* All incoming form values now have stripslashes() ran on them automatically
authorfidian <fidian@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Sat, 3 Feb 2001 16:58:14 +0000 (16:58 +0000)
committerfidian <fidian@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Sat, 3 Feb 2001 16:58:14 +0000 (16:58 +0000)
  (if PHP escaped them) if you include strings.php
* Removed sqStripSlahes (no need anymore)
* Completely fixed problem with some data needing escapes, some not, and some
  accidentally getting escaped twice (often in compose.php).

To use:
* Load strings.php at the beginning of your script
* All form variables are accessable as globals (as usual), but are without
  the escape backslashes (if PHP put any in).

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@1050 7612ce4b-ef26-0410-bec9-ea0150e637f0

13 files changed:
functions/mime.php
functions/page_header.php
functions/smtp.php
functions/strings.php
src/addrbook_search_html.php
src/compose.php
src/download.php
src/folders_create.php
src/folders_delete.php
src/folders_rename_do.php
src/folders_rename_getname.php
src/options.php
src/read_body.php

index 2af69c7..0731f7b 100644 (file)
       if (($body_message->header->type0 == "text") || 
           ($body_message->header->type0 == "rfc822")) {
    
-         $body = mime_fetch_body ($imap_stream, $id, $ent_num); 
+         $body = mime_fetch_body ($imap_stream, $id, $ent_num);
          $body = decodeBody($body, $body_message->header->encoding);
    
          // If there are other types that shouldn't be formatted, add
index 28852d5..0a9e40b 100644 (file)
@@ -62,7 +62,6 @@
 
       /** Here is the header and wrapping table **/
       $shortBoxName = readShortMailboxName($mailbox, ".");
-      $shortBoxName = sqStripSlashes($shortBoxName);
       echo "<A NAME=pagetop></A>\n";
       echo "<TABLE BGCOLOR=\"$color[4]\" BORDER=0 WIDTH=\"100%\" CELLSPACING=0 CELLPADDING=2>\n";
       echo "   <TR BGCOLOR=\"$color[9]\">\n";
index a6057f7..7fe5e28 100644 (file)
          $bcc_list = getLineOfAddrs($bcc);
 
          /* Encoding 8-bit characters and making from line */
-         $subject = sqStripSlashes(encodeHeader($subject));
+         $subject = encodeHeader($subject);
          if ($from == '')
             $from = "<$from_addr>";
          else
             $body .= "Content-Type: text/plain\r\n";
 
          $body .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
-         $body .= sqStripSlashes($passedBody) . "\r\n\r\n";
+         $body .= $passedBody . "\r\n\r\n";
          fputs ($fp, $body);
 
          $attachmentlength = attachFiles($fp);
          $postbody .= "\r\n--".mimeBoundary()."--\r\n\r\n";
          fputs ($fp, $postbody);
       } else {
-         $body = sqStripSlashes($passedBody) . "\r\n";
+         $body = $passedBody . "\r\n";
          fputs ($fp, $body);
          $postbody = "\r\n";
          fputs ($fp, $postbody);
index f9f2585..b089620 100644 (file)
@@ -3,6 +3,44 @@
    /* $Id$ */
 
    $strings_php = true;
+   
+   // Remove all slashes for form values
+   if (get_magic_quotes_gpc())
+   {
+       global $REQUEST_METHOD;
+       if ($REQUEST_METHOD == "POST")
+       {
+           global $HTTP_POST_VARS;
+          RemoveSlashes($HTTP_POST_VARS);
+       }
+       elseif ($REQUEST_METHOD == "GET")
+       {
+           global $HTTP_GET_VARS;
+          RemoveSlashes($HTTP_GET_VARS);
+       }
+   }
+   
+   
+   function RemoveSlashes($array)
+   {
+       foreach ($array as $k => $v)
+       {
+           global $$k;
+          if (is_array($$k))
+          {
+              foreach ($$k as $k2 => $v2)
+              {
+                  $newArray[stripslashes($k2)] = stripslashes($v2);
+              }
+              $$k = $newArray;
+          }
+          else
+          {
+              $$k = stripslashes($v);
+          }
+       }
+   }
+
 
