From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 plugins/debug_logger/debug_logger.php |   16 ++++++++++------
 1 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/plugins/debug_logger/debug_logger.php b/plugins/debug_logger/debug_logger.php
index 8cd3351..87a1637 100644
--- a/plugins/debug_logger/debug_logger.php
+++ b/plugins/debug_logger/debug_logger.php
@@ -15,7 +15,7 @@
  * Enable the plugin in config/main.inc.php and add your desired
  * log types and files.
  *
- * @version 1.0
+ * @version @package_version@
  * @author Ziba Scott
  * @website http://roundcube.net
  * 
@@ -106,12 +106,15 @@
 
         if(!isset($args[1])){
             // This could be extended to detect types based on the 
-            // file which called console.  For now only rcube_imap.inc is supported
-            $bt = debug_backtrace(true);
+            // file which called console. For now only rcube_imap/rcube_storage is supported
+            $bt = debug_backtrace();
             $file  = $bt[3]['file'];
             switch(basename($file)){
                 case 'rcube_imap.php':
                     $type = 'imap';
+                    break;
+                case 'rcube_storage.php':
+                    $type = 'storage';
                     break;
                 default:
                     $type = FALSE; 
@@ -139,8 +142,9 @@
         return $args;
     }
 
-    function __destruct(){
-                $this->runlog->end();
+    function __destruct()
+    {
+        if ($this->runlog)
+            $this->runlog->end();
     }
 }
-?>

--
Gitblit v1.9.1