githubFork/roundcubemail.git

			@@ -40,11 +40,12 @@
			protected $reloaded = false;
			protected $appends = array();
			protected $unsets = array();
			protected $gc_enabled = 0;
			protected $gc_handlers = array();
			protected $cookiename = 'roundcube_sessauth';
			protected $secret = '';
			protected $ip_check = false;
			protected $logging = false;


			/**
			* Blocks session data from being written to database.
			@@ -85,9 +86,6 @@
			public function __construct($config)
			{
			$this->config = $config;

			// set secret
			$this->set_secret($this->config->get('des_key') . dirname($_SERVER['SCRIPT_NAME']));

			// set ip check
			$this->set_ip_check($this->config->get('ip_check'));
			@@ -159,7 +157,7 @@
			$oldvars = $this->get_cache($key);

			// if there are cached vars, update store, else insert new data
			if ($oldvars !== null) {
			if ($oldvars) {
			$newvars = $this->_fixvars($vars, $oldvars);
			return $this->update($key, $newvars, $oldvars);
			}
			@@ -221,7 +219,9 @@
			{
			// move gc execution to the script shutdown function
			// see rcube::shutdown() and rcube_session::write_close()
			return $this->gc_enabled = $maxlifetime;
			$this->gc_enabled = $maxlifetime;

			return true;
			}

			/**
			@@ -269,10 +269,11 @@
			}

			/**
			* see if we have vars of this key already cached, and if so, return them.
			* See if we have vars of this key already cached, and if so, return them.
			*
			* @param $key
			* @return null\|array
			* @param string $key Session ID
			*
			* @return string
			*/
			protected function get_cache($key)
			{
			@@ -287,11 +288,14 @@
			else { // else read data again
			$cache = $this->read($key);
			}

			return $cache;
			}

			/**
			* Append the given value to the certain node in the session data array
			*
			* Warning: Do not use if you already modified $_SESSION in the same request (#1490608)
			*
			* @param string Path denoting the session variable where to append the value
			* @param string Key name under which to append the new value (use null for appending to an indexed list)
			@@ -319,8 +323,9 @@
			$this->appends[] = $path;

			// when overwriting a previously unset variable
			if ($this->unsets[$path])
			if ($this->unsets[$path]) {
			unset($this->unsets[$path]);
			}
			}

			/**
			@@ -376,7 +381,7 @@
			$node[$k] = $value;
			}

			if($this->key) {
			if ($this->key) {
			$data = $this->read($this->key);
			}

			@@ -398,7 +403,6 @@
			}
			}
			}

			}

			/**
			@@ -557,9 +561,19 @@
			/**
			* Setter for cookie encryption secret
			*/
			function set_secret($secret)
			function set_secret($secret = null)
			{
			$this->secret = $secret;
			// generate random hash and store in session
			if (!$secret) {
			if (!empty($_SESSION['auth_secret'])) {
			$secret = $_SESSION['auth_secret'];
			}
			else {
			$secret = rcube_utils::random_bytes(strlen($this->key));
			}
			}

			$_SESSION['auth_secret'] = $secret;
			}

			/**
			@@ -620,7 +634,7 @@
			/**
			* Set session authentication cookie
			*/
			function set_auth_cookie()
			public function set_auth_cookie()
			{
			$this->cookie = $this->_mkcookie($this->now);
			rcube_utils::setcookie($this->cookiename, $this->cookie, 0);
			@@ -628,15 +642,19 @@
			}

			/**
			* Create session cookie from session data
			* Create session cookie for specified time slot.
			*
			* @param int Time slot to use
			*
			* @return string
			*/
			function _mkcookie($timeslot)
			protected function _mkcookie($timeslot)
			{
			$auth_string = "$this->key,$this->secret,$timeslot";
			return "S" . (function_exists('sha1') ? sha1($auth_string) : md5($auth_string));
			// make sure the secret key exists
			$this->set_secret();

			// no need to hash this, it's just a random string
			return $_SESSION['auth_secret'] . '-' . $timeslot;
			}

			/**