* It also has some session register functions that work across various
* php versions.
*
- * @copyright 1999-2009 The SquirrelMail Project Team
+ * @copyright 1999-2021 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
* executed will be returned.
*
*/
-function sq_call_function_suppress_errors($function, $args=NULL) {
+function sq_call_function_suppress_errors($function, $args=array()) {
global $sm_debug_mode;
$display_errors = ini_get('display_errors');
function sqsetcookie($sName, $sValue='deleted', $iExpire=0, $sPath="", $sDomain="",
$bSecure=false, $bHttpOnly=true, $bReplace=false) {
+ // some environments can get overwhelmed by an excessive
+ // setting of the same cookie over and over (e.g., many
+ // calls to this function via sqsession_is_active() result
+ // in repeated setting of the session cookie when $bReplace
+ // is FALSE, but something odd happens (during login only)
+ // if we change that to default TRUE) ... so we keep our own
+ // naive per-request name/value cache and only set the cookie
+ // if its value is changing (or never seen before)
+ static $cookies = array();
+ if (isset($cookies[$sName]) && $cookies[$sName] === $sValue)
+ return;
+ else
+ $cookies[$sName] = $sValue;
+
+
// if we have a secure connection then limit the cookies to https only.
global $is_secure_connection;
if ($sName && $is_secure_connection)
/**
* php_self
*
- * Creates an URL for the page calling this function, using either the PHP global
- * REQUEST_URI, or the PHP global PHP_SELF with QUERY_STRING added. Before 1.5.1
- * function was stored in function/strings.php.
+ * Attempts to determine the path and filename and any arguments
+ * for the currently executing script. This is usually found in
+ * $_SERVER['REQUEST_URI'], but some environments may differ, so
+ * this function tries to standardize this value.
+ *
+ * Note that before SquirrelMail version 1.5.1, this function was
+ * stored in function/strings.php.
*
- * @return string the complete url for this page
* @since 1.2.3
+ * @return string The path, filename and any arguments for the
+ * current script
*/
-function php_self () {
- // PHP 4.4.4 apparently gives the wrong value here - missing the query string
- // this code is commented out in the 1.4.x code, so we'll do the same here
- //if ( sqgetGlobalVar('REQUEST_URI', $req_uri, SQ_SERVER) && !empty($req_uri) ) {
- // return $req_uri;
- //}
+function php_self($with_query_string=TRUE) {
- if ( sqgetGlobalVar('PHP_SELF', $php_self, SQ_SERVER) && !empty($php_self) ) {
+ static $request_uri = '';
+ if (!empty($request_uri))
+ return ($with_query_string ? $request_uri : (strpos($request_uri, '?') !== FALSE ? substr($request_uri, 0, strpos($request_uri, '?')) : $request_uri));
- // need to add query string to end of PHP_SELF to match REQUEST_URI
- //
- if ( sqgetGlobalVar('QUERY_STRING', $query_string, SQ_SERVER) && !empty($query_string) ) {
- $php_self .= '?' . $query_string;
- }
+ // first try $_SERVER['PHP_SELF'], which seems most reliable
+ // (albeit it usually won't include the query string)
+ //
+ $request_uri = '';
+ if (!sqgetGlobalVar('PHP_SELF', $request_uri, SQ_SERVER)
+ || empty($request_uri)) {
+
+ // well, then let's try $_SERVER['REQUEST_URI']
+ //
+ $request_uri = '';
+ if (!sqgetGlobalVar('REQUEST_URI', $request_uri, SQ_SERVER)
+ || empty($request_uri)) {
+
+ // TODO: anyone have any other ideas? maybe $_SERVER['SCRIPT_NAME']???
+ //
+ return '';
+ }
- return $php_self;
}
- return '';
+ // we may or may not have any query arguments, depending on
+ // which environment variable was used above, and the PHP
+ // version, etc., so let's check for it now
+ //
+ $query_string = '';
+ if (strpos($request_uri, '?') === FALSE
+ && sqgetGlobalVar('QUERY_STRING', $query_string, SQ_SERVER)
+ && !empty($query_string)) {
+
+ $request_uri .= '?' . $query_string;
+ }
+
+ global $php_self_pattern, $php_self_replacement;
+ if (!empty($php_self_pattern))
+ $request_uri = preg_replace($php_self_pattern, $php_self_replacement, $request_uri);
+ return ($with_query_string ? $request_uri : (strpos($request_uri, '?') !== FALSE ? substr($request_uri, 0, strpos($request_uri, '?')) : $request_uri));
+
}
/**
- * Sanitize a value using htmlspecialchars() or similar, but also
- * recursively run htmlspecialchars() (or similar) on array keys
+ * Sanitize a value using sm_encode_html_special_chars() or similar, but also
+ * recursively run sm_encode_html_special_chars() (or similar) on array keys
* and values.
*
* If $value is not a string or an array with strings in it,
if ($quote_style === TRUE)
return str_replace(array('\'', '"'), array(''', '"'), $value);
else
- return htmlspecialchars($value, $quote_style);
+ return sm_encode_html_special_chars($value, $quote_style);
}
// anything else gets returned with no changes