	*
	68	* Called: check_php_version(4,1)
	69	*/
9697c5ab	70	function check_php_version ($a = '0', $b = '0', $c = '0')
9697c5ab	71	{
3aa17cf9	72	global $SQ_PHP_VERSION;
97bdc607	73
3aa17cf9	74	if(!isset($SQ_PHP_VERSION))
5123154f	75	$SQ_PHP_VERSION = substr( str_pad( preg_replace('/\D/','', PHP_VERSION), 3, '0'), 0, 3);
9697c5ab	76
3aa17cf9	77	return $SQ_PHP_VERSION >= ($a.$b.$c);
9697c5ab	78	}
9697c5ab	79
97bdc607	80	/**
	81	* returns true if the current internal SM version is at minimum a.b.c
	82	* These are plain integer comparisons, as our internal version is
	83	* constructed by us, as an array of 3 ints.
	84	*
	85	* Called: check_sm_version(1,3,3)
	86	*/
	87	function check_sm_version($a = 0, $b = 0, $c = 0)
	88	{
	89	global $SQM_INTERNAL_VERSION;
	90	if ( !isset($SQM_INTERNAL_VERSION) \|\|
	91	$SQM_INTERNAL_VERSION[0] < $a \|\|
	92	$SQM_INTERNAL_VERSION[1] < $b \|\|
	93	( $SQM_INTERNAL_VERSION[1] == $b &&
	94	$SQM_INTERNAL_VERSION[2] < $c ) ) {
	95	return FALSE;
	96	}
	97	return TRUE;
	98	}
	99
	100
3aa17cf9	101	/* recursively strip slashes from the values of an array */
a32985a5	102	function sqstripslashes(&$array) {
3aa17cf9	103	if(count($array) > 0) {
	104	foreach ($array as $index=>$value) {
	105	if (is_array($array[$index])) {
	106	sqstripslashes($array[$index]);
	107	}
	108	else {
	109	$array[$index] = stripslashes($value);
	110	}
a32985a5	111	}
	112	}
	113	}
	114
61d9ec71	115	function sqsession_register ($var, $name) {
281c3d5b	116
	117	sqsession_is_active();
	118
9697c5ab	119	if ( !check_php_version(4,1) ) {
61d9ec71	120	global $HTTP_SESSION_VARS;
9697c5ab	121	$HTTP_SESSION_VARS[$name] = $var;
61d9ec71	122	}
61d9ec71	123	else {
d7c82551	124	$_SESSION["$name"] = $var;
61d9ec71	125	}
3658a999	126	session_register("$name");
61d9ec71	127	}
3aa17cf9	128
61d9ec71	129	function sqsession_unregister ($name) {
281c3d5b	130
	131	sqsession_is_active();
	132
9697c5ab	133	if ( !check_php_version(4,1) ) {
d7c82551	134	global $HTTP_SESSION_VARS;
9697c5ab	135	unset($HTTP_SESSION_VARS[$name]);
61d9ec71	136	}
61d9ec71	137	else {
9697c5ab	138	unset($_SESSION[$name]);
61d9ec71	139	}
3658a999	140	session_unregister("$name");
61d9ec71	141	}
3aa17cf9	142
d7c82551	143	function sqsession_is_registered ($name) {
	144	$test_name = &$name;
	145	$result = false;
9697c5ab	146	if ( !check_php_version(4,1) ) {
d7c82551	147	global $HTTP_SESSION_VARS;
	148	if (isset($HTTP_SESSION_VARS[$test_name])) {
	149	$result = true;
	150	}
	151	}
	152	else {
	153	if (isset($_SESSION[$test_name])) {
	154	$result = true;
	155	}
	156	}
	157	return $result;
	158	}
	159
61d9ec71	160
4cd8ae7d	161	define('SQ_INORDER',0);
	162	define('SQ_GET',1);
	163	define('SQ_POST',2);
	164	define('SQ_SESSION',3);
27d0841c	165	define('SQ_COOKIE',4);
27d0841c	166	define('SQ_SERVER',5);
4cd8ae7d	167
4cd8ae7d	168	/**
27d0841c	169	* Search for the var $name in $_SESSION, $_POST, $_GET,
27d0841c	170	* $_COOKIE, or $_SERVER and set it in provided var.
