Date: Tue, 22 Sep 2015 18:22:13 +0000 (UTC) From: Alex Dupre <ale@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r397565 - in head/mail/roundcube: . files Message-ID: <201509221822.t8MIMD4f073316@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ale Date: Tue Sep 22 18:22:12 2015 New Revision: 397565 URL: https://svnweb.freebsd.org/changeset/ports/397565 Log: Fix session handling when php-suhosin session encryption is not enabled. PR: 203260 Submitted by: Mark.Martinec@ijs.si Modified: head/mail/roundcube/Makefile head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php Modified: head/mail/roundcube/Makefile ============================================================================== --- head/mail/roundcube/Makefile Tue Sep 22 18:18:13 2015 (r397564) +++ head/mail/roundcube/Makefile Tue Sep 22 18:22:12 2015 (r397565) @@ -2,6 +2,7 @@ PORTNAME= roundcube DISTVERSION= 1.1.3 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES?= mail www MASTER_SITES= SF/${PORTNAME}mail/${PORTNAME}mail/${DISTVERSION:tu} Modified: head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php ============================================================================== --- head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php Tue Sep 22 18:18:13 2015 (r397564) +++ head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php Tue Sep 22 18:22:12 2015 (r397565) @@ -1,5 +1,5 @@ ---- program/lib/Roundcube/rcube_session.php.orig 2015-02-08 13:43:28.000000000 +0000 -+++ program/lib/Roundcube/rcube_session.php 2015-02-19 13:43:29.477065794 +0000 +--- program/lib/Roundcube/rcube_session.php.orig 2015-09-22 15:24:26.400132239 +0000 ++++ program/lib/Roundcube/rcube_session.php 2015-09-22 15:24:08.430133455 +0000 @@ -35,7 +35,6 @@ private $time_diff = 0; private $reloaded = false; @@ -8,16 +8,34 @@ private $gc_handlers = array(); private $cookiename = 'roundcube_sessauth'; private $vars; -@@ -184,7 +183,7 @@ +@@ -46,6 +45,7 @@ + private $logging = false; + private $storage; + private $memcache; ++ private $need_base64 = false; + + /** + * Blocks session data from being written to database. +@@ -95,6 +95,9 @@ + else if ($this->storage != 'php') { + ini_set('session.serialize_handler', 'php'); + ++ if (ini_get("suhosin.session.encrypt") !== "1") ++ $this->need_base64 = true; ++ + // set custom functions for PHP session management + session_set_save_handler( + array($this, 'open'), +@@ -192,7 +195,7 @@ $this->time_diff = time() - strtotime($sql_arr['ts']); $this->changed = strtotime($sql_arr['changed']); $this->ip = $sql_arr['ip']; - $this->vars = base64_decode($sql_arr['vars']); -+ $this->vars = $sql_arr['vars']; ++ $this->vars = $this->_decode($sql_arr['vars']); $this->key = $key; return !empty($this->vars) ? (string) $this->vars : ''; -@@ -224,12 +223,12 @@ +@@ -232,12 +235,12 @@ } if ($oldvars !== null) { @@ -28,27 +46,28 @@ $this->db->query("UPDATE {$this->table_name} " . "SET `changed` = $now, `vars` = ? WHERE `sess_id` = ?", - base64_encode($newvars), $key); -+ $newvars, $key); ++ $this->_encode($newvars), $key); } else if ($ts - $this->changed + $this->time_diff > $this->lifetime / 2) { $this->db->query("UPDATE {$this->table_name} SET `changed` = $now" -@@ -240,7 +239,7 @@ +@@ -248,44 +251,30 @@ $this->db->query("INSERT INTO {$this->table_name}" . " (`sess_id`, `vars`, `ip`, `created`, `changed`)" . " VALUES (?, ?, ?, $now, $now)", - $key, base64_encode($vars), (string)$this->ip); -+ $key, $vars, (string)$this->ip); ++ $key, $this->_encode($vars), (string)$this->ip); } return true; -@@ -248,40 +247,6 @@ + } - /** +- /** - * Merge vars with old vars and apply unsets - */ - private function _fixvars($vars, $oldvars) -- { ++ private function _encode($vars) + { - if ($oldvars !== null) { - $a_oldvars = $this->unserialize($oldvars); - if (is_array($a_oldvars)) { @@ -71,18 +90,27 @@ - else { - $newvars = $vars; - } -- } -- ++ if ($this->need_base64) { ++ return base64_encode($vars); ++ } else { ++ return $vars; + } ++ } + - $this->unsets = array(); - return $newvars; -- } -- -- -- /** - * Handler for session_destroy() - * - * @param string Session ID -@@ -342,7 +307,7 @@ ++ ++ private function _decode($vars) ++ { ++ if ($this->need_base64) { ++ return base64_decode($vars); ++ } else { ++ return $vars; ++ } + } + + +@@ -350,7 +339,7 @@ else // else read data again $oldvars = $this->mc_read($key); @@ -91,7 +119,7 @@ if ($newvars !== $oldvars || $ts - $this->changed > $this->lifetime / 3) { return $this->memcache->set($key, serialize(array('changed' => time(), 'ip' => $this->ip, 'vars' => $newvars)), -@@ -480,8 +445,6 @@ +@@ -488,8 +477,6 @@ return $this->destroy(session_id()); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201509221822.t8MIMD4f073316>