We use cookies to ensure you get the best experience on our website
ホーム エクスプローラ ヘルプ
登録 サインイン
0ct0pu5
/
squirrelmail
1
0
フォーク 0
ファイル 課題 0 プルリクエスト 0 Wiki
ツリー: a6424e15e8
ブランチ タグ
squirrelmail
/
functions
/
global.php

global.php 8.3 KB
履歴 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * global.php
    5. 

  5.  *
    6. 

  6.  * Copyright (c) 1999-2003 The SquirrelMail Project Team
    7. 

  7.  * Licensed under the GNU GPL. For full terms see the file COPYING.
    8. 

  8.  *
    9. 

  9.  * This includes code to update < 4.1.0 globals to the newer format 
    10. 

  10.  * It also has some session register functions that work across various
    11. 

  11.  * php versions. 
    12. 

  12.  *
    13. 

  13.  * $Id$
    14. 

  14.  */
    15. 

  15. 

  16. require_once(SM_PATH . 'config/config.php');
    17. 

  17. 

  18. /* set the name of the session cookie */
    19. 

  19. if(isset($session_name) && $session_name) {  
    20. 

  20.     ini_set('session.name' , $session_name);  
    21. 

  21. } else {  
    22. 

  22.     ini_set('session.name' , 'SQMSESSID');  
    23. 

  23. }
    24. 

  24. 

  25. /* If magic_quotes_runtime is on, SquirrelMail breaks in new and creative ways.
    26. 

  26.  * Force magic_quotes_runtime off.
    27. 

  27.  * tassium@squirrelmail.org - I put it here in the hopes that all SM code includes this.
    28. 

  28.  * If there's a better place, please let me know.
    29. 

  29.  */
    30. 

  30. ini_set('magic_quotes_runtime','0');
    31. 

  31. 

  32. /* Since we decided all IMAP servers must implement the UID command as defined in
    33. 

  33.  * the IMAP RFC, we force $uid_support to be on.
    34. 

  34.  */
    35. 

  35. 

  36. global $uid_support;
    37. 

  37. $uid_support = true;
    38. 

  38. 

  39. sqsession_is_active();
    40. 

  40. 

  41. /* convert old-style superglobals to current method
    42. 

  42.  * this is executed if you are running PHP 4.0.x.
    43. 

  43.  * it is run via a require_once directive in validate.php 
    44. 

  44.  * and redirect.php. Patch submitted by Ray Black.
    45. 

  45.  */ 
    46. 

  46. 

  47. if ( !check_php_version(4,1) ) {
    48. 

  48.   global $_COOKIE, $_ENV, $_FILES, $_GET, $_POST, $_SERVER, $_SESSION;
    49. 

  49.   global $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_GET_VARS,
    50. 

  50.          $HTTP_POST_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $PHP_SELF;
    51. 

  51.   $_COOKIE  =& $HTTP_COOKIE_VARS;
    52. 

  52.   $_ENV     =& $HTTP_ENV_VARS;
    53. 

  53.   $_FILES   =& $HTTP_POST_FILES;
    54. 

  54.   $_GET     =& $HTTP_GET_VARS;
    55. 

  55.   $_POST    =& $HTTP_POST_VARS;
    56. 

  56.   $_SERVER  =& $HTTP_SERVER_VARS;
    57. 

  57.   $_SESSION =& $HTTP_SESSION_VARS;
    58. 

  58.   if (!isset($PHP_SELF) || empty($PHP_SELF)) {
    59. 

  59.      $PHP_SELF =  $HTTP_SERVER_VARS['PHP_SELF'];
    60. 

  60.   }
    61. 

  61. }
    62. 

  62. 

  63. /* if running with magic_quotes_gpc then strip the slashes
    64. 

  64.    from POST and GET global arrays */
    65. 

  65. 

  66. if (get_magic_quotes_gpc()) {
    67. 

  67.     sqstripslashes($_GET);
    68. 

