X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=functions%2Fglobal.php;h=7e22864ddda305fa03494ed10ed55ac284866145;hp=6344ddcb7282ef22f7d595fedb75ee368803d294;hb=b1fbb25f561e6b151f7cf72744b03253f8d395fb;hpb=d6c32258c05219670ab3b4ae2d460d844ea9a247 diff --git a/functions/global.php b/functions/global.php index 6344ddcb..7e22864d 100644 --- a/functions/global.php +++ b/functions/global.php @@ -3,116 +3,77 @@ /** * global.php * - * Copyright (c) 1999-2003 The SquirrelMail Project Team - * Licensed under the GNU GPL. For full terms see the file COPYING. - * - * This includes code to update < 4.1.0 globals to the newer format + * This includes code to update < 4.1.0 globals to the newer format * It also has some session register functions that work across various - * php versions. + * php versions. * - * $Id$ + * @copyright 1999-2012 The SquirrelMail Project Team + * @license http://opensource.org/licenses/gpl-license.php GNU Public License + * @version $Id$ * @package squirrelmail */ -/** Bring in the config file. */ -require_once(SM_PATH . 'config/config.php'); - -/** set the name of the session cookie */ -if(isset($session_name) && $session_name) { - ini_set('session.name' , $session_name); -} else { - ini_set('session.name' , 'SQMSESSID'); -} - -/** If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways. - * Force magic_quotes_runtime off. - * tassium@squirrelmail.org - I put it here in the hopes that all SM code includes this. - * If there's a better place, please let me know. - */ -ini_set('magic_quotes_runtime','0'); - -/* Since we decided all IMAP servers must implement the UID command as defined in - * the IMAP RFC, we force $uid_support to be on. +/** + * These constants are used in the function sqgetGlobalVar(). See + * sqgetGlobalVar() for a description of what they mean. + * + * @since 1.4.0 */ +define('SQ_INORDER',0); +define('SQ_GET',1); +define('SQ_POST',2); +define('SQ_SESSION',3); +define('SQ_COOKIE',4); +define('SQ_SERVER',5); +define('SQ_FORM',6); -global $uid_support; -$uid_support = true; - -sqsession_is_active(); - -/* convert old-style superglobals to current method - * this is executed if you are running PHP 4.0.x. - * it is run via a require_once directive in validate.php - * and redirect.php. Patch submitted by Ray Black. - */ - -if ( !check_php_version(4,1) ) { - global $_COOKIE, $_ENV, $_FILES, $_GET, $_POST, $_SERVER, $_SESSION; - global $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_GET_VARS, - $HTTP_POST_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $PHP_SELF; - $_COOKIE =& $HTTP_COOKIE_VARS; - $_ENV =& $HTTP_ENV_VARS; - $_FILES =& $HTTP_POST_FILES; - $_GET =& $HTTP_GET_VARS; - $_POST =& $HTTP_POST_VARS; - $_SERVER =& $HTTP_SERVER_VARS; - $_SESSION =& $HTTP_SESSION_VARS; - if (!isset($PHP_SELF) || empty($PHP_SELF)) { - $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF']; - } -} - -/* if running with magic_quotes_gpc then strip the slashes - from POST and GET global arrays */ - -if (get_magic_quotes_gpc()) { - sqstripslashes($_GET); - sqstripslashes($_POST); -} - -/* strip any tags added to the url from PHP_SELF. - This fixes hand crafted url XXS expoits for any - page that uses PHP_SELF as the FORM action */ - -$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']); -/** - * returns true if current php version is at mimimum a.b.c - * +/** + * returns true if current php version is at mimimum a.b.c + * * Called: check_php_version(4,1) + * @param int a major version number + * @param int b minor version number + * @param int c release number + * @return bool */ -function check_php_version ($a = '0', $b = '0', $c = '0') +function check_php_version ($a = '0', $b = '0', $c = '0') { - global $SQ_PHP_VERSION; - - if(!isset($SQ_PHP_VERSION)) - $SQ_PHP_VERSION = substr( str_pad( preg_replace('/\D/','', PHP_VERSION), 3, '0'), 0, 3); - - return $SQ_PHP_VERSION >= ($a.$b.$c); + return version_compare ( PHP_VERSION, "$a.$b.