4cd8ae7d	171	* If $search is not provided, or == SQ_INORDER, it will search
	172	* $_SESSION, then $_POST, then $_GET. Otherwise,
	173	* use one of the defined constants to look for
	174	* a var in one place specifically.
	175	* Returns FALSE if variable is not found.
	176	* Returns TRUE if it is.
	177	*/
	178	function sqgetGlobalVar($name, &$value, $search = SQ_INORDER) {
	179	if ( !check_php_version(4,1) ) {
27d0841c	180	global $_SESSION, $_GET, $_POST, $_COOKIE, $_SERVER;
4cd8ae7d	181	}
	182
	183	switch ($search) {
	184	/* we want the default case to be first here,
	185	so that if a valid value isn't specified,
	186	all three arrays will be searched. */
38c5d600	187	default:
	188	case 'SQ_INORDER':
	189	case 'SQ_SESSION':
4cd8ae7d	190	if( isset($_SESSION[$name]) ) {
	191	$value = $_SESSION[$name];
	192	return TRUE;
	193	} elseif ( $search == SQ_SESSION ) {
	194	break;
	195	}
38c5d600	196	case 'SQ_POST':
4cd8ae7d	197	if( isset($_POST[$name]) ) {
	198	$value = $_POST[$name];
	199	return TRUE;
	200	} elseif ( $search == SQ_POST ) {
	201	break;
	202	}
38c5d600	203	case 'SQ_GET':
4cd8ae7d	204	if ( isset($_GET[$name]) ) {
	205	$value = $_GET[$name];
	206	return TRUE;
27d0841c	207	}
38c5d600	208	/* NO IF HERE. FOR SQ_INORDER CASE, EXIT after GET */
27d0841c	209	break;
38c5d600	210	case 'SQ_COOKIE':
27d0841c	211	if ( isset($_COOKIE[$name]) ) {
	212	$value = $_COOKIE[$name];
	213	return TRUE;
	214	}
	215	break;
38c5d600	216	case 'SQ_SERVER':
27d0841c	217	if ( isset($_SERVER[$name]) ) {
	218	$value = $_SERVER[$name];
	219	return TRUE;
	220	}
	221	break;
4cd8ae7d	222	}
	223	return FALSE;
	224	}
	225
513db22c	226	function sqsession_destroy() {
242342d0	227
281c3d5b	228	/*
	229	* php.net says we can kill the cookie by setting just the name:
	230	* http://www.php.net/manual/en/function.setcookie.php
	231	* maybe this will help fix the session merging again.
	232	*
	233	* Changed the theory on this to kill the cookies first starting
	234	* a new session will provide a new session for all instances of
	235	* the browser, we don't want that, as that is what is causing the
	236	* merging of sessions.
	237	*/
242342d0	238
f9902ccb	239	global $base_uri;
f31687f6	240
	241	if (isset($_COOKIE[session_name()])) setcookie(session_name(), '', time() - 5, $base_uri);
	242	if (isset($_COOKIE['username'])) setcookie('username','',time() - 5,$base_uri);
	243	if (isset($_COOKIE['key'])) setcookie('key','',time() - 5,$base_uri);
281c3d5b	244
	245	$sessid = session_id();
	246	if (!empty( $sessid )) {
	247	if ( !check_php_version(4,1) ) {
	248	global $HTTP_SESSION_VARS;
	249	$HTTP_SESSION_VARS = array();
	250	} else {
	251	$_SESSION = array();
	252	}
	253	@session_destroy;
242342d0	254	}
242342d0	255
281c3d5b	256	}
242342d0	257
281c3d5b	258	/*
	259	* Function to verify a session has been started. If it hasn't
	260	* start a session up. php.net doesn't tell you that $_SESSION
	261	* (even though autoglobal), is not created unless a session is
	262	* started, unlike $_POST, $_GET and such
	263	*/
	264
	265	function sqsession_is_active() {
	266
	267	$sessid = session_id();
	268	if ( empty( $sessid ) ) {
	269	session_start();
	270	}
513db22c	271	}
513db22c	272
281c3d5b	273
61d9ec71	274	?>