Lots of changes for variable initialization - clean up, really,

for cases where direct referece to vars causes problems with
earlier versions.

we'll see how much I screwed up, too.

src/addrbook_search.php

@@ -21,24 +21,19 @@ define('SM_PATH','../');
 /* SquirrelMail required files. */
 require_once(SM_PATH . 'include/validate.php');
 require_once(SM_PATH . 'functions/strings.php');
+require_once(SM_PATH . 'functions/global.php');
 require_once(SM_PATH . 'functions/html.php');
 
 /* lets get the global vars we may need */
-$key  = $_COOKIE['key'];
-$username = $_SESSION['username'];
-$onetimepad = $_SESSION['onetimepad'];
-$base_uri = $_SESSION['base_uri'];
-
-sqgetGlobalVar('show' , $show);
-if ( isset($_POST['query']) ) {
-    $query = $_POST['query'];
-}
-if ( isset($_POST['listall']) ) {
-    $listall = $_POST['listall'];
-}
-if ( isset($_POST['backend'] ) ) {
-    $backend = $_POST['backend'];
-}
+sqgetGlobalVar('key',       $key,           SQ_COOKIE);
+sqgetGlobalVar('username',  $username,      SQ_SESSION);
+sqgetGlobalVar('onetimepad',$onetimepad,    SQ_SESSION);
+sqgetGlobalVar('base_uri',  $base_uri,      SQ_SESSION);
+
+sqgetGlobalVar('show' ,   $show);
+sqgetGlobalVar('query',   $query,   SQ_POST);
+sqgetGlobalVar('listall', $listall, SQ_POST);
+sqgetGlobalVar('backend', $backend, SQ_POST);
 
 /* Function to include JavaScript code */
 function insert_javascript() {

src/addrbook_search_html.php

@@ -20,6 +20,7 @@ if (! defined('SM_PATH') ) {
 
 /* SquirrelMail required files. */
 require_once(SM_PATH . 'include/validate.php');
+require_once(SM_PATH . 'functions/global.php');
 require_once(SM_PATH . 'functions/date.php');
 require_once(SM_PATH . 'functions/display_messages.php');
 require_once(SM_PATH . 'functions/addressbook.php');
@@ -27,17 +28,11 @@ require_once(SM_PATH . 'functions/plugin.php');
 require_once(SM_PATH . 'functions/strings.php');
 require_once(SM_PATH . 'functions/html.php');
 
-$session = $_POST['session'];
-$mailbox = $_POST['mailbox'];
-if ( isset($_POST['addrquery']) ) {
-    $addrquery = $_POST['addrquery'];
-}
-if ( isset($_POST['listall']) ) {
-    $listall = $_POST['listall'];
-}
-if ( isset($_POST['backend'] ) ) {
-    $backend = $_POST['backend'];
-}
+sqgetGlobalVar('session',   $session,   SQ_POST);
+sqgetGlobalVar('mailbox',   $mailbox,   SQ_POST);
+sqgetGlobalVar('addrquery', $addrquery, SQ_POST);
+sqgetGlobalVar('listall',   $listall,   SQ_POST);
+sqgetGlobalVar('backend',   $backend,   SQ_POST);
 
 /* Insert hidden data */
 function addr_insert_hidden() {

src/addressbook.php

@@ -16,40 +16,28 @@ define('SM_PATH','../');
 
 /* SquirrelMail required files. */
 require_once(SM_PATH . 'include/validate.php');
+require_once(SM_PATH . 'functions/global.php');
 require_once(SM_PATH . 'functions/display_messages.php');
 require_once(SM_PATH . 'functions/addressbook.php');
 require_once(SM_PATH . 'functions/strings.php');
 require_once(SM_PATH . 'functions/html.php');
 
 /* lets get the global vars we may need */
-$key  = $_COOKIE['key'];
+sqgetGlobalVar('key',       $key,           SQ_COOKIE);
 
-$username = $_SESSION['username'];
-$onetimepad = $_SESSION['onetimepad'];
-$base_uri = $_SESSION['base_uri'];
-$delimiter = $_SESSION['delimiter'];
+sqgetGlobalVar('username',  $username,      SQ_SESSION);
+sqgetGlobalVar('onetimepad',$onetimepad,    SQ_SESSION);
+sqgetGlobalVar('base_uri',  $base_uri,      SQ_SESSION);
+sqgetGlobalVar('delimiter', $delimiter,     SQ_SESSION);
 
 /* From the address form */
-if ( isset($_POST['addaddr']) ) {
-    $addaddr = &$_POST['addaddr'];
-}
-if ( isset($_POST['editaddr']) ) {
-    $editaddr = &$_POST['editaddr'];
-}
-if ( isset($_POST['deladdr']) ) {
-    $deladdr = &$_POST['deladdr'];
-}
-$sel = &$_POST['sel'];
-
-if (isset($_POST['oldnick'])) {
-    $oldnick = $_POST['oldnick'];
-}
-if (isset($_POST['backend'])) {
-    $backend = $_POST['backend'];
-}
-if (isset($_POST['doedit'])) {
-    $doedit = $_POST['doedit'];
-}
+sqgetGlobalVar('addaddr',   $addaddr,   SQ_POST);
+sqgetGlobalVar('editaddr',  $editaddr,  SQ_POST);
+sqgetGlobalVar('deladdr',   $deladdr,   SQ_POST);
+sqgetGlobalVar('sel',       $sel,       SQ_POST);
+sqgetGlobalVar('oldnick',   $oldnick,   SQ_POST);
+sqgetGlobalVar('backend',   $backend,   SQ_POST);
+sqgetGlobalVar('doedit',    $doedit,    SQ_POST); 
 
