6 * Copyright (c) 1999-2002 The SquirrelMail Project Team
7 * Licensed under the GNU GPL. For full terms see the file COPYING.
9 * This includes code to update < 4.1.0 globals to the newer format
10 * It also has two session register functions that work across various
17 /* convert old-style superglobals to current method
18 * this is executed if you are running PHP 4.0.x.
19 * it is run via a require_once directive in validate.php
20 * and redirect.php. Patch submitted by Ray Black.
23 if ( (float)substr(PHP_VERSION
,0,3) < 4.1 ) {
24 global $_COOKIE, $_ENV, $_FILES, $_GET, $_POST, $_SERVER, $_SESSION;
25 global $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_GET_VARS,
26 $HTTP_POST_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS;
27 $_COOKIE =& $HTTP_COOKIE_VARS;
28 $_ENV =& $HTTP_ENV_VARS;
29 $_FILES =& $HTTP_POST_FILES;
30 $_GET =& $HTTP_GET_VARS;
31 $_POST =& $HTTP_POST_VARS;
32 $_SERVER =& $HTTP_SERVER_VARS;
33 $_SESSION =& $HTTP_SESSION_VARS;
36 /* if running with register_globals = 0 and
37 magic_quotes_gpc then strip the slashes
38 from POST and GET global arrays */
40 if (get_magic_quotes_gpc()) {
41 if (ini_get('register_globals') == 0) {
42 sqstripslashes($_GET);
43 sqstripslashes($_POST);
47 /* strip any tags added to the url from PHP_SELF.
48 This fixes hand crafted url XXS expoits for any
49 page that uses PHP_SELF as the FORM action */
51 strip_tags($_SERVER['PHP_SELF']);
53 function sqstripslashes(&$array) {
54 foreach ($array as $index=>$value) {
55 if (is_array($array["$index"])) {
56 sqstripslashes($array["$index"]);
59 $array["$index"] = stripslashes($value);
64 function sqsession_register ($var, $name) {
65 $rg = ini_get('register_globals');
66 if ( (float)substr(PHP_VERSION
,0,3) < 4.1 && empty($rg)) {
67 global $HTTP_SESSION_VARS;
68 $HTTP_SESSION_VARS["$name"] = $var;
71 session_register("$name");
74 function sqsession_unregister ($name) {
75 $rg = ini_get('register_globals');
76 if ( (float)substr(PHP_VERSION
,0,3) < 4.1 && empty($rg)) {
77 global $HTTP_SESSION_VARS;
78 unset($HTTP_SESSION_VARS["$name"]);
81 session_unregister("$name");
86 * Search for the var $name in $_SESSION, $_POST, $_GET
87 * (in that order) and register it as a global var.
89 function sqextractGlobalVar ($name) {
90 if ( (float)substr(PHP_VERSION
,0,3) < 4.1 ) {
91 global $_SESSION, $_GET, $_POST;
94 if( isset($_SESSION[$name]) ) {
95 $
$name = $_SESSION[$name];
97 if( isset($_POST[$name]) ) {
98 $
$name = $_POST[$name];
100 else if ( isset($_GET[$name]) ) {
101 $
$name = $_GET[$name];
105 function sqsession_destroy() {
108 if ( (float)substr(PHP_VERSION
, 0 , 3) < 4.1) {
109 global $HTTP_SESSION_VARS;
110 $HTTP_SESSION_VARS = array();
117 * now reset cookies to 5 seconds ago to delete from browser
121 $cookie_params = session_get_cookie_params();
122 setcookie(session_name(), '', time() - 5, $cookie_params['path'],
123 $cookie_params['domain']);
124 setcookie('username', '', time() - 5, $base_uri);
125 setcookie('key', '', time() - 5 , $base_uri);