From: Jason M. <ja...@st...> - 2002-07-31 20:30:21
|
Hello all, OK, I added global.php to the STABLE branch src dir earlier and I am about to update a base set of src/ files that will allow you to login to Squirrelmail, go to *most* pages, browse mailboxes, and read mail, all with register globals off. The files I will update in stable CVS shortly are: src/ search.php read_body.php redirect.php login.php validate.php webmail.php right_main.php left_main.php options.php folders.php functions/ page_header.php Some observations: 1. Looks like we might be able to convert all of SM without modifying the functions/ dir hardly at all. (yeah!) Remember that if the variable is in the local scope of a file in src/, its OK to reference that var from a function called by that page with a global directive in the function. For example as long as right_main.php has the vars $username, $key, and $onetimepad then the login function in imap_general.php will work when called from right_main.php. Avoid modifying code in the functions dir, instead initialize the var from the calling php page in src/. The exception is page_header.php which needs base_uri. So to simplify I just updated the functions in page_header.php itself. Possibly a few others will need some modifications also, like mailbox_display or prefs. 2. Commonly (but not always :) pages will need these vars: For IMAP logins: $key = $_COOKIE['key']; $username = $_SESSION['username']; $onetimepad = $_SESSION['onetimepad']; For additional IMAP functions: $delimiter = $_SESSION['delimiter']; For creating link hrefs: $base_uri = $_SESSION['base_uri']; 3. Heres some fun. Any var sent to the page from a URL or a POST will need to be set. because we commonly use isset, use caution when initializing these. I have had success with: if (isset($_GET['newsort'])) { $newsort = $_GET['newsort']; } The fun part comes in when trying to determine all the possible variables that could be sent to a page :) 4. After several test, nothing that I have done to these files has any effect on the functionality of SM when register globals is On. This is of *UTMOST* importance to the stable series so after updating a page make sure that you test it with register_globals On. Otherwise Konstantin will drive out to Kansas and strangle me with his own hands :) 5. Check out right_main after I update it to see what it ends up looking like. At the very least every file in src/ will need to be updated, and the ones I have updated so far might need to be added to. CVS commit will be on the way shortly. enjoy!! \___ Jason Munro \___ AIM:jmunr0 \__ ja...@st... \__ http://www.sunflower.com/~jmunro/ |