squirrelmail-webmail  1.4.22
About: SquirrelMail is a standards-based webmail package with strong MIME support, address books, and folder manipulation (written in PHP4).
  Fossies Dox: squirrelmail-webmail-1.4.22.tar.gz  ("inofficial" and yet experimental doxygen-generated source code documentation)  

global.php File Reference

Go to the source code of this file.




if(function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc()) check_php_version ($a='0', $b='0', $c='0')
 check_sm_version ($a=0, $b=0, $c=0)
 sqstripslashes (&$array)
 sq_call_function_suppress_errors ($function, $args=array())
 sqsession_register ($var, $name)
 sqsession_unregister ($name)
 sqsession_is_registered ($name)
 sqgetGlobalVar ($name, &$value, $search=SQ_INORDER)
 sqsession_destroy ()
 sqsession_is_active ()
 sqsession_start ()
 sqsetcookie ($sName, $sValue='deleted', $iExpire=0, $sPath="", $sDomain="", $bSecure=false, $bHttpOnly=true, $bReplace=false)
 is_ssl_secured_connection ()
 file_has_long_lines ($filename, $max_length)


const SQ_INORDER 0
const SQ_GET 1
const SQ_POST 2
const SQ_SESSION 3
const SQ_COOKIE 4
const SQ_SERVER 5
const SQ_FORM 6
if((bool) ini_get('register_globals') &&strtolower(ini_get('register_globals'))!='off') $php_session_auto_start = ini_get('session.auto_start')
if((bool) $php_session_auto_start && $php_session_auto_start !='off') if(isset($_SERVER['PHP_SELF'])) if(isset($_SERVER['QUERY_STRING'])) if (isset( $_SERVER[ 'REQUEST_URI']))
global $temporary_plugins
if(isset($temporary_plugins)) $is_secure_connection = is_ssl_secured_connection()
if(isset($session_name) && $session_name) else
if(!(bool) ini_get('session.use_cookies')||ini_get('session.use_cookies')=='off') $base_uri = sqm_baseuri()

Function Documentation

◆ check_php_version()

if (function_exists( 'get_magic_quotes_gpc') &&@get_magic_quotes_gpc()) check_php_version (   $a = '0',
  $b = '0',
  $c = '0' 

returns true if current php version is at mimimum a.b.c

Called: check_php_version(4,1)

inta major version number
intb minor version number
intc release number

Definition at line 194 of file global.php.

Referenced by Deliver_SMTP\initStream(), set_up_language(), sq_setlocale(), sqimap_login(), and sqsetcookie().

◆ check_sm_version()

check_sm_version (   $a = 0,
  $b = 0,
  $c = 0 

returns true if the current internal SM version is at minimum a.b.c These are plain integer comparisons, as our internal version is constructed by us, as an array of 3 ints.

Called: check_sm_version(1,3,3)

inta major version number
intb minor version number
intc release number

Definition at line 215 of file global.php.


◆ file_has_long_lines()

file_has_long_lines (   $filename,

Determine if there are lines in a file longer than a given length

string$filenameThe full file path of the file to inspect
int$max_lengthIf any lines in the file are GREATER THAN this number, this function returns TRUE.
boolean TRUE as explained above, otherwise, (no long lines found) FALSE is returned.

Definition at line 614 of file global.php.

References $filename.

Referenced by Deliver\prepareMIME_Header(), and Deliver\writeBodyPart().

◆ is_ssl_secured_connection()

is_ssl_secured_connection ( )

Detect whether or not we have a SSL secured (HTTPS) connection to the browser

It is thought to be so if you have 'SSLOptions +StdEnvVars' in your Apache configuration, OR if you have HTTPS set to a non-empty value (except "off") in your HTTP_SERVER_VARS, OR if you have HTTP_X_FORWARDED_PROTO=https in your HTTP_SERVER_VARS, OR if you are on port 443.

Note: HTTP_X_FORWARDED_PROTO could be sent from the client and therefore possibly spoofed/hackable - for now, the administrator can tell SM to ignore this value by setting $sq_ignore_http_x_forwarded_headers to boolean TRUE in config/config_local.php, but in the future we may want to default this to TRUE and make administrators who use proxy systems turn it off (see 1.5.2+).

Note: It is possible to run SSL on a port other than 443, and if that is the case, the administrator should set $sq_https_port to the applicable port number in config/config_local.php

boolean TRUE if the current connection is SSL-encrypted; FALSE otherwise.
1.4.17 and 1.5.2

Definition at line 584 of file global.php.

References SQ_SERVER, and sqgetGlobalVar().

◆ sq_call_function_suppress_errors()

sq_call_function_suppress_errors (   $function,
  $args = array() 

Squelch error output to screen (only) for the given function.

