Changeset 4607 in subversion

Timestamp:

Mar 11, 2011 3:55:20 AM (2 years ago)

Author:

alec

Message:

• Applied fixes from trunk

Location:

branches/release-0.5

Files:

• CHANGELOG (modified) (1 diff)
• SQL/postgres.initial.sql (modified) (2 diffs)
• SQL/postgres.update.sql (modified) (1 diff)
• index.php (modified) (2 diffs)
• program/include/rcube_imap_generic.php (modified) (10 diffs)
• program/include/rcube_session.php (modified) (1 diff)
• program/lib/Net/SMTP.php (modified) (10 diffs)

branches/release-0.5/CHANGELOG

@@ -2 +2 @@
 ===========================
 
+- PEAR::Net_SMTP 1.5.1
+- Force names of unique constraints in PostgreSQL DDL
+- Add code for prevention from IMAP connection hangs when server closes socket unexpectedly
+- Remove redundant DELETE query (for old session deletion) on login
+- Get around unreliable rand() and mt_rand() in session ID generation (#1486281)
 - Fix some emails are not shown using Cyrus IMAP (#1487820)
 - Fix handling of mime-encoded words with non-integral number of octets in a word (#1487801)

branches/release-0.5/SQL/postgres.initial.sql

@@ -26 +26 @@
     "language" varchar(5),
     preferences text DEFAULT ''::text NOT NULL,
-    UNIQUE (username, mail_host)
+    CONSTRAINT users_username_key UNIQUE (username, mail_host)
 );
 
@@ -218 +218 @@
     headers text NOT NULL,
     structure text,
-    UNIQUE (user_id, cache_key, uid)
+    CONSTRAINT messages_user_id_key UNIQUE (user_id, cache_key, uid)
 );
 

branches/release-0.5/SQL/postgres.update.sql

@@ -86 +86 @@
 
 DROP INDEX users_username_id_idx;
-ALTER TABLE users ADD UNIQUE (username, mail_host);
+ALTER TABLE users ADD CONSTRAINT users_username_key UNIQUE (username, mail_host);
 ALTER TABLE contacts ALTER email TYPE varchar(255);
 

branches/release-0.5/index.php

@@ -96 +96 @@
   else if ($auth['valid'] && !$auth['abort'] &&
         !empty($auth['host']) && !empty($auth['user']) &&
-        $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'])) {
-    // create new session ID
+        $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'])
+  ) {
+    // create new session ID, don't destroy the current session
+    // it was destroyed already by $RCMAIL->kill_session() above
     $RCMAIL->session->remove('temp');
-    $RCMAIL->session->regenerate_id();
+    $RCMAIL->session->regenerate_id(false);
 
     // send auth cookie if necessary
@@ -111 +113 @@
     if ($url = get_input_value('_url', RCUBE_INPUT_POST)) {
       parse_str($url, $query);
-      
+
       // prevent endless looping on login page
       if ($query['_task'] == 'login')

branches/release-0.5/program/include/rcube_imap_generic.php

@@ -214 +214 @@
         $line = '';
 
-        if (!$this->fp) {
-            return NULL;
-        }
-
         if (!$size) {
             $size = 1024;
@@ -223 +219 @@
 
         do {
-            if (feof($this->fp)) {
+            if ($this->eof()) {
                 return $line ? $line : NULL;
             }
@@ -230 +226 @@
 
             if ($buffer === false) {
-                @fclose($this->fp);
-                $this->fp = null;
+                $this->closeSocket();
                 break;
             }
@@ -238 +233 @@
             }
             $line .= $buffer;
-        } while ($buffer[strlen($buffer)-1] != "\n");
+        } while (substr($buffer, -1) != "\n");
 
         return $line;
@@ -268 +263 @@
         $data = '';
         $len  = 0;
-        while ($len < $bytes && !feof($this->fp))
+        while ($len < $bytes && !$this->eof())
         {
             $d = fread($this->fp, $bytes-$len);
@@ -313 +308 @@
                 $this->errornum = self::ERROR_BAD;
             } else if ($res == 'BYE') {
-                @fclose($this->fp);
-                $this->fp = null;
+                $this->closeSocket();
                 $this->errornum = self::ERROR_BYE;
             }
@@ -340 +334 @@
     }
 