 /* Make an input field */
 function adressbook_inp_field($label, $field, $name, $size, $values, $add) {
@@ -107,7 +95,7 @@ $form_url = 'addressbook.php';
 
 
 /* Handle user's actions */
-if($_SERVER['REQUEST_METHOD'] == 'POST') {
+if(sqgetGlobalVar('REQUEST_METHOD', $req_method, SQ_SERVER) && $req_method == 'POST') {
 
     /**************************************************
      * Add new address                                *

src/compose.php

@@ -22,6 +22,7 @@ define('SM_PATH','../');
 
 /* SquirrelMail required files. */
 require_once(SM_PATH . 'include/validate.php');
+require_once(SM_PATH . 'functions/global.php');
 require_once(SM_PATH . 'functions/imap.php');
 require_once(SM_PATH . 'functions/date.php');
 require_once(SM_PATH . 'functions/mime.php');
@@ -31,17 +32,19 @@ require_once(SM_PATH . 'class/deliver/Deliver.class.php');
 require_once(SM_PATH . 'functions/addressbook.php');
 
 /* --------------------- Get globals ------------------------------------- */
-$username = $_SESSION['username'];
-$onetimepad = $_SESSION['onetimepad'];
-$base_uri = $_SESSION['base_uri'];
-$delimiter = $_SESSION['delimiter'];
+/** COOKIE VARS */
+sqgetGlobalVar('key',       $key,           SQ_COOKIE);
 
-if (isset($_POST['return'])) {
-    $html_addr_search_done = 'Use Addresses';
-}
-if ( isset($_SESSION['composesession']) ) {
-    $composesession = $_SESSION['composesession'];
-}
+/** SESSION VARS */
+sqgetGlobalVar('username',  $username,      SQ_SESSION);
+sqgetGlobalVar('onetimepad',$onetimepad,    SQ_SESSION);
+sqgetGlobalVar('base_uri',  $base_uri,      SQ_SESSION);
+sqgetGlobalVar('delimiter', $delimiter,     SQ_SESSION);
+
+sqgetGlobalVar('composesession',    $composesession,    SQ_SESSION);
+sqgetGlobalVar('compose_messages',  $compose_messages,  SQ_SESSION);
+
+/** SESSION/POST/GET VARS */
 sqgetGlobalVar('action',$action);
 sqgetGlobalVar('session',$session);
 sqgetGlobalVar('mailbox',$mailbox);
@@ -60,46 +63,28 @@ sqgetGlobalVar('passed_id',$passed_id);
 sqgetGlobalVar('passed_ent_id',$passed_ent_id);
 sqgetGlobalVar('send',$send);
 
-if ( isset($_POST['sigappend']) ) {
-    $sigappend = $_POST['sigappend'];
-}
-/* From addressbook search */
-if ( isset($_POST['from_htmladdr_search']) ) {
-    $from_htmladdr_search = $_POST['from_htmladdr_search'];
-}
-if ( isset($_POST['addr_search_done']) ) {
-    $html_addr_search_done = $_POST['addr_search_done'];
-}
-if ( isset($_POST['send_to_search']) ) {
-    $send_to_search = &$_POST['send_to_search'];
-}
-
-/* Attachments */
 sqgetGlobalVar('attach',$attach);
-if ( isset($_POST['do_delete']) ) {
-    $do_delete = $_POST['do_delete'];
-}
-if ( isset($_POST['delete']) ) {
-    $delete = &$_POST['delete'];
-}
-if ( isset($_SESSION['compose_messages']) ) {
-    $compose_messages = &$_SESSION['compose_messages'];
-}
 
-
-/* Forward message as attachment */
-if ( isset($_GET['attachedmessages']) ) {
-    $attachedmessages = $_GET['attachedmessages'];
-}
-
-/* Drafts */
 sqgetGlobalVar('draft',$draft);
 sqgetGlobalVar('draft_id',$draft_id);
 sqgetGlobalVar('ent_num',$ent_num);
 sqgetGlobalVar('saved_draft',$saved_draft);
 sqgetGlobalVar('delete_draft',$delete_draft);
 
-$key = $_COOKIE['key'];
+
+/** POST VARS */
+sqgetGlobalVar('sigappend',             $sigappend,             SQ_POST);
+sqgetGlobalVar('from_htmladdr_search',  $from_htmladdr_search,  SQ_POST);
+sqgetGlobalVar('addr_search_done',      $html_addr_search_done, SQ_POST);
+sqgetGlobalVar('send_to_search',        $send_to_search,        SQ_POST);
+sqgetGlobalVar('do_delete',             $do_delete,             SQ_POST);
+sqgetGlobalVar('delete',                $delete,                SQ_POST);
+if ( sqgetGlobalVar('return', $temp, SQ_POST) ) {
+  $html_addr_search_done = 'Use Addresses';
+}
+
+/** GET VARS */
+sqgetGlobalVar('attachedmessages', $attachedmessages, SQ_GET);
 
 /* --------------------- Specific Functions ------------------------------ */
 
@@ -192,7 +177,7 @@ function getforwardHeader($orig_header) {
  * vars.
  */
 if (sqsession_is_registered('session_expired_post')) {
-    $session_expired_post = $_SESSION['session_expired_post'];
+    sqgetGlobalVar('session_expired_post', $session_expired_post, SQ_SESSION);
     /* 
      * extra check for username so we don't display previous post data from
      * another user during this session.
@@ -1065,9 +1050,10 @@ function showInputForm ($session, $values=false) {
        store the complete ComposeMessages array in a hidden input value 
        so we can restore them in case of a session timeout.
     */
+    sqgetGlobalVar('QUERY_STRING', $queryString, SQ_SERVER);
     echo '<input type=hidden name=restoremessages value="' . urlencode(serialize($compose_messages)) . "\">\n";
     echo '<input type=hidden name=composesession value="' . $composesession . "\">\n";
-    echo '<input type=hidden name=querystring value="' . $_SERVER['QUERY_STRING'] . "\">\n";
+    echo '<input type=hidden name=querystring value="' . $queryString . "\">\n";
     echo '</FORM>';
     if (!(bool) ini_get('file_uploads')) {
       /* File uploads are off, so we didn't show that part of the form.

src/download.php

@@ -24,18 +24,16 @@ header('Pragma: ');
 header('Cache-Control: cache');
 
 /* globals */
-
-$key = $_COOKIE['key'];
-$username = $_SESSION['username'];
-$onetimepad = $_SESSION['onetimepad'];
-$mailbox = $_GET['mailbox'];
-$passed_id = (int) $_GET['passed_id'];
-$ent_id = $_GET['ent_id'];
-$messages = $_SESSION['messages'];
-
-if (isset($_GET['absolute_dl'])) {
-   $absolute_dl = $_GET['absolute_dl'];
-}
+sqgetGlobalVar('key',        $key,          SQ_COOKIE);
+sqgetGlobalVar('username',   $username,     SQ_SESSION);
+sqgetGlobalVar('onetimepad', $onetimepad,   SQ_SESSION);
+sqgetGlobalVar('messages',   $messages,     SQ_SESSION);
+sqgetGlobalVar('mailbox',    $mailbox,      SQ_GET);
+sqgetGlobalVar('ent_id',     $ent_id,       SQ_GET);
+sqgetGlobalVar('absolute_dl',$absolute_dl,  SQ_GET);
+if ( sqgetGlobalVar('passed_id', $temp, SQ_GET) ) {
+  $passed_id = (int) $temp;
+}  
 
 /* end globals */
 $mailbox = urldecode($mailbox);
@@ -149,10 +147,10 @@ mime_print_body_lines ($imapConnection, $passed_id, $ent_id, $encoding);
  * version of IE.  I don't know if it works with Opera, but it should now.
  */
 function DumpHeaders($type0, $type1, $filename, $force) {
-    global $_SERVER, $languages, $squirrelmail_language;
+    global $languages, $squirrelmail_language;
     $isIE = $isIE6 = 0;
 
-    $HTTP_USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
+    sqgetGlobalVar('HTTP_USER_AGENT', $HTTP_USER_AGENT, SQ_SERVER);
 
     if (strstr($HTTP_USER_AGENT, 'compatible; MSIE ') !== false &&
         strstr($HTTP_USER_AGENT, 'Opera') === false) {

src/folders_create.php

@@ -21,17 +21,13 @@ require_once(SM_PATH . 'functions/imap.php');
 require_once(SM_PATH . 'functions/display_messages.php');
 
 /* get globals we may need */
-
-$username = $_SESSION['username'];
-$key = $_COOKIE['key'];
-$delimiter = $_SESSION['delimiter'];
-$onetimepad = $_SESSION['onetimepad'];
-$folder_name = $_POST['folder_name'];
-$subfolder = $_POST['subfolder'];
-if (isset($_POST['contain_subs'])) {
-    $contain_subs = $_POST['contain_subs'];
-}
-
+sqgetGlobalVar('key',          $key,           SQ_COOKIE);
+sqgetGlobalVar('username',     $username,      SQ_SESSION);
+sqgetGlobalVar('onetimepad',   $onetimepad,    SQ_SESSION);
+sqgetGlobalVar('delimiter',    $delimiter,     SQ_SESSION);
+sqgetGlobalVar('folder_name',  $folder_name,   SQ_POST);
+sqgetGlobalVar('subfolder',    $subfolder,     SQ_POST);
+sqgetGlobalVar('contain_subs', $contain_subs,  SQ_POST);
 /* end of get globals */
 
 $folder_name = trim($folder_name);

src/folders_delete.php

@@ -28,13 +28,11 @@ require_once(SM_PATH . 'functions/html.php');
  */
 
 /* globals */
-$username = $_SESSION['username'];
-$key = $_COOKIE['key'];
-$delimiter = $_SESSION['delimiter'];
-$onetimepad = $_SESSION['onetimepad'];
-
-$mailbox = $_POST['mailbox'];
-
+sqgetGlobalVar('key',       $key,           SQ_COOKIE);
+sqgetGlobalVar('username',  $username,      SQ_SESSION);
+sqgetGlobalVar('onetimepad',$onetimepad,    SQ_SESSION);
+sqgetGlobalVar('delimiter', $delimiter,     SQ_SESSION);
+sqgetGlobalVar('mailbox',   $mailbox,       SQ_POST);
 /* end globals */
 
 if ($mailbox == '') {
@@ -45,13 +43,13 @@ if ($mailbox == '') {
     exit;
 }
 
-if (isset($_POST['backingout'])) {
+if ( sqgetGlobalVar('backingout', $tmp, SQ_POST) ) {
     $location = get_location();
     header ("Location: $location/folders.php");
     exit;
 }
 
-if(!isset($_POST['confirmed'])) {
+if( !sqgetGlobalVar('confirmed', $tmp, SQ_POST) ) {
     displayPageHeader($color, 'None');
 
     echo '<br>' .

src/folders_rename_do.php

@@ -21,15 +21,13 @@ require_once(SM_PATH . 'functions/imap.php');
 require_once(SM_PATH . 'functions/display_messages.php');
 
 /* globals */
-$username = $_SESSION['username'];
-$key = $_COOKIE['key'];
-$delimiter = $_SESSION['delimiter'];
-$onetimepad = $_SESSION['onetimepad'];
-
-$orig = $_POST['orig'];
-$old_name = $_POST['old_name'];
-$new_name = $_POST['new_name'];
-
+sqgetGlobalVar('key',       $key,           SQ_COOKIE);
+sqgetGlobalVar('username',  $username,      SQ_SESSION);
+sqgetGlobalVar('delimiter', $delimiter,     SQ_SESSION);
+sqgetGlobalVar('onetimepad',$onetimepad,    SQ_SESSION);
+sqgetGlobalVar('orig',      $orig,          SQ_POST);
+sqgetGlobalVar('old_name',  $old_name,      SQ_POST);
+sqgetGlobalVar('new_name',  $new_name,      SQ_POST);
 /* end globals */
 
 $new_name = trim($new_name);

src/folders_rename_getname.php

@@ -22,14 +22,11 @@ require_once(SM_PATH . 'functions/html.php');
 require_once(SM_PATH . 'functions/display_messages.php');
 
 /* get globals we may need */
-
-$username = $_SESSION['username'];
-$key = $_COOKIE['key'];
-$delimiter = $_SESSION['delimiter'];
-$onetimepad = $_SESSION['onetimepad'];
-
-$old = $_POST['old'];
-    
+sqgetGlobalVar('key',       $key,           SQ_COOKIE);
+sqgetGlobalVar('username',  $username,      SQ_SESSION);
+sqgetGlobalVar('onetimepad',$onetimepad,    SQ_SESSION);
+sqgetGlobalVar('delimiter', $delimiter,     SQ_SESSION);
+sqgetGlobalVar('old',       $old,           SQ_POST);
 /* end of get globals */
 
 if ($old == '') {

src/folders_subscribe.php

@@ -21,13 +21,11 @@ require_once(SM_PATH . 'functions/imap.php');
 require_once(SM_PATH . 'functions/display_messages.php');
 
 /* globals */
-$username = $_SESSION['username'];
-$key = $_COOKIE['key'];
-$onetimepad = $_SESSION['onetimepad'];
-
-$method = $_GET['method'];
-$mailbox = $_POST['mailbox'];
-
+sqgetGlobalVar('key',       $key,           SQ_COOKIE);
+sqgetGlobalVar('username',  $username,      SQ_SESSION);
+sqgetGlobalVar('onetimepad',$onetimepad,    SQ_SESSION);
+sqgetGlobalVar('method',    $method,        SQ_GET);
+sqgetGlobalVar('mailbox',   $mailbox,       SQ_POST);
 /* end globals */
 
 $location = get_location();

src/help.php

@@ -128,13 +128,10 @@ if (file_exists("../help/$squirrelmail_language")) {
  * else see if we can get a relevant chapter from the referer */
 $chapter = 0;
 
-if ( isset( $_GET['chapter'] ) )
-{
-    $chapter = intval( $_GET['chapter']);
-}
-elseif (isset($_SERVER['HTTP_REFERER']))
-{
-    $ref = strtolower($_SERVER['HTTP_REFERER']);
+if ( sqgetGlobalVar('chapter', $temp, SQ_GET) ) {
+    $chapter = (int) $temp;
+} elseif ( sqgetGlobalVar('HTTP_REFERER', $temp, SQ_SERVER) ) {
+    $ref = strtolower($temp);
 
     $contexts = array ( 'src/compose' => 4, 'src/addr' => 5,
         'src/folders' => 6, 'src/options' => 7, 'src/right_main' => 2,

src/image.php

@@ -16,6 +16,7 @@ define('SM_PATH','../');
 
 /* SquirrelMail required files. */
 require_once(SM_PATH . 'include/validate.php');
+require_once(SM_PATH . 'functions/global.php');
 require_once(SM_PATH . 'functions/date.php');
 require_once(SM_PATH . 'functions/page_header.php');
 require_once(SM_PATH . 'functions/html.php');
@@ -24,10 +25,12 @@ require_once(SM_PATH . 'include/load_prefs.php');
 displayPageHeader($color, 'None');
 
 /* globals */
-$mailbox = $_GET['mailbox'];
-$passed_id = (int) $_GET['passed_id'];
-$ent_id = $_GET['ent_id'];
-$QUERY_STRING = $_SERVER['QUERY_STRING'];
+if ( sqgetGlobalVar('passed_id', $temp, SQ_GET) ) {
+  $passed_id = (int) $temp;
+}
+sqgetGlobalVar('mailbox',       $mailbox,       SQ_GET);
+sqgetGlobalVar('ent_id',        $ent_id,        SQ_GET);
+sqgetGlobalVar('QUERY_STRING',  $QUERY_STRING,  SQ_SERVER);
 /* end globals */
 
 echo '<BR>' . 

src/move_messages.php

@@ -22,11 +22,10 @@ require_once(SM_PATH . 'functions/html.php');
 
 global $compose_new_win;
 
-if (isset($_SESSION['composesession'])) {
-    $composesession = $_SESSION['composesession'];
-} else {
-    $composesession = 0;
-} 
+if ( !sqgetGlobalVar('composesession', $composesession, SQ_SESSION) ) {
+  $composesession = 0;
+}
+
 /* obsolete ?? */
 function putSelectedMessagesIntoString($msg) {
     $j = 0;
@@ -119,57 +118,30 @@ function attachSelectedMessages($msg, $imapConnection) {
 
 
 /* get globals */
+sqgetGlobalVar('key',       $key,           SQ_COOKIE);
+sqgetGlobalVar('username',  $username,      SQ_SESSION);
+sqgetGlobalVar('onetimepad',$onetimepad,    SQ_SESSION);
+sqgetGlobalVar('delimiter', $delimiter,     SQ_SESSION);
+sqgetGlobalVar('base_uri',  $base_uri,      SQ_SESSION);
 
-$username = $_SESSION['username'];
-$key  = $_COOKIE['key'];
-$onetimepad = $_SESSION['onetimepad'];
-$base_uri = $_SESSION['base_uri'];
-$delimiter = $_SESSION['delimiter'];
+sqgetGlobalVar('mailbox', $mailbox);
+sqgetGlobalVar('startMessage', $startMessage);
+sqgetGlobalVar('msg', $msg);
 
-sqGetGlobalVar('mailbox', $mailbox);
-sqGetGlobalVar('startMessage', $startMessage);
-sqGetGlobalVar('msg', $msg);
-
-if (isset($_POST['moveButton'])) {
-    $moveButton = $_POST['moveButton'];
-}
-
-if (isset($_SESSION['msgs'])) {
-    $msgs = $_SESSION['msgs'];
-}
-
-if (isset($_POST['expungeButton'])) {
-    $expungeButton = $_POST['expungeButton'];
-}
-if (isset($_POST['targetMailbox'])) {
-    $targetMailbox = $_POST['targetMailbox'];
-}
-if (isset($_SESSION['lastTargetMailbox'])) {
-    $lastTargetMailbox = $_SESSION['lastTargetMailbox'];
-}
-if (isset($_POST['expungeButton'])) {
-    $expungeButton = $_POST['expungeButton'];
-}
-if (isset($_POST['undeleteButton'])) {
-    $undeleteButton = $_POST['undeleteButton'];
-}
-if (isset($_POST['markRead'])) {
-    $markRead = $_POST['markRead'];
-}
-if (isset($_POST['markUnread'])) {
-    $markUnread = $_POST['markUnread'];
-}
-if (isset($_POST['attache'])) {
-    $attache = $_POST['attache'];
-}
+sqgetGlobalVar('msgs',              $msgs,              SQ_SESSION);
+sqgetGlobalVar('composesession',    $composesession,    SQ_SESSION);
+sqgetGlobalVar('lastTargetMailbox', $lastTargetMailbox, SQ_SESSION);
 
-if (isset($_POST['location'])) {
-    $location = $_POST['location'];
-}
+sqgetGlobalVar('moveButton',      $moveButton,      SQ_POST);
+sqgetGlobalVar('expungeButton',   $expungeButton,   SQ_POST);
+sqgetGlobalVar('targetMailbox',   $targetMailbox,   SQ_POST);
+sqgetGlobalVar('expungeButton',   $expungeButton,   SQ_POST);
+sqgetGlobalVar('undeleteButton',  $undeleteButton,  SQ_POST);
+sqgetGlobalVar('markRead',        $markRead,        SQ_POST);
+sqgetGlobalVar('markUnread',      $markUnread,      SQ_POST);
+sqgetGlobalVar('attache',         $attache,         SQ_POST);
+sqgetGlobalVar('location',        $location,        SQ_POST);
 
-if (isset($_SESSION['composesession'])) {
-    $composesession = $_SESSION['composesession'];
-}
 /* end of get globals */
 
 $imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);

src/options.php

@@ -17,6 +17,7 @@ define('SM_PATH','../');
 
 /* SquirrelMail required files. */
 require_once(SM_PATH . 'include/validate.php');
+require_once(SM_PATH . 'functions/global.php');
 require_once(SM_PATH . 'functions/display_messages.php');
 require_once(SM_PATH . 'functions/imap.php');
 require_once(SM_PATH . 'functions/options.php');
@@ -115,23 +116,14 @@ function print_optionpages_row($leftopt, $rightopt = false) {
 /* ---------------------------- main ---------------------------- */
 
 /* get the globals that we may need */
-if (isset($_GET['optpage'])) {
-    $optpage = $_GET['optpage'];
-}
-elseif (isset($_POST['optpage'])) {
-    $optpage = $_POST['optpage'];
-}
-if (isset($_POST['optmode'])) {
-    $optmode = $_POST['optmode'];
-}
-if (isset($_POST['optpage_data'])) {
-    $optpage_data = $_POST['optpage_data'];
-}
-$username = $_SESSION['username'];
-$key = $_COOKIE['key'];
-$onetimepad = $_SESSION['onetimepad'];
-$delimiter = $_SESSION['delimiter'];
-
+sqgetGlobalVar('key',       $key,           SQ_COOKIE);
+sqgetGlobalVar('username',  $username,      SQ_SESSION);
+sqgetGlobalVar('onetimepad',$onetimepad,    SQ_SESSION);
+sqgetGlobalVar('delimiter', $delimiter,     SQ_SESSION);
+
+sqgetGlobalVar('optpage',     $optpage);
+sqgetGlobalVar('optmode',     $optmode,      SQ_POST);
+sqgetGlobalVar('optpage_data',$optpage_data, SQ_POST);
 /* end of getting globals */
 
 /* Make sure we have an Option Page set. Default to main. */

src/options_identities.php

@@ -16,6 +16,7 @@ define('SM_PATH','../');
 
 /* SquirrelMail required files. */
 require_once(SM_PATH . 'include/validate.php');
+require_once(SM_PATH . 'functions/global.php');
 require_once(SM_PATH . 'functions/display_messages.php');
 require_once(SM_PATH . 'functions/html.php');
 

src/options_order.php

@@ -16,30 +16,18 @@ define('SM_PATH','../');
 
 /* SquirrelMail required files. */
 require_once(SM_PATH . 'include/validate.php');
+require_once(SM_PATH . 'functions/global.php');
 require_once(SM_PATH . 'functions/display_messages.php');
 require_once(SM_PATH . 'functions/imap.php');
 require_once(SM_PATH . 'functions/plugin.php');
 require_once(SM_PATH . 'functions/html.php');
 
 /* get globals */
-if (isset($_GET['num'])) {
-    $num = $_GET['num'];
-}
-if (isset($_GET['method'])) {
-    $method = $_GET['method'];
-}
-elseif (isset($_POST['method'])) {
-    $method = $_POST['method'];
-}
-if (isset($_POST['add'])) {
-    $add = $_POST['add'];
-}
-if (isset($_GET['submit'])) {
-    $submit = $_GET['submit'];
-}
-elseif (isset($_POST['submit'])) {
-    $submit = $_POST['submit'];
-}
+sqgetGlobalVar('num',       $num,       SQ_GET);  
+sqgetGlobalVar('add',       $add,       SQ_POST);
+
+sqgetGlobalVar('submit',    $submit);
+sqgetGlobalVar('method',    $method);
 /* end of get globals */
 
 displayPageHeader($color, 'None');

src/read_body.php

@@ -643,12 +643,12 @@ function formatToolbar($mailbox, $passed_id, $passed_ent_id, $message, $color) {
 
 /* get the globals we may need */
 
-/** SESSION VARS */
+sqgetGlobalVar('key',       $key,           SQ_COOKIE);
 sqgetGlobalVar('username',  $username,      SQ_SESSION);
 sqgetGlobalVar('onetimepad',$onetimepad,    SQ_SESSION);
-sqgetGlobalVar('msgs',      $msgs,          SQ_SESSION);
-sqgetGlobalVar('base_uri',  $base_uri,      SQ_SESSION);
 sqgetGlobalVar('delimiter', $delimiter,     SQ_SESSION);
+sqgetGlobalVar('base_uri',  $base_uri,      SQ_SESSION);
+
 sqgetGlobalVar('msgs',      $msgs,          SQ_SESSION);
 sqgetGlobalVar('msort',     $msort,         SQ_SESSION);
 sqgetGlobalVar('lastTargetMailbox', $lastTargetMailbox, SQ_SESSION);
@@ -657,9 +657,6 @@ if (!sqgetGlobalVar('messages', $messages, SQ_SESSION) ) {
     $messages = array();
 }
 
-/** COOKIE VARS */
-sqgetGlobalVar('key',       $key,           SQ_COOKIE);
-
 /** GET VARS */
 sqgetGlobalVar('sendreceipt',   $sendreceipt,   SQ_GET);
 sqgetGlobalVar('where',         $where,         SQ_GET);

src/redirect.php

@@ -16,6 +16,7 @@
 define('SM_PATH','../');
 