  68.     sqstripslashes($_POST);
    69. 

  69. }
    70. 

  70. 

  71. /* strip any tags added to the url from PHP_SELF.
    72. 

  72.    This fixes hand crafted url XXS expoits for any
    73. 

  73.    page that uses PHP_SELF as the FORM action */
    74. 

  74. 

  75. $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
    76. 

  76. 

  77. /** 
    78. 

  78.  * returns true if current php version is at mimimum a.b.c 
    79. 

  79.  * 
    80. 

  80.  * Called: check_php_version(4,1)
    81. 

  81.  */
    82. 

  82. function check_php_version ($a = '0', $b = '0', $c = '0')             
    83. 

  83. {
    84. 

  84.     global $SQ_PHP_VERSION;
    85. 

  85.  
    86. 

  86.     if(!isset($SQ_PHP_VERSION))
    87. 

  87.         $SQ_PHP_VERSION = substr( str_pad( preg_replace('/\D/','', PHP_VERSION), 3, '0'), 0, 3);
    88. 

  88. 

  89.     return $SQ_PHP_VERSION >= ($a.$b.$c);
    90. 

  90. }
    91. 

  91. 

  92. /**
    93. 

  93.  * returns true if the current internal SM version is at minimum a.b.c 
    94. 

  94.  * These are plain integer comparisons, as our internal version is 
    95. 

  95.  * constructed by us, as an array of 3 ints.
    96. 

  96.  *
    97. 

  97.  * Called: check_sm_version(1,3,3)
    98. 

  98.  */
    99. 

  99. function check_sm_version($a = 0, $b = 0, $c = 0)
    100. 

  100. {
    101. 

  101.     global $SQM_INTERNAL_VERSION;
    102. 

  102.     if ( !isset($SQM_INTERNAL_VERSION) ||
    103. 

  103.          $SQM_INTERNAL_VERSION[0] < $a ||
    104. 

  104. 	 $SQM_INTERNAL_VERSION[1] < $b ||
    105. 

  105. 	 ( $SQM_INTERNAL_VERSION[1] == $b &&
    106. 

  106.            $SQM_INTERNAL_VERSION[2] < $c ) ) {
    107. 

  107.         return FALSE;
    108. 

  108.     } 
    109. 

  109.     return TRUE;  
    110. 

  110. }
    111. 

  111. 

  112. 

  113. /* recursively strip slashes from the values of an array */
    114. 

  114. function sqstripslashes(&$array) {
    115. 

  115.     if(count($array) > 0) {
    116. 

  116.         foreach ($array as $index=>$value) {
    117. 

  117.             if (is_array($array[$index])) {
    118. 

  118.                 sqstripslashes($array[$index]);
    119. 

  119.             }
    120. 

  120.             else {
    121. 

  121.                 $array[$index] = stripslashes($value);
    122. 

  122.             }
    123. 

  123.         }
    124. 

  124.     }
    125. 

  125. }
    126. 

  126. 

  127. function sqsession_register ($var, $name) {
    128. 

  128. 

  129.     sqsession_is_active();
    130. 

  130. 

  131.     if ( !check_php_version(4,1) ) {
    132. 

  132.         global $HTTP_SESSION_VARS;
    133. 

  133.         $HTTP_SESSION_VARS[$name] = $var;
    134. 

  134.     }
    135. 

  135.     else {
    136. 

  136.         $_SESSION["$name"] = $var; 
    137. 

  137.     }
    138. 

  138.     session_register("$name");
    139. 

  139. }
    140. 

  140. 

  141. function sqsession_unregister ($name) {
    142. 

  142. 

  143.     sqsession_is_active();
    144. 

  144. 

  145.     if ( !check_php_version(4,1) ) {
    146. 

  146.         global $HTTP_SESSION_VARS;
    147. 

  147.         unset($HTTP_SESSION_VARS[$name]);
    148. 

  148.     }
    149. 

