From ed1d212ae2daea5e4bd043417610177093e99f19 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sat, 16 Jan 2016 03:03:51 -0500
Subject: [PATCH] Improved SVG cleanup code
---
plugins/database_attachments/database_attachments.php | 49 +++++++++++++++++++++++++++++++++++++++----------
1 files changed, 39 insertions(+), 10 deletions(-)
diff --git a/plugins/database_attachments/database_attachments.php b/plugins/database_attachments/database_attachments.php
index f908074..aacafae 100644
--- a/plugins/database_attachments/database_attachments.php
+++ b/plugins/database_attachments/database_attachments.php
@@ -1,9 +1,10 @@
<?php
+
/**
* Database Attachments
*
* This plugin which provides database backed storage for temporary
- * attachment file handling. The primary advantage of this plugin
+ * attachment file handling. The primary advantage of this plugin
* is its compatibility with round-robin dns multi-server roundcube
* installations.
*
@@ -12,15 +13,34 @@
* @author Ziba Scott <ziba@umich.edu>
* @author Aleksander Machniak <alec@alec.pl>
* @version @package_version@
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-require_once('plugins/filesystem_attachments/filesystem_attachments.php');
+
+if (class_exists('filesystem_attachments', false) && !defined('TESTS_DIR')) {
+ die("Configuration issue. There can be only one enabled plugin for attachments handling");
+}
+
+require_once INSTALL_PATH . 'plugins/filesystem_attachments/filesystem_attachments.php';
+
class database_attachments extends filesystem_attachments
{
// Cache object
protected $cache;
// A prefix for the cache key used in the session and in the key field of the cache table
- protected $prefix = "db_attach";
+ const PREFIX = "ATTACH";
/**
* Save a newly uploaded attachment
@@ -41,9 +61,9 @@
$status = $cache->write($key, $data);
if ($status) {
- $args['id'] = $key;
+ $args['id'] = $key;
$args['status'] = true;
- unset($args['path']);
+ $args['path'] = null;
}
return $args;
@@ -124,8 +144,10 @@
*/
function cleanup($args)
{
- $cache = $this->get_cache();
- $cache->remove($args['group'], true);
+ // check if cache object exist, it may be empty on session_destroy (#1489726)
+ if ($cache = $this->get_cache()) {
+ $cache->remove($args['group'], true);
+ }
}
/**
@@ -133,8 +155,8 @@
*/
protected function _key($args)
{
- $uname = $args['path'] ? $args['path'] : $args['name'];
- return $args['group'] . md5(mktime() . $uname . $_SESSION['user_id']);
+ $uname = $args['path'] ?: $args['name'];
+ return $args['group'] . md5(time() . $uname . $_SESSION['user_id']);
}
/**
@@ -149,9 +171,16 @@
$ttl = 12 * 60 * 60; // default: 12 hours
$ttl = $rcmail->config->get('database_attachments_cache_ttl', $ttl);
$type = $rcmail->config->get('database_attachments_cache', 'db');
+ $prefix = self::PREFIX;
+
+ // Add session identifier to the prefix to prevent from removing attachments
+ // in other sessions of the same user (#1490542)
+ if ($id = session_id()) {
+ $prefix .= $id;
+ }
// Init SQL cache (disable cache data serialization)
- $this->cache = $rcmail->get_cache($this->prefix, 'db', $ttl, false);
+ $this->cache = $rcmail->get_cache($prefix, $type, $ttl, false);
}
return $this->cache;
--
Gitblit v1.9.1