[squirrelmail.git] / functions / global.php

<?php

/**
 * globals.php
 *
 * Copyright (c) 1999-2002 The SquirrelMail Project Team
 * Licensed under the GNU GPL. For full terms see the file COPYING.
 *
 * This includes code to update < 4.1.0 globals to the newer format 
 * It also has some session register functions that work across various
 * php versions. 
 *
 * $Id$
 */

/* If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
 * Force magic_quotes_runtime off.
 * chilts@birdbrained.org - I put it here in the hopes that all SM code includes this.
 * If there's a better place, please let me know.
 */
ini_set('magic_quotes_runtime','0');

/* convert old-style superglobals to current method
 * this is executed if you are running PHP 4.0.x.
 * it is run via a require_once directive in validate.php 
 * and redirect.php. Patch submitted by Ray Black.
 */ 

if ( !check_php_version(4,1) ) {
  global $_COOKIE, $_ENV, $_FILES, $_GET, $_POST, $_SERVER, $_SESSION;
  global $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_GET_VARS,
         $HTTP_POST_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS;
  $_COOKIE  =& $HTTP_COOKIE_VARS;
  $_ENV     =& $HTTP_ENV_VARS;
  $_FILES   =& $HTTP_POST_FILES;
  $_GET     =& $HTTP_GET_VARS;
  $_POST    =& $HTTP_POST_VARS;
  $_SERVER  =& $HTTP_SERVER_VARS;
  $_SESSION =& $HTTP_SESSION_VARS;
}

/* if running with magic_quotes_gpc then strip the slashes
   from POST and GET global arrays */

if (get_magic_quotes_gpc()) {
    sqstripslashes($_GET);
    sqstripslashes($_POST);
}

/* strip any tags added to the url from PHP_SELF.
   This fixes hand crafted url XXS expoits for any
   page that uses PHP_SELF as the FORM action */

$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);

/* returns true if current php version is at mimimum a.b.c */
function check_php_version ($a = '0', $b = '0', $c = '0')             
{
    global $SQ_PHP_VERSION;

    if(!isset($SQ_PHP_VERSION))
        $SQ_PHP_VERSION = substr( str_pad( preg_replace('/\D/','', PHP_VERSION), 3, '0'), 0, 3);

    return $SQ_PHP_VERSION >= ($a.$b.$c);
}

/* recursively strip slashes from the values of an array */
function sqstripslashes(&$array) {
    if(count($array) > 0) {
        foreach ($array as $index=>$value) {
            if (is_array($array[$index])) {
                sqstripslashes($array[$index]);
            }
            else {
                $array[$index] = stripslashes($value);
            }
        }
    }
}

function sqsession_register ($var, $name) {

    sqsession_is_active();

    if ( !check_php_version(4,1) ) {
        global $HTTP_SESSION_VARS;
        $HTTP_SESSION_VARS[$name] = $var;
    }
    else {
        $_SESSION["$name"] = $var; 
    }
    session_register("$name");
}

function sqsession_unregister ($name) {

    sqsession_is_active();

    if ( !check_php_version(4,1) ) {
        global $HTTP_SESSION_VARS;
        unset($HTTP_SESSION_VARS[$name]);
    }
    else {
        unset($_SESSION[$name]);
    }
    session_unregister("$name");
}

function sqsession_is_registered ($name) {
    $test_name = &$name;
    $result = false;
    if ( !check_php_version(4,1) ) {
        global $HTTP_SESSION_VARS;
        if (isset($HTTP_SESSION_VARS[$test_name])) {
            $result = true;
        }
    }
    else {
        if (isset($_SESSION[$test_name])) {
            $result = true;
        }
    }
    return $result;
}