$c", 'ge' ); } /** - * returns true if the current internal SM version is at minimum a.b.c - * These are plain integer comparisons, as our internal version is + * returns true if the current internal SM version is at minimum a.b.c + * These are plain integer comparisons, as our internal version is * constructed by us, as an array of 3 ints. * * Called: check_sm_version(1,3,3) + * @param int a major version number + * @param int b minor version number + * @param int c release number + * @return bool */ function check_sm_version($a = 0, $b = 0, $c = 0) { global $SQM_INTERNAL_VERSION; if ( !isset($SQM_INTERNAL_VERSION) || $SQM_INTERNAL_VERSION[0] < $a || - $SQM_INTERNAL_VERSION[1] < $b || - ( $SQM_INTERNAL_VERSION[1] == $b && + ( $SQM_INTERNAL_VERSION[0] == $a && + $SQM_INTERNAL_VERSION[1] < $b) || + ( $SQM_INTERNAL_VERSION[0] == $a && + $SQM_INTERNAL_VERSION[1] == $b && $SQM_INTERNAL_VERSION[2] < $c ) ) { return FALSE; - } - return TRUE; + } + return TRUE; } -/* recursively strip slashes from the values of an array */ +/** + * Recursively strip slashes from the values of an array. + * @param array array the array to strip, passed by reference + * @return void + */ function sqstripslashes(&$array) { if(count($array) > 0) { foreach ($array as $index=>$value) { @@ -126,140 +87,394 @@ function sqstripslashes(&$array) { } } +/** + * Squelch error output to screen (only) for the given function. + * If the SquirrelMail debug mode SM_DEBUG_MODE_ADVANCED is not + * enabled, error output will not go to the log, either. + * + * This provides an alternative to the @ error-suppression + * operator where errors will not be shown in the interface + * but will show up in the server log file (assuming the + * administrator has configured PHP logging). + * + * @since 1.4.12 and 1.5.2 + * + * @param string $function The function to be executed + * @param array $args The arguments to be passed to the function + * (OPTIONAL; default no arguments) + * NOTE: The caller must take extra action if + * the function being called is supposed + * to use any of the parameters by + * reference. In the following example, + * $x is passed by reference and $y is + * passed by value to the "my_func" + * function. + * sq_call_function_suppress_errors('my_func', array(&$x, $y)); + * + * @return mixed The return value, if any, of the function being + * executed will be returned. + * + */ +function sq_call_function_suppress_errors($function, $args=array()) { + global $sm_debug_mode; + + $display_errors = ini_get('display_errors'); + ini_set('display_errors', '0'); + + // if advanced debug mode isn't enabled, don't log the error, either + // + if (!($sm_debug_mode & SM_DEBUG_MODE_ADVANCED)) + $error_reporting = error_reporting(0); + + $ret = call_user_func_array($function, $args); + + if (!($sm_debug_mode & SM_DEBUG_MODE_ADVANCED)) + error_reporting($error_reporting); + + ini_set('display_errors', $display_errors); + return $ret; +} + +/** + * Add a variable to the session. + * @param mixed $var the variable to register + * @param string $name the name to refer to this variable + * @return void + */ function sqsession_register ($var, $name) { sqsession_is_active(); - if ( !check_php_version(4,1) ) { - global $HTTP_SESSION_VARS; - $HTTP_SESSION_VARS[$name] = $var; - } - else { - $_SESSION["$name"] = $var; - } - session_register("$name"); + $_SESSION[$name] = $var; } +/** + * Delete a variable from the session. + * @param string $name the name of the var to delete + * @return void + */ function sqsession_unregister ($name) { sqsession_is_active(); - if ( !check_php_version(4,1) ) { - global $HTTP_SESSION_VARS; - unset($HTTP_SESSION_VARS[$name]); - } - else { - unset($_SESSION[$name]); - } - session_unregister("$name"); + unset($_SESSION[$name]); + + // starts throwing warnings in PHP 5.3.0 and is + // removed in PHP 6 and is redundant anyway + //session_unregister("$name"); } +/** + * Checks to see if a variable has already been registered + * in the session. + * @param string $name the name of the var to check + * @return bool whether the var has been registered + */ function sqsession_is_registered ($name) { $test_name = &$name; $result = false; - if ( !check_php_version(4,1) ) { - global $HTTP_SESSION_VARS; - if (isset($HTTP_SESSION_VARS[$test_name])) { - $result = true; - } + + if (isset($_SESSION[$test_name])) { + $result = true; } - else { - if (isset($_SESSION[$test_name])) { - $result = true; + + return $result; +} + + +/** + * Retrieves a form variable, from a set of possible similarly named + * form variables, based on finding a different, single field. This + * is intended to allow more than one same-named inputs in a single + *