githubFork/roundcubemail.git

			@@ -628,15 +628,66 @@
			}

			/**
			* Create session cookie from session data
			* Create session cookie from session data.
			* The cookie will be hashed using a method defined by session.hash_function.
			*
			* @param int Time slot to use
			*
			* @return string
			*/
			function _mkcookie($timeslot)
			protected function _mkcookie($timeslot)
			{
			$auth_string = "$this->key,$this->secret,$timeslot";
			return "S" . (function_exists('sha1') ? sha1($auth_string) : md5($auth_string));
			$hash_method = (string) ini_get('session.hash_function');
			$hash_nbits = (int) ini_get('session.hash_bits_per_character');

			if (!$hash_method) {
			$hash_method = 'md5';
			}
			else if ($hash_method === '1') {
			$hash_method = 'sha1';
			}

			if ($hash_nbits < 4 \|\| $hash_nbits > 6) {
			$hash_nbits = 4;
			}

			// Hash the authentication string
			$hash = openssl_digest($auth_string, $hash_method, true);

			// Above method returns "hexits". To be really compatible
			// with session hashes generated by PHP core we'll get
			// a raw (binary) hash and convert it to a readable form
			// as in bin_to_readable() function in ext/session/session.c.
			$hextab = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ,-";
			$length = strlen($hash);
			$result = '';
			$char = 0;
			$i = 0;
			$have = 0;
			$mask = (1 << $hash_nbits) - 1;

			while (true) {
			if ($have < $hash_nbits) {
			if ($i < $length) {
			$char \|= ord($hash[$i++]) << $have;
			$have += 8;
			}
			else if (!$have) {
			break;
			}
			else {
			$have = $hash_nbits;
			}
			}

			// consume nbits
			$result .= $hextab[$char & $mask];
			$char >>= $hash_nbits;
			$have -= $hash_nbits;
			}

			return $result;
			}

			/**