+    private function eof()
+    {
+        if (!is_resource($this->fp)) {
+            return true;
+        }
+
+        // If a connection opened by fsockopen() wasn't closed
+        // by the server, feof() will hang.
+        $start = microtime(true);
+
+        if (feof($this->fp) || 
+            ($this->prefs['timeout'] && (microtime(true) - $start > $this->prefs['timeout']))
+        ) {
+            $this->closeSocket();
+            return true;
+        }
+
+        return false;
+    }
+
+    private function closeSocket()
+    {
+        @fclose($this->fp);
+        $this->fp = null;
+    }
+
     function setError($code, $msg='')
     {
@@ -361 +381 @@
         if ($error && preg_match('/^\* (BYE|BAD) /i', $string, $m)) {
             if (strtoupper($m[1]) == 'BYE') {
-                @fclose($this->fp);
-                $this->fp = null;
+                $this->closeSocket();
             }
             return true;
@@ -702 +721 @@
         }
 
+        if ($this->prefs['timeout'] <= 0) {
+            $this->prefs['timeout'] = ini_get('default_socket_timeout');
+        }
+
         // Connect
-        if ($this->prefs['timeout'] > 0)
-            $this->fp = @fsockopen($host, $this->prefs['port'], $errno, $errstr, $this->prefs['timeout']);
-        else
-            $this->fp = @fsockopen($host, $this->prefs['port'], $errno, $errstr);
+        $this->fp = @fsockopen($host, $this->prefs['port'], $errno, $errstr, $this->prefs['timeout']);
 
         if (!$this->fp) {
@@ -856 +876 @@
         }
 
-        @fclose($this->fp);
-        $this->fp = false;
+        $this->closeSocket();
     }
 

branches/release-0.5/program/include/rcube_session.php

@@ -184 +184 @@
 
 
-  public function regenerate_id()
-  {
-    $randval = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
-
-    for ($random = '', $i=1; $i <= 32; $i++) {
-      $random .= substr($randval, mt_rand(0,(strlen($randval) - 1)), 1);
-    }
-
-    // use md5 value for id or remove capitals from string $randval
-    $random = md5($random);
-
-    // delete old session record
-    $this->destroy(session_id());
-
-    session_id($random);
-
-    $cookie   = session_get_cookie_params();
-    $lifetime = $cookie['lifetime'] ? time() + $cookie['lifetime'] : 0;
-
-    rcmail::setcookie(session_name(), $random, $lifetime);
-
+  public function regenerate_id($destroy=true)
+  {
+    session_regenerate_id($destroy);
+
+    $this->vars = false;
+    $this->key  = session_id();
     return true;
   }

branches/release-0.5/program/lib/Net/SMTP.php

@@ -107 +107 @@
 
     /**
+     * The socket I/O timeout value in seconds.
+     * @var int
+     * @access private
+     */
+    var $_timeout = 0;
+
+    /**
      * The most recent server response code.
      * @var int
@@ -149 +156 @@
      * @param string  $localhost  The value to give when sending EHLO or HELO.
      * @param boolean $pipeling   Use SMTP command pipelining
+     * @param integer $timeout    Socket I/O timeout in seconds.
      *
      * @access  public
      * @since   1.0
      */
-    function Net_SMTP($host = null, $port = null, $localhost = null, $pipelining = false)
+    function Net_SMTP($host = null, $port = null, $localhost = null,
+        $pipelining = false, $timeout = 0)
     {
         if (isset($host)) {
@@ -167 +176 @@
 
         $this->_socket = new Net_Socket();
+        $this->_timeout = $timeout;
 