    //*************************************************************************
    // Count the number of occurances of $needle are in $haystack.
       return $path;    
    }   
 
-   function sqStripSlashes($string) {
-      if (get_magic_quotes_gpc()) {
-         $string = stripslashes($string);
-      }
-      return $string;
-   }
-
 
    // These functions are used to encrypt the passowrd before it is
    // stored in a cookie.
index 2fee39e..fae1d4f 100644 (file)
    // Initialize addressbook
    $abook = addressbook_init();
 
-   $body = sqStripSlashes($body);
-   $send_to = sqStripSlashes($send_to);
-   $send_to_cc = sqStripSlashes($send_to_cc);
-   $send_to_bcc = sqStripSlashes($send_to_bcc);
-   $subject = sqStripSlashes($subject);
-
 ?>
 
 <br>
index 302cab4..8495f7e 100644 (file)
@@ -14,7 +14,7 @@
     **
     ** $Id$
     **/
-
+    
    session_start();
 
    if (!isset($strings_php))
@@ -48,9 +48,9 @@
       global $forward_id, $imapConnection, $msg, $ent_num, $body_ary, $body,
          $reply_id, $send_to, $send_to_cc, $mailbox, $send_to_bcc, $editor_size;
 
-      $send_to = sqStripSlashes(decodeHeader($send_to));
-      $send_to_cc = sqStripSlashes(decodeHeader($send_to_cc));
-      $send_to_bcc = sqStripSlashes(decodeHeader($send_to_bcc));
+      $send_to = decodeHeader($send_to);
+      $send_to_cc = decodeHeader($send_to_cc);
+      $send_to_bcc = decodeHeader($send_to_bcc);
 
       if ($forward_id)
          $id = $forward_id;
          $send_to_bcc, $reply_id, $mailbox, $from_htmladdr_search,
          $location_of_buttons;
 
-      $subject = sqStripSlashes(decodeHeader($subject));
+      $subject = decodeHeader($subject);
       $reply_subj = decodeHeader($reply_subj);
       $forward_subj = decodeHeader($forward_subj);
       
       echo "      </TD><TD BGCOLOR=\"$color[4]\" ALIGN=LEFT>\n";
       if ($reply_subj) {
          $reply_subj = str_replace("\"", "'", $reply_subj);
-         $reply_subj = sqStripSlashes($reply_subj);
          $reply_subj = trim($reply_subj);
          if (substr(strtolower($reply_subj), 0, 3) != "re:")
             $reply_subj = "Re: $reply_subj";
                 htmlspecialchars($reply_subj));
       } else if ($forward_subj) {
          $forward_subj = str_replace("\"", "'", $forward_subj);
-         $forward_subj = sqStripSlashes($forward_subj);
          $forward_subj = trim($forward_subj);
          if ((substr(strtolower($forward_subj), 0, 4) != "fwd:") &&
              (substr(strtolower($forward_subj), 0, 5) != "[fwd:") &&
       is_logged_in();
       displayPageHeader($color, $mailbox);
 
-      $send_to = sqStripSlashes($send_to);
-      $send_to_cc = sqStripSlashes($send_to_cc);
-      $send_to_bcc = sqStripSlashes($send_to_bcc);
-      
       for ($i=0; $i < count($send_to_search); $i++) {
          if ($send_to)
             $send_to .= ", ";
index a5b0382..4a1b061 100644 (file)
             header("Content-type: application/octet-stream; name=\"$filename\"");
             set_up_language(getPref($data_dir, $username, "language"));
             if ($type1 == "plain") {
-               echo _("Subject") . ": " . decodeHeader(sqStripSlashes($top_header->subject)) . "\n";
-               echo "   " . _("From") . ": " . decodeHeader(sqStripSlashes($top_header->from)) . "\n";
-               echo "     " . _("To") . ": " . decodeHeader(sqStripSlashes(getLineOfAddrs($top_header->to))) . "\n";
+               echo _("Subject") . ": " . decodeHeader($top_header->subject) . "\n";
+               echo "   " . _("From") . ": " . decodeHeader($top_header->from) . "\n";
+               echo "     " . _("To") . ": " . decodeHeader(getLineOfAddrs($top_header->to)) . "\n";
                echo "   " . _("Date") . ": " . getLongDateString($top_header->date) . "\n\n";
             }
             echo trim($body);
index 2f4975b..da14604 100644 (file)
@@ -50,7 +50,7 @@
       $subfolder_orig = $subfolder;
    }
 