  149.     else {
    150. 

  150.         unset($_SESSION[$name]);
    151. 

  151.     }
    152. 

  152.     session_unregister("$name");
    153. 

  153. }
    154. 

  154. 

  155. function sqsession_is_registered ($name) {
    156. 

  156.     $test_name = &$name;
    157. 

  157.     $result = false;
    158. 

  158.     if ( !check_php_version(4,1) ) {
    159. 

  159.         global $HTTP_SESSION_VARS;
    160. 

  160.         if (isset($HTTP_SESSION_VARS[$test_name])) {
    161. 

  161.             $result = true;
    162. 

  162.         }
    163. 

  163.     }
    164. 

  164.     else {
    165. 

  165.         if (isset($_SESSION[$test_name])) {
    166. 

  166.             $result = true;
    167. 

  167.         }
    168. 

  168.     }
    169. 

  169.     return $result;
    170. 

  170. }
    171. 

  171. 

  172. 

  173. define('SQ_INORDER',0);
    174. 

  174. define('SQ_GET',1);
    175. 

  175. define('SQ_POST',2);
    176. 

  176. define('SQ_SESSION',3);
    177. 

  177. define('SQ_COOKIE',4);
    178. 

  178. define('SQ_SERVER',5);
    179. 

  179. define('SQ_FORM',6);
    180. 

  180. 

  181. /**
    182. 

  182.  * Search for the var $name in $_SESSION, $_POST, $_GET,
    183. 

  183.  * $_COOKIE, or $_SERVER and set it in provided var. 
    184. 

  184.  *
    185. 

  185.  * If $search is not provided,  or == SQ_INORDER, it will search
    186. 

  186.  * $_SESSION, then $_POST, then $_GET. Otherwise,
    187. 

  187.  * use one of the defined constants to look for 
    188. 

  188.  * a var in one place specifically.
    189. 

  189.  *
    190. 

  190.  * Note: $search is an int value equal to one of the 
    191. 

  191.  * constants defined above.
    192. 

  192.  *
    193. 

  193.  * example:
    194. 

  194.  *    sqgetGlobalVar('username',$username,SQ_SESSION);
    195. 

  195.  *  -- no quotes around last param!
    196. 

  196.  *
    197. 

  197.  * Returns FALSE if variable is not found.
    198. 

  198.  * Returns TRUE if it is.
    199. 

  199.  */
    200. 

  200. function sqgetGlobalVar($name, &$value, $search = SQ_INORDER) {
    201. 

  201. 

  202.     if ( !check_php_version(4,1) ) {
    203. 

  203.         global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS, 
    204. 

  204.                $HTTP_SERVER_VARS, $HTTP_SESSION_VARS;
    205. 

  205. 

  206.         $_COOKIE  =& $HTTP_COOKIE_VARS;
    207. 

  207.         $_GET     =& $HTTP_GET_VARS;
    208. 

  208.         $_POST    =& $HTTP_POST_VARS;
    209. 

  209.         $_SERVER  =& $HTTP_SERVER_VARS;
    210. 

  210.         $_SESSION =& $HTTP_SESSION_VARS;
    211. 

  211.     }
    212. 

  212. 

  213.     /* NOTE: DO NOT enclose the constants in the switch
    214. 

  214.        statement with quotes. They are constant values,
    215. 

  215.        enclosing them in quotes will cause them to evaluate
    216. 

  216.        as strings. */
    217. 

  217.     switch ($search) {
    218. 

  218.         /* we want the default case to be first here,  
    219. 

  219. 	   so that if a valid value isn't specified, 
    220. 

  220. 	   all three arrays will be searched. */
    221. 

  221.       default:
    222. 

  222.       case SQ_INORDER: // check session, post, get
    223. 

  223.       case SQ_SESSION:
    224. 

  224.         if( isset($_SESSION[$name]) ) {
    225. 

  225.             $value = $_SESSION[$name];
    226. 