/**
 *  Search for the var $name in $_SESSION, $_POST, $_GET
 *  (in that order) and register it as a global var.
 */
function sqextractGlobalVar ($name) {
    if ( !check_php_version(4,1) ) {
        global $_SESSION, $_GET, $_POST;
    }
    global  $$name;
    if( isset($_SESSION[$name]) ) {
        $$name = $_SESSION[$name];
    }
    if( isset($_POST[$name]) ) {
        $$name = $_POST[$name];
    }
    else if ( isset($_GET[$name]) ) {
        $$name =  $_GET[$name];
    }
}

function sqsession_destroy() {

    /*
     * php.net says we can kill the cookie by setting just the name:
     * http://www.php.net/manual/en/function.setcookie.php
     * maybe this will help fix the session merging again.
     *
     * Changed the theory on this to kill the cookies first starting
     * a new session will provide a new session for all instances of
     * the browser, we don't want that, as that is what is causing the
     * merging of sessions.
     */

    global $base_uri;

    if (isset($_COOKIE[session_name()])) setcookie(session_name(), '', time() - 5, $base_uri);
    if (isset($_COOKIE['username'])) setcookie('username','',time() - 5,$base_uri);
    if (isset($_COOKIE['key'])) setcookie('key','',time() - 5,$base_uri);

    $sessid = session_id();
    if (!empty( $sessid )) {
        if ( !check_php_version(4,1) ) {
            global $HTTP_SESSION_VARS;
            $HTTP_SESSION_VARS = array();
        } else {
            $_SESSION = array();
        }
        @session_destroy;
    }

}

/*
 * Function to verify a session has been started.  If it hasn't
 * start a session up.  php.net doesn't tell you that $_SESSION
 * (even though autoglobal), is not created unless a session is
 * started, unlike $_POST, $_GET and such
 */

function sqsession_is_active() {

    $sessid = session_id();
    if ( empty( $sessid ) ) {
        session_start();
    }
}


