Fix session handling when php-suhosin session encryption is not enabled.

PR: 203260 Submitted by: Mark.Martinec@ijs.si
author: Alex Dupre <ale@FreeBSD.org> 2015-09-22 18:22:12 +0000
committer: Alex Dupre <ale@FreeBSD.org> 2015-09-22 18:22:12 +0000
commit: 37c304c44f5d751003a7df3df0e195f1ac11ca10 (patch)
tree: ba498c659d3684f8b1614a215388d1452512110f /mail/roundcube
parent: f034b152a71e4dd703e8bff6281d8d47009d7f40 (diff)
download: ports-37c304c44f5d751003a7df3df0e195f1ac11ca10.tar.gz
ports-37c304c44f5d751003a7df3df0e195f1ac11ca10.zip
2 files changed, 51 insertions, 22 deletions
diff --git a/mail/roundcube/Makefile b/mail/roundcube/Makefile
index efdffbf5c4ef..02a5d5dfa123 100644
--- a/mail/roundcube/Makefile
+++ b/mail/roundcube/Makefile
@@ -2,6 +2,7 @@
 
 PORTNAME=	roundcube
 DISTVERSION=	1.1.3
+PORTREVISION=	1
 PORTEPOCH=	1
 CATEGORIES?=	mail www
 MASTER_SITES=	SF/${PORTNAME}mail/${PORTNAME}mail/${DISTVERSION:tu}
diff --git a/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php b/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php
index e54cc724572e..371c97f6ccfa 100644
--- a/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php
+++ b/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php
@@ -1,5 +1,5 @@
---- program/lib/Roundcube/rcube_session.php.orig	2015-02-08 13:43:28.000000000 +0000
-+++ program/lib/Roundcube/rcube_session.php	2015-02-19 13:43:29.477065794 +0000
+--- program/lib/Roundcube/rcube_session.php.orig	2015-09-22 15:24:26.400132239 +0000
++++ program/lib/Roundcube/rcube_session.php	2015-09-22 15:24:08.430133455 +0000
 @@ -35,7 +35,6 @@
      private $time_diff = 0;
      private $reloaded = false;
@@ -8,16 +8,34 @@
      private $gc_handlers = array();
      private $cookiename = 'roundcube_sessauth';
      private $vars;
-@@ -184,7 +183,7 @@
+@@ -46,6 +45,7 @@
+     private $logging = false;
+     private $storage;
+     private $memcache;
++    private $need_base64 = false;
+ 
+     /**
+      * Blocks session data from being written to database.
+@@ -95,6 +95,9 @@
+         else if ($this->storage != 'php') {
+             ini_set('session.serialize_handler', 'php');
+ 
++            if (ini_get("suhosin.session.encrypt") !== "1")
++                $this->need_base64 = true;
++
+             // set custom functions for PHP session management
+             session_set_save_handler(
+                 array($this, 'open'),
+@@ -192,7 +195,7 @@
              $this->time_diff = time() - strtotime($sql_arr['ts']);
              $this->changed   = strtotime($sql_arr['changed']);
              $this->ip        = $sql_arr['ip'];
 -            $this->vars      = base64_decode($sql_arr['vars']);
-+            $this->vars      = $sql_arr['vars'];
++            $this->vars      = $this->_decode($sql_arr['vars']);
              $this->key       = $key;
  
              return !empty($this->vars) ? (string) $this->vars : '';
-@@ -224,12 +223,12 @@
+@@ -232,12 +235,12 @@
          }
  
          if ($oldvars !== null) {
@@ -28,27 +46,28 @@
                  $this->db->query("UPDATE {$this->table_name} "
                      . "SET `changed` = $now, `vars` = ? WHERE `sess_id` = ?",
 -                    base64_encode($newvars), $key);
-+                    $newvars, $key);
++                    $this->_encode($newvars), $key);
              }
              else if ($ts - $this->changed + $this->time_diff > $this->lifetime / 2) {
                  $this->db->query("UPDATE {$this->table_name} SET `changed` = $now"
-@@ -240,7 +239,7 @@
+@@ -248,44 +251,30 @@
              $this->db->query("INSERT INTO {$this->table_name}"
                  . " (`sess_id`, `vars`, `ip`, `created`, `changed`)"
                  . " VALUES (?, ?, ?, $now, $now)",
 -                $key, base64_encode($vars), (string)$this->ip);
-+                $key, $vars, (string)$this->ip);
++                $key, $this->_encode($vars), (string)$this->ip);
          }
  
          return true;
-@@ -248,40 +247,6 @@
+     }
  
  
-     /**
+-    /**
 -     * Merge vars with old vars and apply unsets
 -     */
 -    private function _fixvars($vars, $oldvars)
--    {
++    private function _encode($vars)
+     {
 -        if ($oldvars !== null) {
 -            $a_oldvars = $this->unserialize($oldvars);
 -            if (is_array($a_oldvars)) {
@@ -71,18 +90,27 @@
 -            else {
 -                $newvars = $vars;
 -            }
--        }
--
++        if ($this->need_base64) {
++            return base64_encode($vars);
++        } else {
++            return $vars;
+         }
++    }
+ 
 -        $this->unsets = array();
 -        return $newvars;
--    }
--
--
--    /**
-      * Handler for session_destroy()
-      *
-      * @param string Session ID
-@@ -342,7 +307,7 @@
++
++    private function _decode($vars) 
++    {
++        if ($this->need_base64) {
++            return base64_decode($vars);
++        } else {
++            return $vars;
++        }
+     }
+ 
+ 
+@@ -350,7 +339,7 @@
          else // else read data again
              $oldvars = $this->mc_read($key);
  
@@ -91,7 +119,7 @@
  
          if ($newvars !== $oldvars || $ts - $this->changed > $this->lifetime / 3) {
              return $this->memcache->set($key, serialize(array('changed' => time(), 'ip' => $this->ip, 'vars' => $newvars)),
-@@ -480,8 +445,6 @@
+@@ -488,8 +477,6 @@
              return $this->destroy(session_id());
          }
author	Alex Dupre <ale@FreeBSD.org>	2015-09-22 18:22:12 +0000
committer	Alex Dupre <ale@FreeBSD.org>	2015-09-22 18:22:12 +0000
commit	37c304c44f5d751003a7df3df0e195f1ac11ca10 (patch)
tree	ba498c659d3684f8b1614a215388d1452512110f /mail/roundcube
parent	f034b152a71e4dd703e8bff6281d8d47009d7f40 (diff)
download	ports-37c304c44f5d751003a7df3df0e195f1ac11ca10.tar.gz ports-37c304c44f5d751003a7df3df0e195f1ac11ca10.zip