This provides an alternative to the @ error-suppression operator where errors will not be shown in the interface but will show up in the server log file (assuming the administrator has configured PHP logging).

1.4.12 and 1.5.2
string$functionThe function to be executed
array$argsThe arguments to be passed to the function (OPTIONAL; default no arguments) NOTE: The caller must take extra action if the function being called is supposed to use any of the parameters by reference. In the following example, $x is passed by reference and $y is passed by value to the "my_func" function. sq_call_function_suppress_errors('my_func', array(&$x, $y));
mixed The return value, if any, of the function being executed will be returned.

Definition at line 275 of file global.php.

References $ret.

◆ sqgetGlobalVar()

sqgetGlobalVar (   $name,
  $search = SQ_INORDER 

Search for the var $name in $_SESSION, $_POST, $_GET, $_COOKIE, or $_SERVER and set it in provided var.

If $search is not provided, or == SQ_INORDER, it will search $_SESSION, then $_POST, then $_GET. Otherwise, use one of the defined constants to look for a var in one place specifically.

Note: $search is an int value equal to one of the constants defined above.

example: sqgetGlobalVar('username',$username,SQ_SESSION); – no quotes around last param!

stringname the name of the var to search
mixedvalue the variable to return
intsearch constant defining where to look
bool whether variable is found.

Definition at line 344 of file global.php.


Referenced by adm_check_user(), attachment_common_link_html(), attachment_common_link_image(), attachment_common_link_text(), attachment_common_link_vcard(), cachePrefValues(), delete_move_next_action(), delete_move_next_delete(), delete_move_next_display_save(), delete_move_next_move(), delete_move_next_unread(), displayHtmlHeader(), displayPageHeader(), formatBody(), get_abook_sort(), get_location(), Deliver_SMTP\initStream(), is_logged_in(), is_ssl_secured_connection(), magicHTML(), mail_fetch_load_pref(), mail_fetch_login(), mail_fetch_setnew(), makeComposeLink(), makeInternalLink(), newmail_sav(), php_self(), printer_friendly_link(), printMessageInfo(), save_option(), SendDownloadHeaders(), SendMDN(), sent_subfolders_check_handleAsSent(), sent_subfolders_optpage_loadhook_folders(), sent_subfolders_special_mailbox(), sent_subfolders_update_sentfolder(), set_up_language(), showInputForm(), showMessagesForMailbox(), soupNazi(), spamcop_show_link(), spamcop_while_sending(), sq_fix_url(), sq_mt_randomize(), sqauth_read_password(), sqauth_save_password(), sqimap_mailbox_list(), sqm_baseuri(), sqspell_getWords(), sqspell_makePage(), sqspell_writeWords(), squirrelmail_plugin_init_filters(), SquirrelOption\SquirrelOption(), start_filters(), and view_header().

◆ sqsession_destroy()

sqsession_destroy ( )

Deletes an existing session, more advanced than the standard PHP session_destroy(), it explicitly deletes the cookies and global vars.

Definition at line 399 of file global.php.

References $base_uri, and sqsetcookie().

Referenced by sqimap_login().

◆ sqsession_is_active()

sqsession_is_active ( )

Function to verify a session has been started. If it hasn't start a session up. php.net doesn't tell you that $_SESSION (even though autoglobal), is not created unless a session is started, unlike $_POST, $_GET and such

Definition at line 452 of file global.php.

References sqsession_start().

Referenced by sqsession_register(), and sqsession_unregister().

◆ sqsession_is_registered()

sqsession_is_registered (   $name)

Checks to see if a variable has already been registered in the session.

string$namethe name of the var to check
bool whether the var has been registered

Definition at line 318 of file global.php.

Referenced by get_thread_sort(), is_logged_in(), sqimap_get_php_sort_order(), and sqimap_get_sort_order().

◆ sqsession_register()

sqsession_register (   $var,

◆ sqsession_start()

sqsession_start ( )

Function to start the session and store the cookie with the session_id as HttpOnly cookie which means that the cookie isn't accessible by javascript (IE6 only) Note that as sqsession_is_active() no longer discriminates as to when it calls this function, session_start() has to have E_NOTICE suppression (thus the @ sign).


Definition at line 469 of file global.php.

References $base_uri, and sqsetcookie().

Referenced by sqsession_is_active().

◆ sqsession_unregister()

sqsession_unregister (   $name)

Delete a variable from the session.

string$namethe name of the var to delete

Definition at line 301 of file global.php.

References sqsession_is_active().

Referenced by cachePrefValues(), get_thread_sort(), showMessagesForMailbox(), sqimap_get_php_sort_order(), and sqimap_get_sort_order().

