global.php 5.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195
  1. <?php
  2. /**
  3. * globals.php
  4. *
  5. * Copyright (c) 1999-2002 The SquirrelMail Project Team
  6. * Licensed under the GNU GPL. For full terms see the file COPYING.
  7. *
  8. * This includes code to update < 4.1.0 globals to the newer format
  9. * It also has some session register functions that work across various
  10. * php versions.
  11. *
  12. * $Id$
  13. */
  14. /* If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
  15. * Force magic_quotes_runtime off.
  16. * chilts@birdbrained.org - I put it here in the hopes that all SM code includes this.
  17. * If there's a better place, please let me know.
  18. */
  19. ini_set('magic_quotes_runtime','0');
  20. /* convert old-style superglobals to current method
  21. * this is executed if you are running PHP 4.0.x.
  22. * it is run via a require_once directive in validate.php
  23. * and redirect.php. Patch submitted by Ray Black.
  24. */
  25. if ( !check_php_version(4,1) ) {
  26. global $_COOKIE, $_ENV, $_FILES, $_GET, $_POST, $_SERVER, $_SESSION;
  27. global $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_GET_VARS,
  28. $HTTP_POST_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS;
  29. $_COOKIE =& $HTTP_COOKIE_VARS;
  30. $_ENV =& $HTTP_ENV_VARS;
  31. $_FILES =& $HTTP_POST_FILES;
  32. $_GET =& $HTTP_GET_VARS;
  33. $_POST =& $HTTP_POST_VARS;
  34. $_SERVER =& $HTTP_SERVER_VARS;
  35. $_SESSION =& $HTTP_SESSION_VARS;
  36. }
  37. /* if running with magic_quotes_gpc then strip the slashes
  38. from POST and GET global arrays */
  39. if (get_magic_quotes_gpc()) {
  40. sqstripslashes($_GET);
  41. sqstripslashes($_POST);
  42. }
  43. /* strip any tags added to the url from PHP_SELF.
  44. This fixes hand crafted url XXS expoits for any
  45. page that uses PHP_SELF as the FORM action */
  46. $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
  47. /* returns true if current php version is at mimimum a.b.c */
  48. function check_php_version ($a = '0', $b = '0', $c = '0')
  49. {
  50. global $SQ_PHP_VERSION;
  51. if(!isset($SQ_PHP_VERSION))
  52. $SQ_PHP_VERSION = substr( str_pad( preg_replace('/\D/','', PHP_VERSION), 3, '0'), 0, 3);
  53. return $SQ_PHP_VERSION >= ($a.$b.$c);
  54. }
  55. /* recursively strip slashes from the values of an array */
  56. function sqstripslashes(&$array) {
  57. if(count($array) > 0) {
  58. foreach ($array as $index=>$value) {
  59. if (is_array($array[$index])) {
  60. sqstripslashes($array[$index]);
  61. }
  62. else {
  63. $array[$index] = stripslashes($value);
  64. }
  65. }
  66. }
  67. }
  68. function sqsession_register ($var, $name) {
  69. sqsession_is_active();
  70. if ( !check_php_version(4,1) ) {
  71. global $HTTP_SESSION_VARS;
  72. $HTTP_SESSION_VARS[$name] = $var;
  73. }
  74. else {
  75. $_SESSION["$name"] = $var;
  76. }
  77. session_register("$name");
  78. }
  79. function sqsession_unregister ($name) {
  80. sqsession_is_active();
  81. if ( !check_php_version(4,1) ) {
  82. global $HTTP_SESSION_VARS;
  83. unset($HTTP_SESSION_VARS[$name]);
  84. }
  85. else {
  86. unset($_SESSION[$name]);
  87. }
  88. session_unregister("$name");
  89. }
  90. function sqsession_is_registered ($name) {
  91. $test_name = &$name;
  92. $result = false;
  93. if ( !check_php_version(4,1) ) {
  94. global $HTTP_SESSION_VARS;
  95. if (isset($HTTP_SESSION_VARS[$test_name])) {
  96. $result = true;
  97. }
  98. }
  99. else {
  100. if (isset($_SESSION[$test_name])) {
  101. $result = true;
  102. }
  103. }
  104. return $result;
  105. }
  106. /**
  107. * Search for the var $name in $_SESSION, $_POST, $_GET
  108. * (in that order) and register it as a global var.
  109. */
  110. function sqextractGlobalVar ($name) {
  111. if ( !check_php_version(4,1) ) {
  112. global $_SESSION, $_GET, $_POST;
  113. }
  114. global $$name;
  115. if( isset($_SESSION[$name]) ) {
  116. $$name = $_SESSION[$name];
  117. }
  118. if( isset($_POST[$name]) ) {
  119. $$name = $_POST[$name];
  120. }
  121. else if ( isset($_GET[$name]) ) {
  122. $$name = $_GET[$name];
  123. }
  124. }
  125. function sqsession_destroy() {
  126. /*
  127. * php.net says we can kill the cookie by setting just the name:
  128. * http://www.php.net/manual/en/function.setcookie.php
  129. * maybe this will help fix the session merging again.
  130. *
  131. * Changed the theory on this to kill the cookies first starting
  132. * a new session will provide a new session for all instances of
  133. * the browser, we don't want that, as that is what is causing the
  134. * merging of sessions.
  135. */
  136. global $base_uri;
  137. if (isset($_COOKIE[session_name()])) setcookie(session_name(), '', time() - 5, $base_uri);
  138. if (isset($_COOKIE['username'])) setcookie('username','',time() - 5,$base_uri);
  139. if (isset($_COOKIE['key'])) setcookie('key','',time() - 5,$base_uri);
  140. $sessid = session_id();
  141. if (!empty( $sessid )) {
  142. if ( !check_php_version(4,1) ) {
  143. global $HTTP_SESSION_VARS;
  144. $HTTP_SESSION_VARS = array();
  145. } else {
  146. $_SESSION = array();
  147. }
  148. @session_destroy;
  149. }
  150. }
  151. /*
  152. * Function to verify a session has been started. If it hasn't
  153. * start a session up. php.net doesn't tell you that $_SESSION
  154. * (even though autoglobal), is not created unless a session is
  155. * started, unlike $_POST, $_GET and such
  156. */
  157. function sqsession_is_active() {
  158. $sessid = session_id();
  159. if ( empty( $sessid ) ) {
  160. session_start();
  161. }
  162. }
  163. ?>