+/**
+ * Function to start the session and store the cookie with the session_id as
+ * HttpOnly cookie which means that the cookie isn't accessible by javascript
+ * (IE6 only)
+ */
+function sqsession_start() {
+ global $PHP_SELF;
+
+ $dirs = array('|src/.*|', '|plugins/.*|', '|functions/.*|');
+ $repl = array('', '', '');
+ $base_uri = preg_replace($dirs, $repl, $PHP_SELF);
+
+
+ session_start();
+ $sessid = session_id();
+ // session_starts sets the sessionid cookie buth without the httponly var
+ // setting the cookie again sets the httponly cookie attribute
+ sqsetcookie(session_name(),$sessid,false,$base_uri);
+}
+
+
+/**
+ * Set a cookie
+ * @param string $sName The name of the cookie.
+ * @param string $sValue The value of the cookie.
+ * @param int $iExpire The time the cookie expires. This is a Unix timestamp so is in number of seconds since the epoch.
+ * @param string $sPath The path on the server in which the cookie will be available on.
+ * @param string $sDomain The domain that the cookie is available.
+ * @param boolean $bSecure Indicates that the cookie should only be transmitted over a secure HTTPS connection.
+ * @param boolean $bHttpOnly Disallow JS to access the cookie (IE6 only)
+ * @return void
+ */
+function sqsetcookie($sName,$sValue,$iExpire=false,$sPath="",$sDomain="",$bSecure=false,$bHttpOnly=true) {
+ $sHeader = "Set-Cookie: $sName=$sValue";
+ if ($sPath) {
+ $sHeader .= "; path=$sPath";
+ }
+ if ($iExpire !== false) {
+ $sHeader .= "; Max-Age=$iExpire";
+ // php uses Expire header, also add the expire header
+ $sHeader .= "; expires=". gmdate("r",$iExpire);
+ }
+ if ($sDomain) {
+ $sHeader .= "; Domain=$sDomain";
+ }
+ if ($bSecure) {
+ $sHeader .= "; Secure";
+ }
+ if ($bHttpOnly) {
+ $sHeader .= "; HttpOnly";
+ }
+ // $sHeader .= "; Version=1";
+
+ header($sHeader);
+}
+
+/**
+ * php_self
+ *
+ * Creates an URL for the page calling this function, using either the PHP global
+ * REQUEST_URI, or the PHP global PHP_SELF with QUERY_STRING added. Before 1.5.1
+ * function was stored in function/strings.php.
+ *
+ * @return string the complete url for this page
+ * @since 1.2.3
+ */
+function php_self () {
+ if ( sqgetGlobalVar('REQUEST_URI', $req_uri, SQ_SERVER) && !empty($req_uri) ) {
+ return $req_uri;
+ }
+
+ if ( sqgetGlobalVar('PHP_SELF', $php_self, SQ_SERVER) && !empty($php_self) ) {
+
+ // need to add query string to end of PHP_SELF to match REQUEST_URI
+ //
+ if ( sqgetGlobalVar('QUERY_STRING', $query_string, SQ_SERVER) && !empty($query_string) ) {
+ $php_self .= '?' . $query_string;
+ }
+
+ return $php_self;
+ }
+
+ return '';
+}
+
+/** set the name of the session cookie */
+if(isset($session_name) && $session_name) {
+ ini_set('session.name' , $session_name);
+} else {
+ ini_set('session.name' , 'SQMSESSID');
+}
+
+/**
+ * If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
+ * Force magic_quotes_runtime off.
+ * tassium@squirrelmail.org - I put it here in the hopes that all SM code includes this.
+ * If there's a better place, please let me know.
+ */
+ini_set('magic_quotes_runtime','0');
+
+/* Since we decided all IMAP servers must implement the UID command as defined in
+ * the IMAP RFC, we force $uid_support to be on.
+ */
+
+global $uid_support;
+$uid_support = true;
+
+/* if running with magic_quotes_gpc then strip the slashes
+ from POST and GET global arrays */
+if (get_magic_quotes_gpc()) {
+ sqstripslashes($_GET);
+ sqstripslashes($_POST);
+}