eliminate "global $_SESSION" declarations

assessment/showtest.php

@@ -3723,7 +3723,7 @@ function endtest($testsettings) {
 		//unset($_SESSION['sessiontestid']);
 	}
 	function leavetestmsg($or = '') {
-		global $isdiag, $diagid, $_SESSION, $testsettings;
+		global $isdiag, $diagid, $testsettings;
 		$isltilimited = (isset($_SESSION['ltiitemtype']) && $_SESSION['ltiitemtype']==0);
 		echo '<p>';
 		echo $or;

assessment/testutil.php

@@ -513,7 +513,7 @@ function printscore2($sc) {
 //qi: getquestioninfo[qid]
 function scorequestion($qn, $rectime=true) {
 	global $DBH,$questions,$scores,$seeds,$testsettings,$qi,$attempts,$lastanswers,$isreview,$bestquestions,$bestseeds,$bestscores,$bestattempts,$bestlastanswers, $reattempting, $rawscores, $bestrawscores, $firstrawscores;
-	global $regenonreattempt, $_SESSION;
+	global $regenonreattempt;
 	//list($qsetid,$cat) = getqsetid($questions[$qn]);
 	$lastrawscore = $rawscores[$qn];
 
@@ -594,7 +594,7 @@ function scorequestion($qn, $rectime=true) {
 //records everything but questions array
 //if limit=true, only records lastanswers
 function recordtestdata($limit=false, $updateLTI=true) {
-	global $DBH,$isreview,$questions,$bestquestions,$bestscores,$bestattempts,$bestseeds,$bestlastanswers,$scores,$attempts,$seeds,$lastanswers,$testid,$testsettings,$_SESSION,$reattempting,$timesontask,$lti_sourcedid,$qi,$noraw,$rawscores,$bestrawscores,$firstrawscores,$userid;
+	global $DBH,$isreview,$questions,$bestquestions,$bestscores,$bestattempts,$bestseeds,$bestlastanswers,$scores,$attempts,$seeds,$lastanswers,$testid,$testsettings,$reattempting,$timesontask,$lti_sourcedid,$qi,$noraw,$rawscores,$bestrawscores,$firstrawscores,$userid;
 
 	if ($noraw) {
 		$bestscorelist = implode(',',$bestscores);
@@ -678,7 +678,7 @@ function recordtestdata($limit=false, $updateLTI=true) {
 }
 
 function deletefilesifnotused($delfrom,$ifnothere) {
-	global $testsettings,$_SESSION, $testid, $isreview;
+	global $testsettings, $testid, $isreview;
 	$outstr = '';
 	preg_match_all('/@FILE:(.+?)@/',$delfrom,$matches);
 	foreach($matches[0] as $match) {
@@ -799,7 +799,7 @@ function basicshowq($qn,$seqinactive=false,$colors=array()) {
 
 //shows basic points possible, attempts remaining bar
 function showqinfobar($qn,$inreview,$single,$showqnum=0) {
-	global $qi,$questions,$attempts,$seeds,$testsettings,$noindivscores,$showeachscore,$scores,$bestscores,$_SESSION,$imasroot,$CFG;
+	global $qi,$questions,$attempts,$seeds,$testsettings,$noindivscores,$showeachscore,$scores,$bestscores,$imasroot,$CFG;
 	if (!$_SESSION['istutorial']) {
 		if ($inreview) {
 			echo '<div class="review clearfix">';
@@ -908,7 +908,7 @@ function showquestioncontactlinks($qn) {
 
 //shows top info bar for seq mode
 function seqshowqinfobar($qn,$toshow) {
-	global $qi,$questions,$attempts,$testsettings,$scores,$bestscores,$noindivscores,$showeachscore,$imasroot,$CFG,$_SESSION,$seeds,$isreview;
+	global $qi,$questions,$attempts,$testsettings,$scores,$bestscores,$noindivscores,$showeachscore,$imasroot,$CFG,$seeds,$isreview;
 	$reattemptsremain = hasreattempts($qn);
 	$pointsremaining = getremainingpossible($qn,$qi[$questions[$qn]],$testsettings,$attempts[$qn]);
 	$qavail = false;
@@ -1068,7 +1068,7 @@ function startoftestmessage($perfectscore,$hasreattempts,$allowregen,$noindivsco
 }
 
