Context Navigation

← Previous Changeset
Next Changeset →

Changeset eee6944 in github

Timestamp:

Nov 27, 2010 8:59:05 AM (2 years ago)

Author:

thomascube <thomas@…>

Branches:

master, HEAD, courier-fix, dev-browser-capabilities, pdo, release-0.6, release-0.7, release-0.8

Children:

5c84da1, a270058

Parents:

Message:

Save session data with bas64 ecoding to make it more robust against garbage data (#1487136)

Files:

: 2 edited

CHANGELOG (modified) (1 diff)
program/include/rcube_session.php (modified) (5 diffs)

Legend:

: Unmodified
: Added
: Removed

CHANGELOG

r63f9dee6	reee6944
2	2	===========================
3	3
	4	- Make session data storage more robust against garbage session data (#1487136)
4	5	- Config option for autocomplete on login screen
5	6	- Allow plugin templates to include local files (#1487133)

program/include/rcube_session.php

-                      rca1f564
+                      reee6944
     if ($sql_arr = $this->db->fetch_assoc($sql_result)) {
       $this->changed = $sql_arr['changed'];
       $this->vars = $sql_arr['vars'];
       $this->ip = $sql_arr['ip'];
       $this->key = $key;
       if (!empty($sql_arr['vars']))
         return $sql_arr['vars'];
+      $this->ip      = $sql_arr['ip'];
+      $this->vars    = base64_decode($sql_arr['vars']);
+      $this->key     = $key;
+      if (!empty($this->vars))
+        return $this->vars;
+    }
 …
     if ($oldvars !== false) {
+      $a_oldvars = $this->unserialize($oldvars);
+      foreach ((array)$this->unsets as $k)
+        unset($a_oldvars[$k]);
+      $newvars = $this->serialize(array_merge(
+        (array)$a_oldvars, (array)$this->unserialize($vars)));
+      $a_oldvars = $this->unserialize($oldvars);
+      if (is_array($a_oldvars)) {
+        foreach ((array)$this->unsets as $k)
+          unset($a_oldvars[$k]);
+        $newvars = $this->serialize(array_merge(
+          (array)$a_oldvars, (array)$this->unserialize($vars)));
+      }
+      else
+        $newvars = $vars;
       if (!$this->lifetime) {
 …
+      }
       else if ($this->keep_alive>0) {
+        $timeout = min($this->lifetime * 0.5,
+                  $this->lifetime - $this->keep_alive);
+        $timeout = min($this->lifetime * 0.5, $this->lifetime - $this->keep_alive);
       } else {
         $timeout = 0;
 …
           sprintf("UPDATE %s SET vars = ?, changed = %s WHERE sess_id = ?",
             get_table_name('session'), $now),
           $newvars, $key);
+          base64_encode($newvars), $key);
+      }
+    }
 …
           "VALUES (?, ?, ?, %s, %s)",
           get_table_name('session'), $now, $now),
         $key, $vars, (string)$_SERVER['REMOTE_ADDR']);
+        $key, base64_encode($vars), (string)$_SERVER['REMOTE_ADDR']);
+    }

Note: See TracChangeset for help on using the changeset viewer.

Download in other formats: