From eee6944b5d260a104aa4738fcd48fa78915f58c8 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Sat, 27 Nov 2010 08:59:05 -0500
Subject: [PATCH] Save session data with bas64 ecoding to make it more robust against garbage data (#1487136)

---
 CHANGELOG                         |    1 +
 program/include/rcube_session.php |   31 +++++++++++++++++--------------
 2 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 9eb23bc..60bc323 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Make session data storage more robust against garbage session data (#1487136)
 - Config option for autocomplete on login screen
 - Allow plugin templates to include local files (#1487133)
 - List groups in address detail view and allow to subscribe/unsubscribe from there (#1486753)
diff --git a/program/include/rcube_session.php b/program/include/rcube_session.php
index b4f75ed..4137b37 100644
--- a/program/include/rcube_session.php
+++ b/program/include/rcube_session.php
@@ -81,12 +81,12 @@
 
     if ($sql_arr = $this->db->fetch_assoc($sql_result)) {
       $this->changed = $sql_arr['changed'];
-      $this->vars = $sql_arr['vars'];
-      $this->ip = $sql_arr['ip'];
-      $this->key = $key; 
+      $this->ip      = $sql_arr['ip'];
+      $this->vars    = base64_decode($sql_arr['vars']);
+      $this->key     = $key;
 
-      if (!empty($sql_arr['vars']))
-        return $sql_arr['vars'];
+      if (!empty($this->vars))
+        return $this->vars;
     }
 
     return false;
@@ -107,19 +107,22 @@
     }
 
     if ($oldvars !== false) {
-      $a_oldvars = $this->unserialize($oldvars); 
-      foreach ((array)$this->unsets as $k)
-        unset($a_oldvars[$k]);
+      $a_oldvars = $this->unserialize($oldvars);
+      if (is_array($a_oldvars)) {
+        foreach ((array)$this->unsets as $k)
+          unset($a_oldvars[$k]);
 
-      $newvars = $this->serialize(array_merge(
-        (array)$a_oldvars, (array)$this->unserialize($vars)));
+        $newvars = $this->serialize(array_merge(
+          (array)$a_oldvars, (array)$this->unserialize($vars)));
+      }
+      else
+        $newvars = $vars;
 
       if (!$this->lifetime) {
         $timeout = 600;
       }
       else if ($this->keep_alive>0) {
-        $timeout = min($this->lifetime * 0.5,
-		  $this->lifetime - $this->keep_alive);
+        $timeout = min($this->lifetime * 0.5, $this->lifetime - $this->keep_alive);
       } else {
         $timeout = 0;
       }
@@ -128,7 +131,7 @@
         $this->db->query(
           sprintf("UPDATE %s SET vars = ?, changed = %s WHERE sess_id = ?",
             get_table_name('session'), $now),
-          $newvars, $key);
+          base64_encode($newvars), $key);
       }
     }
     else {
@@ -136,7 +139,7 @@
         sprintf("INSERT INTO %s (sess_id, vars, ip, created, changed) ".
           "VALUES (?, ?, ?, %s, %s)",
           get_table_name('session'), $now, $now),
-        $key, $vars, (string)$_SERVER['REMOTE_ADDR']);
+        $key, base64_encode($vars), (string)$_SERVER['REMOTE_ADDR']);
     }
 
     $this->unsets = array();

--
Gitblit v1.9.1