  226.             return TRUE;
    227. 

  227.         } elseif ( $search == SQ_SESSION ) {
    228. 

  228.             break;
    229. 

  229.         }
    230. 

  230.       case SQ_FORM:   // check post, get
    231. 

  231.       case SQ_POST:
    232. 

  232.         if( isset($_POST[$name]) ) {
    233. 

  233.             $value = $_POST[$name];
    234. 

  234.             return TRUE;
    235. 

  235.         } elseif ( $search == SQ_POST ) {
    236. 

  236.           break;
    237. 

  237.         }
    238. 

  238.       case SQ_GET:
    239. 

  239.         if ( isset($_GET[$name]) ) {
    240. 

  240.             $value = $_GET[$name];
    241. 

  241.             return TRUE;
    242. 

  242.         } 
    243. 

  243.         /* NO IF HERE. FOR SQ_INORDER CASE, EXIT after GET */
    244. 

  244.         break;
    245. 

  245.       case SQ_COOKIE:
    246. 

  246.         if ( isset($_COOKIE[$name]) ) {
    247. 

  247.             $value = $_COOKIE[$name];
    248. 

  248.             return TRUE; 
    249. 

  249.         }
    250. 

  250.         break;
    251. 

  251.       case SQ_SERVER:
    252. 

  252.         if ( isset($_SERVER[$name]) ) {
    253. 

  253.             $value = $_SERVER[$name];
    254. 

  254.             return TRUE;
    255. 

  255.         }
    256. 

  256.         break;
    257. 

  257.     }
    258. 

  258.     return FALSE;
    259. 

  259. }
    260. 

  260. 

  261. function sqsession_destroy() {
    262. 

  262. 

  263.     /*
    264. 

  264.      * php.net says we can kill the cookie by setting just the name:
    265. 

  265.      * http://www.php.net/manual/en/function.setcookie.php
    266. 

  266.      * maybe this will help fix the session merging again.
    267. 

  267.      *
    268. 

  268.      * Changed the theory on this to kill the cookies first starting
    269. 

  269.      * a new session will provide a new session for all instances of
    270. 

  270.      * the browser, we don't want that, as that is what is causing the
    271. 

  271.      * merging of sessions.
    272. 

  272.      */
    273. 

  273. 

  274.     global $base_uri;
    275. 

  275. 

  276.     if (isset($_COOKIE[session_name()])) setcookie(session_name(), '', time() - 5, $base_uri);
    277. 

  277.     if (isset($_COOKIE['username'])) setcookie('username','',time() - 5,$base_uri);
    278. 

  278.     if (isset($_COOKIE['key'])) setcookie('key','',time() - 5,$base_uri);
    279. 

  279. 

  280.     $sessid = session_id();
    281. 

  281.     if (!empty( $sessid )) {
    282. 

  282.         if ( !check_php_version(4,1) ) {
    283. 

  283.             global $HTTP_SESSION_VARS;
    284. 

  284.             $HTTP_SESSION_VARS = array();
    285. 

  285.         } else {
    286. 

  286.             $_SESSION = array();
    287. 

  287.         }
    288. 

  288.         @session_destroy();
    289. 

  289.     }
    290. 

  290. 

  291. }
    292. 

  292. 

  293. /*
    294. 

  294.  * Function to verify a session has been started.  If it hasn't
    295. 

  295.  * start a session up.  php.net doesn't tell you that $_SESSION
    296. 

  296.  * (even though autoglobal), is not created unless a session is
    297. 

  297.  * started, unlike $_POST, $_GET and such
    298. 

  298.  */
    299. 

  299. 

  300. function sqsession_is_active() {
    301. 

  301. 

  302.     $sessid = session_id();
    303. 

  303.     if ( empty( $sessid ) ) {
    304. 

  304.         session_start();
    305. 

  305.     }
    306. 

  306. }
    307. 

  307. 

  308. 

  309. ?>
    310.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5