Add FIXME

[squirrelmail.git] / functions / global.php

diff --git a/functions/global.php b/functions/global.php
index 36ee51a58011f14d01512ac8177b22f0adfd712b..92a3705ecb343388958431594b2d30a3b895fe34 100644 (file)
--- a/functions/global.php
+++ b/functions/global.php
@@ -7,7 +7,7 @@
  * It also has some session register functions that work across various
  * php versions.
  *
- * @copyright © 1999-2007 The SquirrelMail Project Team
+ * @copyright © 1999-2009 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -155,7 +155,9 @@ function sqsession_unregister ($name) {
 
     unset($_SESSION[$name]);
 
-    session_unregister("$name");
+    // starts throwing warnings in PHP 5.3.0 and is
+    // removed in PHP 6 and is redundant anyway
+    //session_unregister("$name");
 }
 
 /**
@@ -340,6 +342,9 @@ function sqgetGlobalVar($name, &$value, $search = SQ_INORDER, $default = NULL, $
             case SQ_TYPE_INT: $value = (int) $value; break;
             case SQ_TYPE_STRING: $value = (string) $value; break;
             case SQ_TYPE_BOOL: $value = (bool) $value; break;
+            case SQ_TYPE_BIGINT:
+                $value = (preg_match('/^[0-9]+$/', $value) ? $value : '0');
+                break;
             default: break;
         }
     } else if (!$result && !is_null($default)) {
@@ -437,9 +442,29 @@ function sqsession_destroy() {
 
     global $base_uri, $_COOKIE, $_SESSION;
 
-    if (isset($_COOKIE[session_name()]) && session_name()) sqsetcookie(session_name(), $_COOKIE[session_name()], 1, $base_uri);
+    if (isset($_COOKIE[session_name()]) && session_name()) {
+        sqsetcookie(session_name(), $_COOKIE[session_name()], 1, $base_uri);
+
+        /*
+         * Make sure to kill /src and /src/ cookies, just in case there are
+         * some left-over or malicious ones set in user's browser.
+         * NB: Note that an attacker could try to plant a cookie for one
+         *     of the /plugins/* directories.  Such cookies can block
+         *     access to certain plugin pages, but they do not influence
+         *     or fixate the $base_uri cookie, so we don't worry about
+         *     trying to delete all of them here.
+         */
+        sqsetcookie(session_name(), $_COOKIE[session_name()], 1, $base_uri . 'src');
+        sqsetcookie(session_name(), $_COOKIE[session_name()], 1, $base_uri . 'src/');
+    }
+
     if (isset($_COOKIE['key']) && $_COOKIE['key']) sqsetcookie('key','SQMTRASH',1,$base_uri);
 
+    /* Make sure new session id is generated on subsequent session_start() */
+    unset($_COOKIE[session_name()]);
+    unset($_GET[session_name()]);
+    unset($_POST[session_name()]);
+
     $sessid = session_id();
     if (!empty( $sessid )) {
         $_SESSION = array();
@@ -555,6 +580,7 @@ function sqsetcookie($sName, $sValue='deleted', $iExpire=0, $sPath="", $sDomain=
  * session_regenerate_id replacement for PHP < 4.3.2
  *
  * This code is borrowed from Gallery, session.php version 1.53.2.1
+FIXME: I saw this code on php.net (in the manual); that's where it comes from originally, but I don't think we need it - it's just redundant to all the hard work we already did seeding the random number generator IMO.  I think we can just call to GenerateRandomString() and dump the rest.
  */
 if (!function_exists('session_regenerate_id')) {