 /* SquirrelMail required files. */
+require_once(SM_PATH . 'functions/global.php');
 require_once(SM_PATH . 'functions/i18n.php');
 require_once(SM_PATH . 'functions/strings.php');
 require_once(SM_PATH . 'config/config.php');
@@ -24,10 +25,9 @@ require_once(SM_PATH . 'functions/imap.php');
 require_once(SM_PATH . 'functions/plugin.php');
 require_once(SM_PATH . 'functions/constants.php');
 require_once(SM_PATH . 'functions/page_header.php');
-require_once(SM_PATH . 'functions/global.php');
 
 // Remove slashes if PHP added them
-$REQUEST_METHOD = $_SERVER['REQUEST_METHOD'];
+sqgetGlobalVar('REQUEST_METHOD', $REQUEST_METHOD, SQ_SERVER);
 if (get_magic_quotes_gpc()) {
     if ($REQUEST_METHOD == 'POST') {
         RemoveSlashes($_POST);
@@ -68,7 +68,7 @@ setcookie('squirrelmail_language', $squirrelmail_language, time()+2592000,
           $base_uri);
 
 if (!isset($login_username)) {
-    include_once( '../functions/display_messages.php' );
+    include_once(SM_PATH .  'functions/display_messages.php' );
     logout_error( _("You must be logged in to access this page.") );    
     exit;
 }
@@ -120,9 +120,9 @@ sqsession_register($attachment_common_types_parsed, 'attachment_common_types_par
 
 $debug = false;
 
-if (isset($_SERVER['HTTP_ACCEPT']) &&
-    !isset($attachment_common_types_parsed[$_SERVER['HTTP_ACCEPT']])) {
-    attachment_common_parse($_SERVER['HTTP_ACCEPT'], $debug);
+if ( sqgetGlobalVar('HTTP_ACCEPT', $http_accept, SQ_SERVER) &&
+    !isset($attachment_common_types_parsed[$http_accept]) ) {
+    attachment_common_parse($http_accept, $debug);
 }
 
 /* Complete autodetection of Javascript. */

src/right_main.php

@@ -41,58 +41,38 @@ require_once(SM_PATH . 'functions/html.php');
 
 
 /* lets get the global vars we may need */
-$username = $_SESSION['username'];
-$key  = $_COOKIE['key'];
-$onetimepad = $_SESSION['onetimepad'];
-$base_uri = $_SESSION['base_uri'];
-$delimiter = $_SESSION['delimiter'];
- 
-if (isset($_GET['startMessage'])) {
-    $startMessage = (int) $_GET['startMessage'];
-} elseif (isset($_POST['startMessage'])) {
-    $startMessage = (int) $_POST['startMessage'];
-}
-if (isset($_GET['mailbox'])) {
-    $mailbox = $_GET['mailbox'];
-} else if (isset($_POST['mailbox'])) {
-    $mailbox = $_POST['mailbox'];
-}
-if (isset($_GET['PG_SHOWNUM'])) {
-    $PG_SHOWNUM = (int) $_GET['PG_SHOWNUM'];
-}
-elseif (isset($_SESSION['PG_SHOWNUM'])) {
-    $PG_SHOWNUM = (int) $_SESSION['PG_SHOWNUM'];
-}
-if (isset($_GET['PG_SHOWALL'])) {
-    $PG_SHOWALL = (int) $_GET['PG_SHOWALL'];
-}
-if (isset($_GET['newsort'])) {
-    $newsort = (int) $_GET['newsort'];
-}
-if (isset($_GET['composenew'])) {
-    $composenew = $_GET['composenew'];
-} else {
-    $composenew = false;
-}
+sqgetGlobalVar('key',       $key,           SQ_COOKIE);
+sqgetGlobalVar('username',  $username,      SQ_SESSION);
+sqgetGlobalVar('onetimepad',$onetimepad,    SQ_SESSION);
+sqgetGlobalVar('delimiter', $delimiter,     SQ_SESSION);
+sqgetGlobalVar('base_uri',  $base_uri,      SQ_SESSION);
 
-if (isset($_GET['checkall'])) {
-    $checkall = (int) $_GET['checkall'];
+sqgetGlobalVar('mailbox',   $mailbox);
+sqgetGlobalVar('lastTargetMailbox', $lastTargetMailbox, SQ_SESSION);
+sqgetGlobalVar('session',           $session,           SQ_GET);
+sqgetGlobalVar('note',              $note,              SQ_GET);
+
+if ( sqgetGlobalVar('startMessage', $temp) ) {
+  $startMessage = (int) $temp;
 }
-if (isset($_GET['set_thread'])) {
-    $set_thread = (int) $_GET['set_thread'];
+if ( sqgetGlobalVar('PG_SHOWNUM', $temp) ) {
+  $PG_SHOWNUM = (int) $temp;
 }
-if (isset($_SESSION['lastTargetMailbox'])) {
-    $lastTargetMailbox =$_SESSION['lastTargetMailbox'];
+if ( sqgetGlobalVar('PG_SHOWALL', $temp, SQ_GET) ) {
+  $PG_SHOWALL = (int) $temp;
 }
-
-if (isset($_GET['session'])) {
-    $session = $_GET['session'];
+if ( sqgetGlobalVar('newsort', $temp, SQ_GET) ) {
+  $newsort = (int) $temp;
 }
-
-if (isset($_GET['note'])) {
-	$note = $_GET['note'];
+if ( sqgetGlobalVar('checkall', $temp, SQ_GET) ) {
+  $checkall = (int) $temp;
+}
+if ( sqgetGlobalVar('set_thread', $temp, SQ_GET) ) {
+  $set_thread = (int) $temp;
+}
+if ( !sqgetGlobalVar('composenew', $composenew, SQ_GET) ) {
+    $composenew = false;
 }
-
 /* end of get globals */
 
