functions/global.php

   1 <?php
   2
   3 /**
   4  * globals.php
   5  *
   6  * Copyright (c) 1999-2002 The SquirrelMail Project Team
   7  * Licensed under the GNU GPL. For full terms see the file COPYING.
   8  *
   9  * This includes code to update < 4.1.0 globals to the newer format
  10  * It also has some session register functions that work across various
  11  * php versions.
  12  *
  13  * $Id$
  14  */
  15
  16 /* If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
  17  * Force magic_quotes_runtime off.
  18  * chilts@birdbrained.org - I put it here in the hopes that all SM code includes this.
  19  * If there's a better place, please let me know.
  20  */
  21 ini_set('magic_quotes_runtime','0');
  22
  23 /* convert old-style superglobals to current method
  24  * this is executed if you are running PHP 4.0.x.
  25  * it is run via a require_once directive in validate.php
  26  * and redirect.php. Patch submitted by Ray Black.
  27  */
  28
  29 if ( !check_php_version(4,1) ) {
  30   global $_COOKIE, $_ENV, $_FILES, $_GET, $_POST, $_SERVER, $_SESSION;
  31   global $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_GET_VARS,
  32          $HTTP_POST_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS;
  33   $_COOKIE  =& $HTTP_COOKIE_VARS;
  34   $_ENV     =& $HTTP_ENV_VARS;
  35   $_FILES   =& $HTTP_POST_FILES;
  36   $_GET     =& $HTTP_GET_VARS;
  37   $_POST    =& $HTTP_POST_VARS;
  38   $_SERVER  =& $HTTP_SERVER_VARS;
  39   $_SESSION =& $HTTP_SESSION_VARS;
  40 }
  41
  42 /* if running with magic_quotes_gpc then strip the slashes
  43    from POST and GET global arrays */
  44
  45 if (get_magic_quotes_gpc()) {
  46     sqstripslashes($_GET);
  47     sqstripslashes($_POST);
  48 }
  49
  50 /* strip any tags added to the url from PHP_SELF.
  51    This fixes hand crafted url XXS expoits for any
  52    page that uses PHP_SELF as the FORM action */
  53
  54 $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
  55
  56 /* returns true if current php version is at mimimum a.b.c */
  57 function check_php_version ($a = '0', $b = '0', $c = '0')
  58 {
  59     global $SQ_PHP_VERSION;
  60
  61     if(!isset($SQ_PHP_VERSION))
  62         $SQ_PHP_VERSION = substr( str_pad( preg_replace('/\D/','', PHP_VERSION), 3, '0'), 0, 3);
  63
  64     return $SQ_PHP_VERSION >= ($a.$b.$c);
  65 }
  66
  67 /* recursively strip slashes from the values of an array */
  68 function sqstripslashes(&$array) {
  69     if(count($array) > 0) {
  70         foreach ($array as $index=>$value) {
  71             if (is_array($array[$index])) {
  72                 sqstripslashes($array[$index]);
  73             }
  74             else {
  75                 $array[$index] = stripslashes($value);
  76             }
  77         }
  78     }
  79 }
  80
  81 function sqsession_register ($var, $name) {
  82
  83     sqsession_is_active();
  84
  85     if ( !check_php_version(4,1) ) {
  86         global $HTTP_SESSION_VARS;
  87         $HTTP_SESSION_VARS[$name] = $var;
  88     }
  89     else {
  90         $_SESSION["$name"] = $var;
  91     }
  92     session_register("$name");
  93 }
  94
  95 function sqsession_unregister ($name) {
  96
  97     sqsession_is_active();
  98
  99     if ( !check_php_version(4,1) ) {
 100         global $HTTP_SESSION_VARS;
 101         unset($HTTP_SESSION_VARS[$name]);
 102     }
 103     else {
 104         unset($_SESSION[$name]);
 105     }
 106     session_unregister("$name");
 107 }
 108
 109 function sqsession_is_registered ($name) {
 110     $test_name = &$name;
 111     $result = false;
 112     if ( !check_php_version(4,1) ) {
 113         global $HTTP_SESSION_VARS;
 114         if (isset($HTTP_SESSION_VARS[$test_name])) {
 115             $result = true;
 116         }
 117     }
 118     else {
 119         if (isset($_SESSION[$test_name])) {
 120             $result = true;
 121         }
 122     }
 123     return $result;
 124 }
 125
 126
 127 /**
 128  *  Search for the var $name in $_SESSION, $_POST, $_GET
 129  *  (in that order) and register it as a global var.
 130  */
 131 function sqextractGlobalVar ($name) {
 132     if ( !check_php_version(4,1) ) {
 133         global $_SESSION, $_GET, $_POST;
 134     }
 135     global  $$name;
 136     if( isset($_SESSION[$name]) ) {
 137         $$name = $_SESSION[$name];
 138     }
 139     if( isset($_POST[$name]) ) {
 140         $$name = $_POST[$name];
 141     }
 142     else if ( isset($_GET[$name]) ) {
 143         $$name =  $_GET[$name];
 144     }
 145 }
 146
 147 function sqsession_destroy() {
 148
 149     /*
 150      * php.net says we can kill the cookie by setting just the name:
 151      * http://www.php.net/manual/en/function.setcookie.php
 152      * maybe this will help fix the session merging again.
 153      *
 154      * Changed the theory on this to kill the cookies first starting
 155      * a new session will provide a new session for all instances of
 156      * the browser, we don't want that, as that is what is causing the
 157      * merging of sessions.
 158      */
 159
 160     setcookie(session_name());
 161     setcookie('username');
 162     setcookie('key');
 163
 164     $sessid = session_id();
 165     if (!empty( $sessid )) {
 166         if ( !check_php_version(4,1) ) {
 167             global $HTTP_SESSION_VARS;
 168             $HTTP_SESSION_VARS = array();
 169         } else {
 170             $_SESSION = array();
 171         }
 172         @session_destroy;
 173     }
 174
 175 }
 176
 177 /*
 178  * Function to verify a session has been started.  If it hasn't
 179  * start a session up.  php.net doesn't tell you that $_SESSION
 180  * (even though autoglobal), is not created unless a session is
 181  * started, unlike $_POST, $_GET and such
 182  */
 183
 184 function sqsession_is_active() {
 185
 186     $sessid = session_id();
 187     if ( empty( $sessid ) ) {
 188         session_start();
 189     }
 190 }
 191
 192
 193 ?>