From 8bed5e0151eb375e2d2dc91e4e6c6d5aa62daa5c Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sun, 19 Jul 2015 05:06:48 -0400
Subject: [PATCH] Fix regression where compose editor mode was set incorrectly
---
program/lib/Roundcube/rcube_session.php | 105 ++++++++++++++++++++++++++++++++++------------------
1 files changed, 68 insertions(+), 37 deletions(-)
diff --git a/program/lib/Roundcube/rcube_session.php b/program/lib/Roundcube/rcube_session.php
index fc1d871..86316f9 100644
--- a/program/lib/Roundcube/rcube_session.php
+++ b/program/lib/Roundcube/rcube_session.php
@@ -1,6 +1,6 @@
<?php
-/*
+/**
+-----------------------------------------------------------------------+
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2005-2014, The Roundcube Dev Team |
@@ -15,7 +15,7 @@
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
| Author: Aleksander Machniak <alec@alec.pl> |
- | Author: Cor Bosman <cor@roundcu.be> |
+ | Author: Cor Bosman <cor@roundcu.be> |
+-----------------------------------------------------------------------+
*/
@@ -29,22 +29,22 @@
*/
abstract class rcube_session
{
+ protected $config;
protected $key;
protected $ip;
protected $changed;
protected $start;
- protected $time_diff = 0;
- protected $reloaded = false;
- protected $appends = array();
- protected $unsets = array();
- protected $gc_handlers = array();
- protected $cookiename = 'roundcube_sessauth';
protected $vars;
protected $now;
- protected $secret = '';
- protected $ip_check = false;
- protected $logging = false;
- protected $config;
+ protected $time_diff = 0;
+ protected $reloaded = false;
+ protected $appends = array();
+ protected $unsets = array();
+ protected $gc_handlers = array();
+ protected $cookiename = 'roundcube_sessauth';
+ protected $secret = '';
+ protected $ip_check = false;
+ protected $logging = false;
/**
* Blocks session data from being written to database.
@@ -86,9 +86,6 @@
{
$this->config = $config;
- // register default gc handler
- $this->register_gc_handler(array($this, 'gc'));
-
// set secret
$this->set_secret($this->config->get('des_key') . dirname($_SERVER['SCRIPT_NAME']));
@@ -119,7 +116,6 @@
);
}
-
/**
* Wrapper for session_start()
*/
@@ -145,12 +141,12 @@
abstract function write($key, $vars);
abstract function update($key, $newvars, $oldvars);
-
/**
* session write handler. This calls the implementation methods for write/update after some initial checks.
*
* @param $key
* @param $vars
+ *
* @return bool
*/
public function sess_write($key, $vars)
@@ -171,7 +167,6 @@
return $this->write($key, $vars);
}
}
-
/**
* Wrapper for session_write_close()
@@ -245,7 +240,6 @@
$this->gc_handlers[] = $func;
}
-
/**
* Garbage collector handler to run on script shutdown
*/
@@ -257,7 +251,6 @@
}
}
}
-
/**
* Generate and set new session id
@@ -297,7 +290,6 @@
return $cache;
}
-
/**
* Append the given value to the certain node in the session data array
*
@@ -331,7 +323,6 @@
unset($this->unsets[$path]);
}
-
/**
* Unset a session variable
*
@@ -359,18 +350,16 @@
return true;
}
-
/**
* Kill this session
*/
public function kill()
{
$this->vars = null;
- $this->ip = rcube_utils::remote_addr(); // update IP (might have changed)
+ $this->ip = rcube_utils::remote_addr(); // update IP (might have changed)
$this->destroy(session_id());
rcube_utils::setcookie($this->cookiename, '-del-', time() - 60);
}
-
/**
* Re-read session data from storage backend
@@ -446,7 +435,6 @@
return $data;
}
-
/**
* Unserialize session data
@@ -546,7 +534,6 @@
return unserialize( 'a:' . $items . ':{' . $serialized . '}' );
}
-
/**
* Setter for session lifetime
*/
@@ -559,7 +546,6 @@
$this->now = $now - ($now % ($this->lifetime / 2));
}
-
/**
* Getter for remote IP saved with this session
*/
@@ -567,7 +553,6 @@
{
return $this->ip;
}
-
/**
* Setter for cookie encryption secret
@@ -577,7 +562,6 @@
$this->secret = $secret;
}
-
/**
* Enable/disable IP check
*/
@@ -585,7 +569,6 @@
{
$this->ip_check = $check;
}
-
/**
* Setter for the cookie name used for session cookie
@@ -596,7 +579,6 @@
$this->cookiename = $cookiename;
}
}
-
/**
* Check session authentication cookie
@@ -635,7 +617,6 @@
return $result;
}
-
/**
* Set session authentication cookie
*/
@@ -646,17 +627,67 @@
$_COOKIE[$this->cookiename] = $this->cookie;
}
-
/**
- * Create session cookie from session data
+ * Create session cookie from session data.
+ * The cookie will be hashed using a method defined by session.hash_function.
*
* @param int Time slot to use
+ *
* @return string
*/
- function _mkcookie($timeslot)
+ protected function _mkcookie($timeslot)
{
$auth_string = "$this->key,$this->secret,$timeslot";
- return "S" . (function_exists('sha1') ? sha1($auth_string) : md5($auth_string));
+ $hash_method = (string) ini_get('session.hash_function');
+ $hash_nbits = (int) ini_get('session.hash_bits_per_character');
+
+ if (!$hash_method) {
+ $hash_method = 'md5';
+ }
+ else if ($hash_method === '1') {
+ $hash_method = 'sha1';
+ }
+
+ if ($hash_nbits < 4 || $hash_nbits > 6) {
+ $hash_nbits = 4;
+ }
+
+ // Hash the authentication string
+ $hash = openssl_digest($auth_string, $hash_method, true);
+
+ // Above method returns "hexits". To be really compatible
+ // with session hashes generated by PHP core we'll get
+ // a raw (binary) hash and convert it to a readable form
+ // as in bin_to_readable() function in ext/session/session.c.
+ $hextab = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ,-";
+ $length = strlen($hash);
+ $result = '';
+ $char = 0;
+ $i = 0;
+ $have = 0;
+ $mask = (1 << $hash_nbits) - 1;
+
+ while (true) {
+ if ($have < $hash_nbits) {
+ if ($i < $length) {
+ $char |= ord($hash[$i++]) << $have;
+ $have += 8;
+ }
+ else if (!$have) {
+ break;
+ }
+ else {
+ $have = $hash_nbits;
+ }
+ }
+
+ // consume nbits
+ $result .= $hextab[$char & $mask];
+ $char >>= $hash_nbits;
+ $have -= $hash_nbits;
+ }
+
+ return $result;
}
/**
--
Gitblit v1.9.1