 

src/view_header.php

@@ -76,7 +76,8 @@ function parse_viewheader($imapConnection,$id, $passed_ent_id) {
 }
 
 function view_header($header, $mailbox, $color) {
-    $ret_addr = SM_PATH . 'src/read_body.php?'.$_SERVER['QUERY_STRING'];
+    sqgetGlobalVar('QUERY_STRING', $queryStr, SQ_SERVER);
+    $ret_addr = SM_PATH . 'src/read_body.php?'.$queryStr;
 
     displayPageHeader($color, $mailbox);
 
@@ -102,19 +103,19 @@ function view_header($header, $mailbox, $color) {
 }
 
 /* get global vars */
-$passed_id = $_GET['passed_id'];
-$username = $_SESSION['username'];
-$key = $_COOKIE['key'];
-$delimiter = $_SESSION['delimiter'];
-$onetimepad = $_SESSION['onetimepad'];
-
-if (!isset($_GET['passed_ent_id'])) {
-  $passed_ent_id = '';
-} else {
-    $passed_ent_id = $_GET['passed_ent_id'];
+if ( sqgetGlobalVar('passed_id', $temp, SQ_GET) ) {
+  $passed_id = (int) $temp;
 }
-
-$mailbox = urldecode($_GET['mailbox']);
+if ( sqgetGlobalVar('mailbox', $temp, SQ_GET) ) {
+  $mailbox = urldecode($temp);
+}
+if ( !sqgetGlobalVar('passed_ent_id', $passed_ent_id, SQ_GET) ) {
+  $passed_ent_id = '';
+} 
+sqgetGlobalVar('key',        $key,          SQ_COOKIE);
+sqgetGlobalVar('username',   $username,     SQ_SESSION);
+sqgetGlobalVar('onetimepad', $onetimepad,   SQ_SESSION);
+sqgetGlobalVar('delimiter',  $delimiter,    SQ_SESSION);
 
 $imapConnection = sqimap_login($username, $key, $imapServerAddress, 
                                $imapPort, 0);

src/view_text.php

@@ -18,29 +18,30 @@ define('SM_PATH','../');
 
 /* SquirrelMail required files. */
 require_once(SM_PATH . 'include/validate.php');
+require_once(SM_PATH . 'functions/global.php');
 require_once(SM_PATH . 'functions/imap.php');
 require_once(SM_PATH . 'functions/mime.php');
 require_once(SM_PATH . 'functions/html.php');
-   
-$mailbox = urldecode($_GET['mailbox']);
-if (!isset($_GET['passed_ent_id'])) {
-    $passed_ent_id = '';
-} else {
-    $passed_ent_id = $_GET['passed_ent_id'];
+
+sqgetGlobalVar('key',        $key,          SQ_COOKIE);
+sqgetGlobalVar('username',   $username,     SQ_SESSION);
+sqgetGlobalVar('onetimepad', $onetimepad,   SQ_SESSION);
+sqgetGlobalVar('delimiter',  $delimiter,    SQ_SESSION);
+sqgetGlobalVar('QUERY_STRING', $QUERY_STRING, SQ_SERVER);
+sqgetGlobalVar('messages', $messages);
+sqgetGlobalVar('passed_id', $passed_id, SQ_GET);
+
+if ( sqgetGlobalVar('mailbox', $temp, SQ_GET) ) {
+  $mailbox = urldecode($temp);
 }
-$passed_id = $_GET['passed_id'];
-if (isset($_GET['ent_id'])) {
-	$ent_id = $_GET['ent_id'];
-} else {
-	$ent_id = '';
+if ( !sqgetGlobalVar('ent_id', $ent_id, SQ_GET) ) {
+  $ent_id = '';
 }
+if ( !sqgetGlobalVar('passed_ent_id', $passed_ent_id, SQ_GET) ) {
+  $passed_ent_id = '';
+} 
+
 
-$username = $_SESSION['username'];
-$key = $_COOKIE['key'];
-$delimiter = $_SESSION['delimiter'];
-$onetimepad = $_SESSION['onetimepad'];
-$QUERY_STRING = $_SERVER['QUERY_STRING'];
-sqgetGlobalVar('messages', $messages);
 
 $imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
 $mbx_response =  sqimap_mailbox_select($imapConnection, $mailbox);