diff options
author | Alex Dupre <ale@FreeBSD.org> | 2015-09-22 18:22:12 +0000 |
---|---|---|
committer | Alex Dupre <ale@FreeBSD.org> | 2015-09-22 18:22:12 +0000 |
commit | 37c304c44f5d751003a7df3df0e195f1ac11ca10 (patch) | |
tree | ba498c659d3684f8b1614a215388d1452512110f /mail/roundcube | |
parent | f034b152a71e4dd703e8bff6281d8d47009d7f40 (diff) | |
download | ports-37c304c44f5d751003a7df3df0e195f1ac11ca10.tar.gz ports-37c304c44f5d751003a7df3df0e195f1ac11ca10.zip |
Fix session handling when php-suhosin session encryption is not enabled.
PR: 203260
Submitted by: Mark.Martinec@ijs.si
Notes
Notes:
svn path=/head/; revision=397565
Diffstat (limited to 'mail/roundcube')
-rw-r--r-- | mail/roundcube/Makefile | 1 | ||||
-rw-r--r-- | mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php | 72 |
2 files changed, 51 insertions, 22 deletions
diff --git a/mail/roundcube/Makefile b/mail/roundcube/Makefile index efdffbf5c4ef..02a5d5dfa123 100644 --- a/mail/roundcube/Makefile +++ b/mail/roundcube/Makefile @@ -2,6 +2,7 @@ PORTNAME= roundcube DISTVERSION= 1.1.3 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES?= mail www MASTER_SITES= SF/${PORTNAME}mail/${PORTNAME}mail/${DISTVERSION:tu} diff --git a/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php b/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php index e54cc724572e..371c97f6ccfa 100644 --- a/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php +++ b/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php @@ -1,5 +1,5 @@ ---- program/lib/Roundcube/rcube_session.php.orig 2015-02-08 13:43:28.000000000 +0000 -+++ program/lib/Roundcube/rcube_session.php 2015-02-19 13:43:29.477065794 +0000 +--- program/lib/Roundcube/rcube_session.php.orig 2015-09-22 15:24:26.400132239 +0000 ++++ program/lib/Roundcube/rcube_session.php 2015-09-22 15:24:08.430133455 +0000 @@ -35,7 +35,6 @@ private $time_diff = 0; private $reloaded = false; @@ -8,16 +8,34 @@ private $gc_handlers = array(); private $cookiename = 'roundcube_sessauth'; private $vars; -@@ -184,7 +183,7 @@ +@@ -46,6 +45,7 @@ + private $logging = false; + private $storage; + private $memcache; ++ private $need_base64 = false; + + /** + * Blocks session data from being written to database. +@@ -95,6 +95,9 @@ + else if ($this->storage != 'php') { + ini_set('session.serialize_handler', 'php'); + ++ if (ini_get("suhosin.session.encrypt") !== "1") ++ $this->need_base64 = true; ++ + // set custom functions for PHP session management + session_set_save_handler( + array($this, 'open'), +@@ -192,7 +195,7 @@ $this->time_diff = time() - strtotime($sql_arr['ts']); $this->changed = strtotime($sql_arr['changed']); $this->ip = $sql_arr['ip']; - $this->vars = base64_decode($sql_arr['vars']); -+ $this->vars = $sql_arr['vars']; ++ $this->vars = $this->_decode($sql_arr['vars']); $this->key = $key; return !empty($this->vars) ? (string) $this->vars : ''; -@@ -224,12 +223,12 @@ +@@ -232,12 +235,12 @@ } if ($oldvars !== null) { @@ -28,27 +46,28 @@ $this->db->query("UPDATE {$this->table_name} " . "SET `changed` = $now, `vars` = ? WHERE `sess_id` = ?", - base64_encode($newvars), $key); -+ $newvars, $key); ++ $this->_encode($newvars), $key); } else if ($ts - $this->changed + $this->time_diff > $this->lifetime / 2) { $this->db->query("UPDATE {$this->table_name} SET `changed` = $now" -@@ -240,7 +239,7 @@ +@@ -248,44 +251,30 @@ $this->db->query("INSERT INTO {$this->table_name}" . " (`sess_id`, `vars`, `ip`, `created`, `changed`)" . " VALUES (?, ?, ?, $now, $now)", - $key, base64_encode($vars), (string)$this->ip); -+ $key, $vars, (string)$this->ip); ++ $key, $this->_encode($vars), (string)$this->ip); } return true; -@@ -248,40 +247,6 @@ + } - /** +- /** - * Merge vars with old vars and apply unsets - */ - private function _fixvars($vars, $oldvars) -- { ++ private function _encode($vars) + { - if ($oldvars !== null) { - $a_oldvars = $this->unserialize($oldvars); - if (is_array($a_oldvars)) { @@ -71,18 +90,27 @@ - else { - $newvars = $vars; - } -- } -- ++ if ($this->need_base64) { ++ return base64_encode($vars); ++ } else { ++ return $vars; + } ++ } + - $this->unsets = array(); - return $newvars; -- } -- -- -- /** - * Handler for session_destroy() - * - * @param string Session ID -@@ -342,7 +307,7 @@ ++ ++ private function _decode($vars) ++ { ++ if ($this->need_base64) { ++ return base64_decode($vars); ++ } else { ++ return $vars; ++ } + } + + +@@ -350,7 +339,7 @@ else // else read data again $oldvars = $this->mc_read($key); @@ -91,7 +119,7 @@ if ($newvars !== $oldvars || $ts - $this->changed > $this->lifetime / 3) { return $this->memcache->set($key, serialize(array('changed' => time(), 'ip' => $this->ip, 'vars' => $newvars)), -@@ -480,8 +445,6 @@ +@@ -488,8 +477,6 @@ return $this->destroy(session_id()); } |