FreeBSD Bugzilla – Attachment 161278 Details for
Bug 203260
mail/roundcube: FreeBSD patch in the port re-introduces the "Your session is invalid or expired" bug
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Fix encoding when suhosin session encryption is not enabled.
patch-program_lib_Roundcube_rcube_session.php (text/plain), 4.40 KB, created by
Alex Dupre
on 2015-09-22 16:19:32 UTC
(
hide
)
Description:
Fix encoding when suhosin session encryption is not enabled.
Filename:
MIME Type:
Creator:
Alex Dupre
Created:
2015-09-22 16:19:32 UTC
Size:
4.40 KB
patch
obsolete
>--- program/lib/Roundcube/rcube_session.php.orig 2015-09-22 15:24:26.400132239 +0000 >+++ program/lib/Roundcube/rcube_session.php 2015-09-22 15:24:08.430133455 +0000 >@@ -35,7 +35,6 @@ > private $time_diff = 0; > private $reloaded = false; > private $appends = array(); >- private $unsets = array(); > private $gc_handlers = array(); > private $cookiename = 'roundcube_sessauth'; > private $vars; >@@ -46,6 +45,7 @@ > private $logging = false; > private $storage; > private $memcache; >+ private $need_base64 = false; > > /** > * Blocks session data from being written to database. >@@ -95,6 +95,9 @@ > else if ($this->storage != 'php') { > ini_set('session.serialize_handler', 'php'); > >+ if (ini_get("suhosin.session.encrypt") !== "1") >+ $this->need_base64 = true; >+ > // set custom functions for PHP session management > session_set_save_handler( > array($this, 'open'), >@@ -192,7 +195,7 @@ > $this->time_diff = time() - strtotime($sql_arr['ts']); > $this->changed = strtotime($sql_arr['changed']); > $this->ip = $sql_arr['ip']; >- $this->vars = base64_decode($sql_arr['vars']); >+ $this->vars = $this->_decode($sql_arr['vars']); > $this->key = $key; > > return !empty($this->vars) ? (string) $this->vars : ''; >@@ -232,12 +235,12 @@ > } > > if ($oldvars !== null) { >- $newvars = $this->_fixvars($vars, $oldvars); >+ $newvars = $vars; > > if ($newvars !== $oldvars) { > $this->db->query("UPDATE {$this->table_name} " > . "SET `changed` = $now, `vars` = ? WHERE `sess_id` = ?", >- base64_encode($newvars), $key); >+ $this->_encode($newvars), $key); > } > else if ($ts - $this->changed + $this->time_diff > $this->lifetime / 2) { > $this->db->query("UPDATE {$this->table_name} SET `changed` = $now" >@@ -248,44 +251,30 @@ > $this->db->query("INSERT INTO {$this->table_name}" > . " (`sess_id`, `vars`, `ip`, `created`, `changed`)" > . " VALUES (?, ?, ?, $now, $now)", >- $key, base64_encode($vars), (string)$this->ip); >+ $key, $this->_encode($vars), (string)$this->ip); > } > > return true; > } > > >- /** >- * Merge vars with old vars and apply unsets >- */ >- private function _fixvars($vars, $oldvars) >+ private function _encode($vars) > { >- if ($oldvars !== null) { >- $a_oldvars = $this->unserialize($oldvars); >- if (is_array($a_oldvars)) { >- // remove unset keys on oldvars >- foreach ((array)$this->unsets as $var) { >- if (isset($a_oldvars[$var])) { >- unset($a_oldvars[$var]); >- } >- else { >- $path = explode('.', $var); >- $k = array_pop($path); >- $node = &$this->get_node($path, $a_oldvars); >- unset($node[$k]); >- } >- } >- >- $newvars = $this->serialize(array_merge( >- (array)$a_oldvars, (array)$this->unserialize($vars))); >- } >- else { >- $newvars = $vars; >- } >+ if ($this->need_base64) { >+ return base64_encode($vars); >+ } else { >+ return $vars; > } >+ } > >- $this->unsets = array(); >- return $newvars; >+ >+ private function _decode($vars) >+ { >+ if ($this->need_base64) { >+ return base64_decode($vars); >+ } else { >+ return $vars; >+ } > } > > >@@ -350,7 +339,7 @@ > else // else read data again > $oldvars = $this->mc_read($key); > >- $newvars = $oldvars !== null ? $this->_fixvars($vars, $oldvars) : $vars; >+ $newvars = $vars; > > if ($newvars !== $oldvars || $ts - $this->changed > $this->lifetime / 3) { > return $this->memcache->set($key, serialize(array('changed' => time(), 'ip' => $this->ip, 'vars' => $newvars)), >@@ -488,8 +477,6 @@ > return $this->destroy(session_id()); > } > >- $this->unsets[] = $var; >- > if (isset($_SESSION[$var])) { > unset($_SESSION[$var]); > }
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 203260
: 161278