githubFork/roundcubemail.git

			@@ -1,6 +1,6 @@
			<?php

			/*
			/**
			+-----------------------------------------------------------------------+
			\| This file is part of the Roundcube Webmail client \|
			\| Copyright (C) 2005-2014, The Roundcube Dev Team \|
			@@ -15,7 +15,7 @@
			+-----------------------------------------------------------------------+
			\| Author: Thomas Bruederli <roundcube@gmail.com> \|
			\| Author: Aleksander Machniak <alec@alec.pl> \|
			\| Author: Cor Bosman <cor@roundcu.be> \|
			\| Author: Cor Bosman <cor@roundcu.be> \|
			+-----------------------------------------------------------------------+
			*/

			@@ -29,22 +29,22 @@
			*/
			abstract class rcube_session
			{
			protected $config;
			protected $key;
			protected $ip;
			protected $changed;
			protected $start;
			protected $time_diff = 0;
			protected $reloaded = false;
			protected $appends = array();
			protected $unsets = array();
			protected $gc_handlers = array();
			protected $cookiename = 'roundcube_sessauth';
			protected $vars;
			protected $now;
			protected $secret = '';
			protected $ip_check = false;
			protected $logging = false;
			protected $config;
			protected $time_diff = 0;
			protected $reloaded = false;
			protected $appends = array();
			protected $unsets = array();
			protected $gc_handlers = array();
			protected $cookiename = 'roundcube_sessauth';
			protected $secret = '';
			protected $ip_check = false;
			protected $logging = false;

			/**
			* Blocks session data from being written to database.
			@@ -116,7 +116,6 @@
			);
			}


			/**
			* Wrapper for session_start()
			*/
			@@ -142,12 +141,12 @@
			abstract function write($key, $vars);
			abstract function update($key, $newvars, $oldvars);


			/**
			* session write handler. This calls the implementation methods for write/update after some initial checks.
			*
			* @param $key
			* @param $vars
			*
			* @return bool
			*/
			public function sess_write($key, $vars)
			@@ -168,7 +167,6 @@
			return $this->write($key, $vars);
			}
			}


			/**
			* Wrapper for session_write_close()
			@@ -242,7 +240,6 @@
			$this->gc_handlers[] = $func;
			}


			/**
			* Garbage collector handler to run on script shutdown
			*/
			@@ -254,7 +251,6 @@
			}
			}
			}


			/**
			* Generate and set new session id
			@@ -294,7 +290,6 @@
			return $cache;
			}


			/**
			* Append the given value to the certain node in the session data array
			*
			@@ -328,7 +323,6 @@
			unset($this->unsets[$path]);
			}


			/**
			* Unset a session variable
			*
			@@ -356,18 +350,16 @@
			return true;
			}


			/**
			* Kill this session
			*/
			public function kill()
			{
			$this->vars = null;
			$this->ip = rcube_utils::remote_addr(); // update IP (might have changed)
			$this->ip = rcube_utils::remote_addr(); // update IP (might have changed)
			$this->destroy(session_id());
			rcube_utils::setcookie($this->cookiename, '-del-', time() - 60);
			}


			/**
			* Re-read session data from storage backend
			@@ -443,7 +435,6 @@

			return $data;
			}


			/**
			* Unserialize session data
			@@ -543,7 +534,6 @@
			return unserialize( 'a:' . $items . ':{' . $serialized . '}' );
			}


			/**
			* Setter for session lifetime
			*/
			@@ -556,7 +546,6 @@
			$this->now = $now - ($now % ($this->lifetime / 2));
			}


			/**
			* Getter for remote IP saved with this session
			*/
			@@ -564,7 +553,6 @@
			{
			return $this->ip;
			}


			/**
			* Setter for cookie encryption secret
			@@ -574,7 +562,6 @@
			$this->secret = $secret;
			}


			/**
			* Enable/disable IP check
			*/
			@@ -582,7 +569,6 @@
			{
			$this->ip_check = $check;
			}


			/**
			* Setter for the cookie name used for session cookie
			@@ -593,7 +579,6 @@
			$this->cookiename = $cookiename;
			}
			}


			/**
			* Check session authentication cookie
			@@ -632,7 +617,6 @@
			return $result;
			}


			/**
			* Set session authentication cookie
			*/
			@@ -643,17 +627,67 @@
			$_COOKIE[$this->cookiename] = $this->cookie;
			}


			/**
			* Create session cookie from session data
			* Create session cookie from session data.
			* The cookie will be hashed using a method defined by session.hash_function.
			*
			* @param int Time slot to use
			*
			* @return string
			*/
			function _mkcookie($timeslot)
			protected function _mkcookie($timeslot)
			{
			$auth_string = "$this->key,$this->secret,$timeslot";
			return "S" . (function_exists('sha1') ? sha1($auth_string) : md5($auth_string));
			$hash_method = (string) ini_get('session.hash_function');
			$hash_nbits = (int) ini_get('session.hash_bits_per_character');

			if (!$hash_method) {
			$hash_method = 'md5';
			}
			else if ($hash_method === '1') {
			$hash_method = 'sha1';
			}

			if ($hash_nbits < 4 \|\| $hash_nbits > 6) {
			$hash_nbits = 4;
			}

			// Hash the authentication string
			$hash = openssl_digest($auth_string, $hash_method, true);

			// Above method returns "hexits". To be really compatible
			// with session hashes generated by PHP core we'll get
			// a raw (binary) hash and convert it to a readable form
			// as in bin_to_readable() function in ext/session/session.c.
			$hextab = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ,-";
			$length = strlen($hash);
			$result = '';
			$char = 0;
			$i = 0;
			$have = 0;
			$mask = (1 << $hash_nbits) - 1;

			while (true) {
			if ($have < $hash_nbits) {
			if ($i < $length) {
			$char \|= ord($hash[$i++]) << $have;
			$have += 8;
			}
			else if (!$have) {
			break;
			}
			else {
			$have = $hash_nbits;
			}
			}

			// consume nbits
			$result .= $hextab[$char & $mask];
			$char >>= $hash_nbits;
			$have -= $hash_nbits;
			}

			return $result;
			}

			/**