◆ sqsetcookie()

sqsetcookie (   $sName,
  $sValue = 'deleted',
  $iExpire = 0,
  $sPath = "",
  $sDomain = "",
  $bSecure = false,
  $bHttpOnly = true,
  $bReplace = false 

Set a cookie

string$sNameThe name of the cookie.
string$sValueThe value of the cookie.
int$iExpireThe time the cookie expires. This is a Unix timestamp so is in number of seconds since the epoch.
string$sPathThe path on the server in which the cookie will be available on.
string$sDomainThe domain that the cookie is available.
boolean$bSecureIndicates that the cookie should only be transmitted over a secure HTTPS connection.
boolean$bHttpOnlyDisallow JS to access the cookie (IE6/FF2)
boolean$bReplaceReplace previous cookies with same name?
1.4.16 and 1.5.1

Definition at line 509 of file global.php.

References $is_secure_connection, and check_php_version().

Referenced by sqauth_save_password(), sqsession_destroy(), and sqsession_start().

◆ sqstripslashes()

sqstripslashes ( $array)

Recursively strip slashes from the values of an array.

arrayarray the array to strip, passed by reference

Definition at line 236 of file global.php.

Variable Documentation

◆ $base_uri

if (!(bool) ini_get( 'session.use_cookies')||ini_get( 'session.use_cookies')=='off') $base_uri = sqm_baseuri()

[#1518885] session.use_cookies = off breaks SquirrelMail

When session cookies are not used, all http redirects, meta refreshes, src/download.php and javascript URLs are broken. Setting must be set before session is started.Make sure to have $base_uri always initialized to avoid having session cookie set separately for each $base_uri subdirectory that receives direct requests from user's browser (typically $base_uri and $base_uri/src).

Definition at line 173 of file global.php.

Referenced by compose_Header(), displayHtmlHeader(), displayPageHeader(), formatMenubar(), formatToolbar(), logout_error(), mail_message_listing_beginning(), makeComposeLink(), makeInternalLink(), sqauth_save_password(), sqm_baseuri(), sqsession_destroy(), and sqsession_start().

◆ $is_secure_connection

if (isset( $temporary_plugins)) $is_secure_connection = is_ssl_secured_connection()

Detect SSL connections

Definition at line 139 of file global.php.

Referenced by get_location(), and sqsetcookie().

◆ $php_session_auto_start

if ((bool) ini_get( 'register_globals') &&strtolower(ini_get( 'register_globals'))!='off') $php_session_auto_start = ini_get('session.auto_start')

First code that should be executed before other files are loaded Must be executed before any other scripts are loaded.

If register_globals are on, unregister globals. Second test covers boolean set as string (php_value register_globals off).There are some PHP settings that SquirrelMail is incompatible with and cannot be changed by software at run-time; refuse to run if such settings are being used...

Definition at line 72 of file global.php.

◆ $temporary_plugins

global $temporary_plugins

Allow disabling of all plugins or enabling just a select few

$temporary_plugins can be set in config_local.php, and must be set as an array of plugin names that will be the only ones activated (overriding the activation from the main configuration file). If the list is empty, all plugins will be disabled. Examples follow:

Enable only Preview Pane and TNEF Decoder plugins: $temporary_plugins = array('tnef_decoder', 'preview_pane');

Disable all plugins: $temporary_plugins = array();

Definition at line 114 of file global.php.

◆ else

if (isset( $session_name) &&$session_name) else
Initial value:
ini_set('session.name' , 'SQMSESSID')

set the name of the session cookie

Definition at line 144 of file global.php.

◆ if

if ((bool) $php_session_auto_start &&$php_session_auto_start !='off') if (isset( $_SERVER[ 'PHP_SELF'])) if (isset( $_SERVER[ 'QUERY_STRING'])) if(isset($_SERVER['REQUEST_URI']))

Strip any tags added to the url from PHP_SELF. This fixes hand crafted url XXS expoits for any page that uses PHP_SELF as the FORM action. Must be executed before strings.php is loaded (php_self() call in strings.php). Update: strip_tags() won't catch something like src/right_main.php?sort=0&startMessage=1&mailbox=INBOX&xxx="><script>window.open("http://example.com")</script> or contrib/decrypt_headers.php/%22%20onmouseover=%22alert(%27hello%20world%27)%22%3E because it doesn't bother with broken tags. htmlspecialchars() is the preferred method.Bring in the config file We need $session_name config.php $version depends on strings.php. strings.php sets $PHP_SELF.

Definition at line 103 of file global.php.



const SQ_FORM 6



const SQ_INORDER 0

Set constants

Definition at line 15 of file global.php.

Referenced by sqgetGlobalVar().