X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=functions%2Fglobal.php;h=bd984edaca80f980716c85fc99d4f8e96c462350;hp=b9d63097676b9ba9bc4bafa85376d3ee88d4e86d;hb=45ca696232838b8cf8d6069f5fa2740b61dcc340;hpb=d7c82551df7a28530139681c44a283836be6b6fc diff --git a/functions/global.php b/functions/global.php index b9d63097..bd984eda 100644 --- a/functions/global.php +++ b/functions/global.php @@ -1,144 +1,998 @@ 0) { + foreach ($array as $index=>$value) { + if (is_array($array[$index])) { + sqstripslashes($array[$index]); + } + else { + $array[$index] = stripslashes($value); + } + } + } +} + +/** + * Add a variable to the session. + * @param mixed $var the variable to register + * @param string $name the name to refer to this variable + * @return void + */ +function sqsession_register ($var, $name) { + + sqsession_is_active(); + + $_SESSION[$name] = $var; +} + +/** + * Delete a variable from the session. + * @param string $name the name of the var to delete + * @return void */ +function sqsession_unregister ($name) { + sqsession_is_active(); -/* convert old-style superglobals to current method - * this is executed if you are running PHP 4.0.x. - * it is run via a require_once directive in validate.php - * and redirect.php. Patch submitted by Ray Black. - */ + unset($_SESSION[$name]); -if ( (float)substr(PHP_VERSION,0,3) < 4.1 ) { - global $_COOKIE, $_ENV, $_FILES, $_GET, $_POST, $_SERVER, $_SESSION; - global $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_GET_VARS, - $HTTP_POST_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS; - $_COOKIE =& $HTTP_COOKIE_VARS; - $_ENV =& $HTTP_ENV_VARS; - $_FILES =& $HTTP_POST_FILES; - $_GET =& $HTTP_GET_VARS; - $_POST =& $HTTP_POST_VARS; - $_SERVER =& $HTTP_SERVER_VARS; - $_SESSION =& $HTTP_SESSION_VARS; + session_unregister("$name"); } -/* if running with register_globals = 0 and - magic_quotes_gpc then strip the slashes - from POST and GET global arrays */ +/** + * Checks to see if a variable has already been registered + * in the session. + * @param string $name the name of the var to check + * @return bool whether the var has been registered + */ +function sqsession_is_registered ($name) { + $test_name = &$name; + $result = false; -if (get_magic_quotes_gpc()) { - if (ini_get('register_globals') == 0) { - sqstripslashes($_GET); - sqstripslashes($_POST); + if (isset($_SESSION[$test_name])) { + $result = true; } + + return $result; } -/* strip any tags added to the url from PHP_SELF. - This fixes hand crafted url XXS expoits for any - page that uses PHP_SELF as the FORM action */ -strip_tags($_SERVER['PHP_SELF']); +/** + * Retrieves a form variable, from a set of possible similarly named + * form variables, based on finding a different, single field. This + * is intended to allow more than one same-named inputs in a single + *