 function embedshowicon($qn) {
-	global $qi,$questions,$attempts,$testsettings,$scores,$bestscores,$noindivscores,$showeachscore,$imasroot,$CFG,$_SESSION,$seeds,$isreview;
+	global $qi,$questions,$attempts,$testsettings,$scores,$bestscores,$noindivscores,$showeachscore,$imasroot,$CFG,$seeds,$isreview;
 	$reattemptsremain = hasreattempts($qn);
 	$pointsremaining = getremainingpossible($qn,$qi[$questions[$qn]],$testsettings,$attempts[$qn]);
 	$qavail = false;
@@ -1132,7 +1132,7 @@ function embedshowicon($qn) {
 // like on the password entry page, latepass confirmation, etc.
 // this is light breadcrumbs rather than full
 function showEnterAssessmentBreadcrumbs($aname) {
-	global $isdiag, $_SESSION, $breadcrumbbase, $coursename;
+	global $isdiag, $breadcrumbbase, $coursename;
 	if (!$isdiag && strpos($_SERVER['HTTP_REFERER'],'treereader')===false && !(isset($_SESSION['ltiitemtype']) && $_SESSION['ltiitemtype']==0)) {
 		echo "<div class=breadcrumb>$breadcrumbbase <a href=\"../course/course.php?cid=".Sanitize::courseId($_GET['cid'])."\">".Sanitize::encodeStringForDisplay($coursename)."</a> ";
 		echo '&gt; ', Sanitize::encodeStringForDisplay($aname), '</div>';

course/courseshowitems.php

@@ -199,7 +199,7 @@ function getWikiDD($i, $typeid, $parent, $itemid) {
 
 $itemshowdata = null;
 function showitems($items,$parent,$inpublic=false,$greyitems=0) {
-	   global $DBH,$teacherid,$tutorid,$studentid,$cid,$imasroot,$userid,$openblocks,$firstload,$_SESSION,$myrights,$courseenddate;
+	   global $DBH,$teacherid,$tutorid,$studentid,$cid,$imasroot,$userid,$openblocks,$firstload,$myrights,$courseenddate;
 	   global $itemicons,$exceptions,$latepasses,$ispublic,$studentinfo,$newpostcnts,$CFG,$latepasshrs,$toolset,$readlinkeditems;
 	   global $itemshowdata, $exceptionfuncs;
 
@@ -1974,7 +1974,7 @@ function formatdate($date) {
 
    //instructor-only tree-based quick view of full course
    function quickview($items,$parent,$showdates=false,$showlinks=true) {
-	   global $DBH,$teacherid,$cid,$imasroot,$userid,$openblocks,$firstload,$_SESSION,$hideicons,$exceptions,$latepasses,$CFG;
+	   global $DBH,$teacherid,$cid,$imasroot,$userid,$openblocks,$firstload,$hideicons,$exceptions,$latepasses,$CFG;
 	   global $itemtypes, $iteminfo, $addassess;
 	   if (!is_array($openblocks)) {$openblocks = array();}
 	   if ($parent=='0') {

csrfp/simplecsrfp.php

@@ -38,7 +38,7 @@ class csrfProtector
 
 		public static function init($length = null, $action = null)
 		{
-			global $userid, $_SESSION;
+			global $userid;
 			if (empty($userid)) { //only run if $userid is set
 				return;
 			}
@@ -64,7 +64,6 @@ public static function init($length = null, $action = null)
 		}
 		public static function authorizePost()
 		{
-			global $_SESSION;
 			if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 
 				// look for token in payload else from header
@@ -118,7 +117,6 @@ private static function getTokenFromRequest() {
 		 * bool - true if its valid else false
 		 */
 		private static function isValidToken($token) {
-			global $_SESSION;
 			if (!isset($_SESSION[CSRFP_TOKEN])) return false;
 			return ($_SESSION[CSRFP_TOKEN] == $token);
 		}
@@ -168,7 +166,6 @@ private static function failedValidationAction()
 		 */
 		public static function refreshToken()
 		{
-			global $_SESSION;
 			$token = self::generateAuthToken();
 
 			$_SESSION[CSRFP_TOKEN] = $token;
@@ -220,7 +217,6 @@ public static function generateAuthToken()
 		*/
 		private static function get_csrf_input_tag()
 		{
-			global $_SESSION;
 			$out = '<input type="hidden" name="'.CSRFP_TOKEN.'" ';
 			$out .= 'class="'.CSRFP_TOKEN.'" value="'.$_SESSION[CSRFP_TOKEN].'" />';
 			return $out;
@@ -236,7 +232,6 @@ private static function get_csrf_input_tag()
 		 */
 		public static function output_header_code()
 		{
-			global $_SESSION;
 			$out = '<script type="text/javascript" src="' . self::$config['jsUrl'] . '"></script>';
 			$out .= '<script type="text/javascript">';
 			$out .= 'CSRFP.setToken("'.$_SESSION[CSRFP_TOKEN].'");</script>';
@@ -291,7 +286,6 @@ public static function ob_handler($buffer, $flags)
 		 */
 		protected static function logCSRFattack()
 		{
-			global $_SESSION;
 			//miniature version of the log
 			$log = array();
 			$log['timestamp'] = time();

