From ba48318e2c87f4d07982978e539151c1abcf2114 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Mon, 28 Sep 2015 13:21:28 -0400
Subject: [PATCH] Fix so database_attachments::cleanup() does not remove attachments from other sessions (#1490542)
---
CHANGELOG | 1 +
plugins/database_attachments/database_attachments.php | 11 +++++++++--
plugins/redundant_attachments/redundant_attachments.php | 22 ++++++++++------------
3 files changed, 20 insertions(+), 14 deletions(-)
diff --git a/CHANGELOG b/CHANGELOG
index 85f0bca..ec7bfee 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -3,6 +3,7 @@
- Fix so Installer requires PHP5
- Make brute force attacks harder by re-generating security token on every failed login (#1490549)
+- Fix so database_attachments::cleanup() does not remove attachments from other sessions (#1490542)
RELEASE 1.1.3
-------------
diff --git a/plugins/database_attachments/database_attachments.php b/plugins/database_attachments/database_attachments.php
index 735915a..31747b3 100644
--- a/plugins/database_attachments/database_attachments.php
+++ b/plugins/database_attachments/database_attachments.php
@@ -22,7 +22,7 @@
protected $cache;
// A prefix for the cache key used in the session and in the key field of the cache table
- protected $prefix = "db_attach";
+ const PREFIX = "ATTACH";
/**
* Save a newly uploaded attachment
@@ -153,9 +153,16 @@
$ttl = 12 * 60 * 60; // default: 12 hours
$ttl = $rcmail->config->get('database_attachments_cache_ttl', $ttl);
$type = $rcmail->config->get('database_attachments_cache', 'db');
+ $prefix = self::PREFIX;
+
+ // Add session identifier to the prefix to prevent from removing attachments
+ // in other sessions of the same user (#1490542)
+ if ($id = session_id()) {
+ $prefix .= $id;
+ }
// Init SQL cache (disable cache data serialization)
- $this->cache = $rcmail->get_cache($this->prefix, $type, $ttl, false);
+ $this->cache = $rcmail->get_cache($prefix, $type, $ttl, false);
}
return $this->cache;
diff --git a/plugins/redundant_attachments/redundant_attachments.php b/plugins/redundant_attachments/redundant_attachments.php
index 24af7d9..ef758bb 100644
--- a/plugins/redundant_attachments/redundant_attachments.php
+++ b/plugins/redundant_attachments/redundant_attachments.php
@@ -36,7 +36,7 @@
class redundant_attachments extends filesystem_attachments
{
// A prefix for the cache key used in the session and in the key field of the cache table
- private $prefix = "ATTACH";
+ const PREFIX = "ATTACH";
// rcube_cache instance for SQL DB
private $cache;
@@ -46,13 +46,6 @@
private $loaded;
- /**
- * Default constructor
- */
- function init()
- {
- parent::init();
- }
/**
* Loads plugin configuration and initializes cache object(s)
@@ -68,15 +61,20 @@
// load configuration
$this->load_config();
- $ttl = 12 * 60 * 60; // 12 hours
- $ttl = $rcmail->config->get('redundant_attachments_cache_ttl', $ttl);
+ $ttl = 12 * 60 * 60; // 12 hours
+ $ttl = $rcmail->config->get('redundant_attachments_cache_ttl', $ttl);
+ $prefix = self::PREFIX;
+
+ if ($id = session_id()) {
+ $prefix .= $id;
+ }
// Init SQL cache (disable cache data serialization)
- $this->cache = $rcmail->get_cache($this->prefix, 'db', $ttl, false);
+ $this->cache = $rcmail->get_cache($prefix, 'db', $ttl, false);
// Init memcache (fallback) cache
if ($rcmail->config->get('redundant_attachments_memcache')) {
- $this->mem_cache = $rcmail->get_cache($this->prefix, 'memcache', $ttl, false);
+ $this->mem_cache = $rcmail->get_cache($prefix, 'memcache', $ttl, false);
}
$this->loaded = true;
--
Gitblit v1.9.1