         /* Include the Auth_SASL package.  If the package is not
@@ -180 +190 @@
 
     /**
+     * Set the socket I/O timeout value in seconds plus microseconds.
+     *
+     * @param   integer $seconds        Timeout value in seconds.
+     * @param   integer $microseconds   Additional value in microseconds.
+     *
+     * @access  public
+     * @since   1.5.0
+     */
+    function setTimeout($seconds, $microseconds = 0) {
+        return $this->_socket->setTimeout($seconds, $microseconds);
+    }
+
+    /**
      * Set the value of the debugging flag.
      *
@@ -370 +393 @@
      *
      * @param   int     $timeout    The timeout value (in seconds) for the
-     *                              socket connection.
+     *                              socket connection attempt.
      * @param   bool    $persistent Should a persistent socket connection
      *                              be used?
@@ -387 +410 @@
             return PEAR::raiseError('Failed to connect socket: ' .
                                     $result->getMessage());
+        }
+
+        /*
+         * Now that we're connected, reset the socket's timeout value for 
+         * future I/O operations.  This allows us to have different socket 
+         * timeout values for the initial connection (our $timeout parameter) 
+         * and all other socket operations.
+         */
+        if (PEAR::isError($error = $this->setTimeout($this->_timeout))) {
+            return $error;
         }
 
@@ -618 +651 @@
         $digest = &Auth_SASL::factory('digestmd5');
         $auth_str = base64_encode($digest->getResponse($uid, $pwd, $challenge,
-                                                       $this->host, "smtp", $authz));
+                                                       $this->host, "smtp",
+                                                       $authz));
 
         if (PEAR::isError($error = $this->_put($auth_str))) {
@@ -831 +865 @@
                 $args .= ' XVERP=' . $params['verp'];
             }
-        } elseif (is_string($params)) {
+        } elseif (is_string($params) && !empty($params)) {
             $args .= ' ' . $params;
         }
@@ -920 +954 @@
         }
 
-        /* RFC 1870, section 3, subsection 3 states "a value of zero
-         * indicates that no fixed maximum message size is in force".
-         * Furthermore, it says that if "the parameter is omitted no
-         * information is conveyed about the server's fixed maximum
-         * message size". */
-        if (isset($this->_esmtp['SIZE']) && ($this->_esmtp['SIZE'] > 0)) {
-            /* Start by considering the size of the optional headers string.  
-             * We also account for the addition 4 character "\r\n\r\n"
-             * separator sequence. */
-            $size = (is_null($headers)) ? 0 : strlen($headers) + 4;
-
-            if (is_resource($data)) {
-                $stat = fstat($data);
-                if ($stat === false) {
-                    return PEAR::raiseError('Failed to get file size');
-                }
-                $size += $stat['size'];
-            } else {
-                $size += strlen($data);
-            }
-
-            if ($size >= $this->_esmtp['SIZE']) {
-                $this->disconnect();
-                return PEAR::raiseError('Message size exceeds server limit');
-            }
+        /* Start by considering the size of the optional headers string.  We
+         * also account for the addition 4 character "\r\n\r\n" separator
+         * sequence. */
+        $size = (is_null($headers)) ? 0 : strlen($headers) + 4;
+
+        if (is_resource($data)) {
+            $stat = fstat($data);
+            if ($stat === false) {
+                return PEAR::raiseError('Failed to get file size');
+            }
+            $size += $stat['size'];
+        } else {
+            $size += strlen($data);
+        }
+
+        /* RFC 1870, section 3, subsection 3 states "a value of zero indicates
+         * that no fixed maximum message size is in force".  Furthermore, it
+         * says that if "the parameter is omitted no information is conveyed
+         * about the server's fixed maximum message size". */
+        $limit = (isset($this->_esmtp['SIZE'])) ? $this->_esmtp['SIZE'] : 0;
+        if ($limit > 0 && $size >= $limit) {
+            $this->disconnect();
+            return PEAR::raiseError('Message size exceeds server limit');
         }
 
@@ -975 +1007 @@
             }
         } else {
-            if (!isset($size))
-                $size = strlen($data);
             /*
              * Break up the data by sending one chunk (up to 512k) at a time.