?>
Commit	Line	Data
	1	<?php
	2
	3	/**
	4	* globals.php
	5	*
	6	* Copyright (c) 1999-2002 The SquirrelMail Project Team
	7	* Licensed under the GNU GPL. For full terms see the file COPYING.
	8	*
	9	* This includes code to update < 4.1.0 globals to the newer format
	10	* It also has some session register functions that work across various
	11	* php versions.
	12	*
	13	* $Id$
	14	*/
	15
	16	/* If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
	17	* Force magic_quotes_runtime off.
	18	* chilts@birdbrained.org - I put it here in the hopes that all SM code includes this.
	19	* If there's a better place, please let me know.
	20	*/
	21	ini_set('magic_quotes_runtime','0');
	22
	23	/* convert old-style superglobals to current method
	24	* this is executed if you are running PHP 4.0.x.
	25	* it is run via a require_once directive in validate.php
	26	* and redirect.php. Patch submitted by Ray Black.
	27	*/
	28
	29	if ( !check_php_version(4,1) ) {
	30	global $_COOKIE, $_ENV, $_FILES, $_GET, $_POST, $_SERVER, $_SESSION;
	31	global $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_GET_VARS,
	32	$HTTP_POST_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS;
	33	$_COOKIE =& $HTTP_COOKIE_VARS;
	34	$_ENV =& $HTTP_ENV_VARS;
	35	$_FILES =& $HTTP_POST_FILES;
	36	$_GET =& $HTTP_GET_VARS;
	37	$_POST =& $HTTP_POST_VARS;
	38	$_SERVER =& $HTTP_SERVER_VARS;
	39	$_SESSION =& $HTTP_SESSION_VARS;
	40	}
	41
	42	/* if running with magic_quotes_gpc then strip the slashes
	43	from POST and GET global arrays */
	44
	45	if (get_magic_quotes_gpc()) {
	46	sqstripslashes($_GET);
	47	sqstripslashes($_POST);
	48	}
	49
	50	/* strip any tags added to the url from PHP_SELF.
	51	This fixes hand crafted url XXS expoits for any
	52	page that uses PHP_SELF as the FORM action */
	53
	54	$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
	55
	56	/* returns true if current php version is at mimimum a.b.c */
	57	function check_php_version ($a = '0', $b = '0', $c = '0')
	58	{
	59	global $SQ_PHP_VERSION;
	60
	61	if(!isset($SQ_PHP_VERSION))
	62	$SQ_PHP_VERSION = substr( str_pad( preg_replace('/\D/','', PHP_VERSION), 3, '0'), 0, 3);
	63
	64	return $SQ_PHP_VERSION >= ($a.$b.$c);
	65	}
	66
	67	/* recursively strip slashes from the values of an array */
	68	function sqstripslashes(&$array) {
	69	if(count($array) > 0) {
	70	foreach ($array as $index=>$value) {
	71	if (is_array($array[$index])) {
	72	sqstripslashes($array[$index]);
	73	}
	74	else {
	75	$array[$index] = stripslashes($value);
	76	}
	77	}
	78	}
	79	}
	80
	81	function sqsession_register ($var, $name) {
	82
	83	sqsession_is_active();
	84
	85	if ( !check_php_version(4,1) ) {
	86	global $HTTP_SESSION_VARS;
	87	$HTTP_SESSION_VARS[$name] = $var;
	88	}
	89	else {
	90	$_SESSION["$name"] = $var;
	91	}
	92	session_register("$name");
	93	}
	94
	95	function sqsession_unregister ($name) {
	96
	97	sqsession_is_active();
	98
	99	if ( !check_php_version(4,1) ) {
	100	global $HTTP_SESSION_VARS;
	101	unset($HTTP_SESSION_VARS[$name]);
	102	}
	103	else {
	104	unset($_SESSION[$name]);
	105	}
	106	session_unregister("$name");
	107	}
	108
	109	function sqsession_is_registered ($name) {
	110	$test_name = &$name;
	111	$result = false;
	112	if ( !check_php_version(4,1) ) {
	113	global $HTTP_SESSION_VARS;
	114	if (isset($HTTP_SESSION_VARS[$test_name])) {
	115	$result = true;
	116	}
	117	}
	118	else {
	119	if (isset($_SESSION[$test_name])) {
	120	$result = true;
	121	}
	122	}
	123	return $result;
	124	}
	125
	126
	127	/**
	128	* Search for the var $name in $_SESSION, $_POST, $_GET
	129	* (in that order) and register it as a global var.
	130	*/
	131	function sqextractGlobalVar ($name) {
	132	if ( !check_php_version(4,1) ) {
	133	global $_SESSION, $_GET, $_POST;
	134	}
	135	global $$name;
	136	if( isset($_SESSION[$name]) ) {
	137	$$name = $_SESSION[$name];
	138	}
	139	if( isset($_POST[$name]) ) {
	140	$$name = $_POST[$name];
	141	}
	142	else if ( isset($_GET[$name]) ) {
	143	$$name = $_GET[$name];
	144	}
	145	}
	146
	147	function sqsession_destroy() {
	148
	149	/*
	150	* php.net says we can kill the cookie by setting just the name:
	151	* http://www.php.net/manual/en/function.setcookie.php
	152	* maybe this will help fix the session merging again.
	153	*
	154	* Changed the theory on this to kill the cookies first starting
	155	* a new session will provide a new session for all instances of
	156	* the browser, we don't want that, as that is what is causing the
	157	* merging of sessions.
	158	*/
	159
	160	global $base_uri;
	161
	162	if (isset($_COOKIE[session_name()])) setcookie(session_name(), '', time() - 5, $base_uri);
	163	if (isset($_COOKIE['username'])) setcookie('username','',time() - 5,$base_uri);
	164	if (isset($_COOKIE['key'])) setcookie('key','',time() - 5,$base_uri);
	165
	166	$sessid = session_id();
	167	if (!empty( $sessid )) {
	168	if ( !check_php_version(4,1) ) {
	169	global $HTTP_SESSION_VARS;
	170	$HTTP_SESSION_VARS = array();
	171	} else {
	172	$_SESSION = array();
	173	}
	174	@session_destroy;
	175	}
	176
	177	}
	178
	179	/*
	180	* Function to verify a session has been started. If it hasn't
	181	* start a session up. php.net doesn't tell you that $_SESSION
	182	* (even though autoglobal), is not created unless a session is
	183	* started, unlike $_POST, $_GET and such
	184	*/
	185
	186	function sqsession_is_active() {
	187
	188	$sessid = session_id();
	189	if ( empty( $sessid ) ) {
	190	session_start();
	191	}
	192	}
	193
	194
	195	?>