a2b146fff15fd2db130c1c04a8b3fc1a95003c51
[squirrelmail.git] / functions / global.php
1 <?php
2
3 /**
4 * globals.php
5 *
6 * Copyright (c) 1999-2002 The SquirrelMail Project Team
7 * Licensed under the GNU GPL. For full terms see the file COPYING.
8 *
9 * This includes code to update < 4.1.0 globals to the newer format
10 * It also has some session register functions that work across various
11 * php versions.
12 *
13 * $Id$
14 */
15
16 /* If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
17 * Force magic_quotes_runtime off.
18 * chilts@birdbrained.org - I put it here in the hopes that all SM code includes this.
19 * If there's a better place, please let me know.
20 */
21 ini_set('magic_quotes_runtime','0');
22
23 /* convert old-style superglobals to current method
24 * this is executed if you are running PHP 4.0.x.
25 * it is run via a require_once directive in validate.php
26 * and redirect.php. Patch submitted by Ray Black.
27 */
28
29 if ( !check_php_version(4,1) ) {
30 global $_COOKIE, $_ENV, $_FILES, $_GET, $_POST, $_SERVER, $_SESSION;
31 global $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_GET_VARS,
32 $HTTP_POST_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS;
33 $_COOKIE =& $HTTP_COOKIE_VARS;
34 $_ENV =& $HTTP_ENV_VARS;
35 $_FILES =& $HTTP_POST_FILES;
36 $_GET =& $HTTP_GET_VARS;
37 $_POST =& $HTTP_POST_VARS;
38 $_SERVER =& $HTTP_SERVER_VARS;
39 $_SESSION =& $HTTP_SESSION_VARS;
40 }
41
42 /* if running with magic_quotes_gpc then strip the slashes
43 from POST and GET global arrays */
44
45 if (get_magic_quotes_gpc()) {
46 sqstripslashes($_GET);
47 sqstripslashes($_POST);
48 }
49
50 /* strip any tags added to the url from PHP_SELF.
51 This fixes hand crafted url XXS expoits for any
52 page that uses PHP_SELF as the FORM action */
53
54 $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
55
56 /* returns true if current php version is at mimimum a.b.c */
57 function check_php_version ($a = '0', $b = '0', $c = '0')
58 {
59 global $SQ_PHP_VERSION;
60
61 if(!isset($SQ_PHP_VERSION))
62 $SQ_PHP_VERSION = substr( str_pad( preg_replace('/\D/','', PHP_VERSION), 3, '0'), 0, 3);
63
64 return $SQ_PHP_VERSION >= ($a.$b.$c);
65 }
66
67 /* recursively strip slashes from the values of an array */
68 function sqstripslashes(&$array) {
69 if(count($array) > 0) {
70 foreach ($array as $index=>$value) {
71 if (is_array($array[$index])) {
72 sqstripslashes($array[$index]);
73 }
74 else {
75 $array[$index] = stripslashes($value);
76 }
77 }
78 }
79 }
80
81 function sqsession_register ($var, $name) {
82 if ( !check_php_version(4,1) ) {
83 global $HTTP_SESSION_VARS;
84 $HTTP_SESSION_VARS[$name] = $var;
85 }
86 else {
87 $_SESSION["$name"] = $var;
88 }
89 session_register("$name");
90 }
91
92 function sqsession_unregister ($name) {
93 if ( !check_php_version(4,1) ) {
94 global $HTTP_SESSION_VARS;
95 unset($HTTP_SESSION_VARS[$name]);
96 }
97 else {
98 unset($_SESSION[$name]);
99 }
100 session_unregister("$name");
101 }
102
103 function sqsession_is_registered ($name) {
104 $test_name = &$name;
105 $result = false;
106 if ( !check_php_version(4,1) ) {
107 global $HTTP_SESSION_VARS;
108 if (isset($HTTP_SESSION_VARS[$test_name])) {
109 $result = true;
110 }
111 }
112 else {
113 if (isset($_SESSION[$test_name])) {
114 $result = true;
115 }
116 }
117 return $result;
118 }
119
120
121 /**
122 * Search for the var $name in $_SESSION, $_POST, $_GET
123 * (in that order) and register it as a global var.
124 */
125 function sqextractGlobalVar ($name) {
126 if ( !check_php_version(4,1) ) {
127 global $_SESSION, $_GET, $_POST;
128 }
129 global $$name;
130 if( isset($_SESSION[$name]) ) {
131 $$name = $_SESSION[$name];
132 }
133 if( isset($_POST[$name]) ) {
134 $$name = $_POST[$name];
135 }
136 else if ( isset($_GET[$name]) ) {
137 $$name = $_GET[$name];
138 }
139 }
140
141 function sqsession_destroy() {
142 global $base_uri;
143
144 /* start session to be able to destroy it later */
145 session_start();
146
147 if ( !check_php_version(4,1) ) {
148 global $HTTP_SESSION_VARS;
149 $HTTP_SESSION_VARS = array();
150 }
151 else {
152 $_SESSION = array();
153 }
154
155 /*
156 * now reset cookies to 5 seconds ago to delete from browser
157 */
158
159 @session_destroy();
160 $cookie_params = session_get_cookie_params();
161 setcookie(session_name(), '', time() - 5, $cookie_params['path'],
162 $cookie_params['domain']);
163 setcookie('username', '', time() - 5, $base_uri);
164 setcookie('key', '', time() - 5 , $base_uri);
165 }
166
167 ?>