X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=functions%2Fglobal.php;h=be2e1a2eba9b3c17a6ee540b5bcf177c456edfca;hp=5d0c0b831e4bc3c16d24870ad92194cdb840bc21;hb=c53195bbbf00d53343b5b33c35f43f75bb2646a9;hpb=d930613a5baaab3bff31e2d01cb835d52d0dc7e9 diff --git a/functions/global.php b/functions/global.php index 5d0c0b83..be2e1a2e 100644 --- a/functions/global.php +++ b/functions/global.php @@ -7,7 +7,7 @@ * It also has some session register functions that work across various * php versions. * - * @copyright 1999-2009 The SquirrelMail Project Team + * @copyright 1999-2021 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail @@ -589,6 +589,21 @@ function sqsession_start() { function sqsetcookie($sName, $sValue='deleted', $iExpire=0, $sPath="", $sDomain="", $bSecure=false, $bHttpOnly=true, $bReplace=false) { + // some environments can get overwhelmed by an excessive + // setting of the same cookie over and over (e.g., many + // calls to this function via sqsession_is_active() result + // in repeated setting of the session cookie when $bReplace + // is FALSE, but something odd happens (during login only) + // if we change that to default TRUE) ... so we keep our own + // naive per-request name/value cache and only set the cookie + // if its value is changing (or never seen before) + static $cookies = array(); + if (isset($cookies[$sName]) && $cookies[$sName] === $sValue) + return; + else + $cookies[$sName] = $sValue; + + // if we have a secure connection then limit the cookies to https only. global $is_secure_connection; if ($sName && $is_secure_connection) @@ -682,9 +697,11 @@ if (!function_exists('session_regenerate_id')) { * @return string The path, filename and any arguments for the * current script */ -function php_self() { +function php_self($with_query_string=TRUE) { - $request_uri = ''; + static $request_uri = ''; + if (!empty($request_uri)) + return ($with_query_string ? $request_uri : (strpos($request_uri, '?') !== FALSE ? substr($request_uri, 0, strpos($request_uri, '?')) : $request_uri)); // first try $_SERVER['PHP_SELF'], which seems most reliable // (albeit it usually won't include the query string) @@ -718,7 +735,10 @@ function php_self() { $request_uri .= '?' . $query_string; } - return $request_uri; + global $php_self_pattern, $php_self_replacement; + if (!empty($php_self_pattern)) + $request_uri = preg_replace($php_self_pattern, $php_self_replacement, $request_uri); + return ($with_query_string ? $request_uri : (strpos($request_uri, '?') !== FALSE ? substr($request_uri, 0, strpos($request_uri, '?')) : $request_uri)); } @@ -764,8 +784,8 @@ function sm_print_r() { /** - * Sanitize a value using htmlspecialchars() or similar, but also - * recursively run htmlspecialchars() (or similar) on array keys + * Sanitize a value using sm_encode_html_special_chars() or similar, but also + * recursively run sm_encode_html_special_chars() (or similar) on array keys * and values. * * If $value is not a string or an array with strings in it, @@ -811,7 +831,7 @@ function sq_htmlspecialchars($value, $quote_style=ENT_QUOTES) { if ($quote_style === TRUE) return str_replace(array('\'', '"'), array(''', '"'), $value); else - return htmlspecialchars($value, $quote_style); + return sm_encode_html_special_chars($value, $quote_style); } // anything else gets returned with no changes