filter/filter.php

@@ -18,7 +18,7 @@
 		include_once("$filterdir/graph/sscrtotext.php");
 	}
 	function mathfiltercallback($arr) {
-		global $AMT,$mathimgurl,$coursetheme,$_SESSION;
+		global $AMT,$mathimgurl,$coursetheme;
 		//$arr[1] = str_replace(array('≠','"','<','>','≤','≥'),array('ne','"','lt','gt','le','ge'),$arr[1]);
 		$arr[1] = str_replace(array('&ne;','&quot;','&le;','&ge;','<','>'),array('ne','"','le','ge','&lt;','&gt;'),$arr[1]);
 		$tex = $AMT->convert($arr[1]);
@@ -94,7 +94,7 @@ function svgfilterscriptcallback($arr) {
 	}
 
 	function filter($str) {
-		global $_SESSION,$userfullname,$urlmode,$imasroot;
+		global $userfullname,$urlmode,$imasroot;
 		if ($urlmode == 'https://') {
 			$str = str_replace(array('http://www.youtube.com','http://youtu.be'),array('https://www.youtube.com','https://youtu.be'), $str);
 		}
@@ -212,7 +212,6 @@ function filter($str) {
 		return $str;
 	}
 	function filtergraph($str) {
-		global $_SESSION;
 		if ($_SESSION['graphdisp']==2) {
 			if (strpos($str,'embed')!==FALSE) {
 				$str = preg_replace_callback('/<\s*embed.*?sscr=(.)(.+?)\1.*?>/','svgfiltersscrcallback',$str);

forums/posts.php

@@ -478,7 +478,7 @@ function printchildren($base,$restricttoowner=false) {
 	global $DBH,$children,$date,$subject,$re,$message,$poster,$email,$forumid,$threadid,$isteacher,$cid,$userid,$ownerid,$points;
 	global $feedback,$posttype,$lastview,$myrights,$allowreply,$allowmod,$allowdel,$allowlikes,$view,$page,$allowmsg;
 	global $haspoints,$imasroot,$postby,$replyby,$files,$CFG,$rubric,$pointsposs,$hasuserimg,$urlmode,$likes,$mylikes,$section;
-	global $canviewall, $caneditscore, $canviewscore, $_SESSION, $isstu;
+	global $canviewall, $caneditscore, $canviewscore, $isstu;
 	if (!isset($CFG['CPS']['itemicons'])) {
 		$itemicons = array('web'=>'web.png', 'doc'=>'doc.png', 'wiki'=>'wiki.png',
 		'html'=>'html.png', 'forum'=>'forum.png', 'pdf'=>'pdf.png',

includes/ltioutcomes.php

@@ -168,7 +168,6 @@ function sendOAuthBodyPOST($method, $endpoint, $oauth_consumer_key, $oauth_consu
     }
 
     if ($response === false) {
-    	global $_SESSION;
     	if ($_SESSION['debugmode']==true) {
     		throw new Exception("Problem reading data from $endpoint, $php_errormsg");
     	} else {
@@ -341,7 +340,7 @@ function calcandupdateLTIgrade($sourcedid,$aid,$uid,$scores,$sendnow=false,$aidp
 
 //use this if we know the grade, or want to delete
 function updateLTIgrade($action,$sourcedid,$aid,$uid,$grade=0,$sendnow=false) {
-	global $DBH,$_SESSION,$testsettings,$cid,$CFG,$userid;
+	global $DBH,$testsettings,$cid,$CFG,$userid;
 
 	if (isset($CFG['LTI']['logupdate']) && $action=='update') {
 		$logfilename = __DIR__ . '/../admin/import/ltiupdate.log';

includes/userprefs.php

@@ -5,7 +5,7 @@
 // and
 
 function showUserPrefsForm() {
-	global $CFG, $_SESSION, $tzname;
+	global $CFG, $tzname;
 
 	require_once(dirname(__FILE__)."/htmlutil.php");
 
@@ -110,7 +110,7 @@ function showUserPrefsForm() {
 }
 
 function storeUserPrefs() {
-	global $CFG, $DBH, $_SESSION, $userid, $tzname, $sessionid;
+	global $CFG, $DBH, $userid, $tzname, $sessionid;
 
 	//save user prefs.  Get existing
 	$currentuserprefs = array();
@@ -181,7 +181,7 @@ function storeUserPrefs() {
 }
 
 function generateuserprefs($writetosession=false) {
-	global $DBH, $CFG, $_SESSION, $sessionid, $userid;
+	global $DBH, $CFG, $sessionid, $userid;
 
 	$_SESSION['userprefs'] = array();
 	$prefdefaults = array(