-   if ((trim($subfolder_orig) == "[ None ]") || (trim(sqStripSlashes($subfolder_orig)) == "[ None ]")) {
+   if ((trim($subfolder_orig) == "[ None ]") || (trim($subfolder_orig) == "[ None ]")) {
       sqimap_mailbox_create ($imapConnection, $folder_prefix.$folder_name, "");
    } else {
       sqimap_mailbox_create ($imapConnection, $subfolder.$dm.$folder_name, "");
index f2b245d..d49be2d 100644 (file)
@@ -37,7 +37,6 @@
    $imap_stream = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
    $boxes = sqimap_mailbox_list ($imap_stream);
    $dm = sqimap_get_delimiter($imap_stream);
-   $mailbox = sqStripSlashes($mailbox);
    
    if (substr($mailbox, -1) == $dm)
       $mailbox_no_dm = substr($mailbox, 0, strlen($mailbox) - 1); 
index 740a96d..7c8bb47 100644 (file)
@@ -44,9 +44,6 @@
    else
       $newone = "$new_name";
 
-   $orig = sqStripSlashes($orig);
-   $newone = sqStripSlashes($newone);
-
    fputs ($imapConnection, ". RENAME \"$orig\" \"$newone\"\r\n");
    $data = sqimap_read_data($imapConnection, ".", true, $a, $b);
 
index 087391b..ca143f9 100644 (file)
@@ -40,8 +40,6 @@
       $old_parent = "";
    }
 
-   $old_name = sqStripSlashes($old_name);
-
    displayPageHeader($color, "None");
    echo "<br><TABLE align=center border=0 WIDTH=95% COLS=1>";
    echo "<TR><TD BGCOLOR=\"$color[0]\" ALIGN=CENTER><B>";
index 8b38ad2..f37155f 100644 (file)
 <?php
    if (isset($submit_personal)) {
       # Save personal information
-      if (isset($full_name)) setPref($data_dir, $username, "full_name", sqStripSlashes($full_name));
-      if (isset($email_address)) setPref($data_dir, $username, "email_address", sqStripSlashes($email_address));
-      if (isset($reply_to)) setPref($data_dir, $username, "reply_to", sqStripSlashes($reply_to));  
-      setPref($data_dir, $username, "use_signature", sqStripSlashes($usesignature));  
-      if (isset($signature_edit)) setSig($data_dir, $username, sqStripSlashes($signature_edit)); 
+      if (isset($full_name)) setPref($data_dir, $username, "full_name", $full_name);
+      if (isset($email_address)) setPref($data_dir, $username, "email_address", $email_address);
+      if (isset($reply_to)) setPref($data_dir, $username, "reply_to", $reply_to);  
+      setPref($data_dir, $username, "use_signature", $usesignature);  
+      if (isset($signature_edit)) setSig($data_dir, $username, $signature_edit);
       
       do_hook("options_personal_save");
       
index 46dac94..cdc1507 100644 (file)
    // $message contains all information about the message
    // including header and body
    $message = sqimap_get_message($imapConnection, $passed_id, $mailbox);
-
+   
    /** translate the subject and mailbox into url-able text **/
-   $url_subj = urlencode(trim(sqStripSlashes($message->header->subject)));
+   $url_subj = urlencode(trim($message->header->subject));
    $urlMailbox = urlencode($mailbox);
    $url_replyto = urlencode($message->header->replyto);