From 388c855c699ae69a8060d6e1409cfa56570b0e87 Mon Sep 17 00:00:00 2001
From: kink <kink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Thu, 5 Dec 2002 11:32:27 +0000
Subject: [PATCH] Fix by Martin Schulze of Debian. Please note, this is not a
 solution to the recently reported xxs problem.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@4211 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 functions/global.php | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/functions/global.php b/functions/global.php
index ee8478e5..a2b146ff 100644
--- a/functions/global.php
+++ b/functions/global.php
@@ -13,10 +13,11 @@
  * $Id$
  */
 
-# If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
-# Force magic_quotes_runtime off.
-# chilts@birdbrained.org - I put it here in the hopes that all SM code includes this.
-# If there's a better place, please let me know.
+/* If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
+ * Force magic_quotes_runtime off.
+ * chilts@birdbrained.org - I put it here in the hopes that all SM code includes this.
+ * If there's a better place, please let me know.
+ */
 ini_set('magic_quotes_runtime','0');
 
 /* convert old-style superglobals to current method
@@ -50,7 +51,7 @@ if (get_magic_quotes_gpc()) {
    This fixes hand crafted url XXS expoits for any
    page that uses PHP_SELF as the FORM action */
 
-strip_tags($_SERVER['PHP_SELF']);
+$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
 
 /* returns true if current php version is at mimimum a.b.c */
 function check_php_version ($a = '0', $b = '0', $c = '0')             
-- 
2.25.1