Roundcubemail devel
parent: 612eeca7 | patch | commit | show whitespace
thomascube
2011-09-16 06dc9838e0327c9472cbd3f353b40317eba0ecef 
Fix session race conditions when composing new messages

7 files modified
20 ■■■■■ changed files
CHANGELOG 1 ●●●● patch | view | raw | blame | history
program/include/rcube_json_output.php 1 ●●●● patch | view | raw | blame | history
program/include/rcube_session.php 6 ●●●● patch | view | raw | blame | history
program/steps/mail/attachments.inc 2 ●●● patch | view | raw | blame | history
program/steps/mail/compose.inc 4 ●●●● patch | view | raw | blame | history
program/steps/mail/func.inc 4 ●●●● patch | view | raw | blame | history
program/steps/mail/sendmail.inc 2 ●●● patch | view | raw | blame | history 
 CHANGELOG


@@ -1,6 +1,7 @@


CHANGELOG Roundcube Webmail


===========================




- Fix session race conditions when composing new messages


- Fix encoding of LDAP contacts identifiers (#1488079)


- jQuery 1.6.4


- Make date/time format user configurable; drop 'date_today' config option




 program/include/rcube_json_output.php


@@ -219,6 +219,7 @@


     */


    public function send()


    {


      sleep(6);


        $this->remote_response();


        exit;


    }




 program/include/rcube_session.php


@@ -321,9 +321,9 @@


   */


  public function cleanup()


  {


    // current compose information is stored in $_SESSION['compose'], move it to $_SESSION['compose_data']


    if ($_SESSION['compose']) {


      $_SESSION['compose_data'][$_SESSION['compose']['id']] = $_SESSION['compose'];


    // current compose information is stored in $_SESSION['compose'], move it to $_SESSION['compose_data_<ID>']


    if ($compose_id = $_SESSION['compose']['id']) {


      $_SESSION['compose_data_'.$compose_id] = $_SESSION['compose'];


      $this->remove('compose');


    }


  }




 program/steps/mail/attachments.inc


@@ -25,7 +25,7 @@


}




$COMPOSE_ID = get_input_value('_id', RCUBE_INPUT_GPC);


$_SESSION['compose'] = $_SESSION['compose_data'][$COMPOSE_ID];


$_SESSION['compose'] = $_SESSION['compose_data_'.$COMPOSE_ID];




if (!$_SESSION['compose']) {


  die("Invalid session var!");




 program/steps/mail/compose.inc


@@ -29,7 +29,7 @@


$MESSAGE = NULL;




$COMPOSE_ID = get_input_value('_id', RCUBE_INPUT_GET);


$_SESSION['compose'] = $_SESSION['compose_data'][$COMPOSE_ID];


$_SESSION['compose'] = $_SESSION['compose_data_'.$COMPOSE_ID];




// Nothing below is called during message composition, only at "new/forward/reply/draft" initialization or


// if a compose-ID is given (i.e. when the compose step is opened in a new window/tab).


@@ -39,7 +39,7 @@


  if ($COMPOSE_ID)


    raise_error(array('code' => 500, 'type' => 'php',


      'file' => __FILE__, 'line' => __LINE__,


      'message' => "Invalid session"), true, true);


      'message' => "Invalid compose ID"), true, true);




  $_SESSION['compose'] = array(


    'id' => uniqid(mt_rand()),




 program/steps/mail/func.inc


@@ -1430,12 +1430,12 @@


 */


function rcmail_compose_cleanup($id)


{


  if (!isset($_SESSION['compose_data'][$id]))


  if (!isset($_SESSION['compose_data_'.$id]))


    return;




  $rcmail = rcmail::get_instance();


  $rcmail->plugins->exec_hook('attachments_cleanup', array('group' => $id));


  unset($_SESSION['compose_data'][$id]);


  $rcmail->session->remove('compose_data_'.$id);


}








 program/steps/mail/sendmail.inc


@@ -27,7 +27,7 @@


$savedraft = !empty($_POST['_draft']) ? true : false;




$COMPOSE_ID = get_input_value('_id', RCUBE_INPUT_GPC);


$_SESSION['compose'] = $_SESSION['compose_data'][$COMPOSE_ID];


$_SESSION['compose'] = $_SESSION['compose_data_'.$COMPOSE_ID];




/****** checks ********/