From cb15aaa2654c00ecc78880c7daec7acee6fa61ec Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Mon, 27 Oct 2008 13:49:05 -0400
Subject: [PATCH] Also check for negative image size + set caching headers for 1 hour

---
 program/include/session.inc |   56 +++++++++++++++++++++++++++++---------------------------
 1 files changed, 29 insertions(+), 27 deletions(-)

diff --git a/program/include/session.inc b/program/include/session.inc
index ad66f0c..d6486a4 100644
--- a/program/include/session.inc
+++ b/program/include/session.inc
@@ -128,36 +128,40 @@
     return false;
   }
 
-  // get all expired sessions
-  $sql_result = $DB->query(
-    "SELECT sess_id
-     FROM " . get_table_name('session') . "
-     WHERE " . $DB->unixtimestamp($DB->now())."-".$DB->unixtimestamp('changed') . " > ?",
-    $maxlifetime);
+  if ($rcmail->config->get('enable_caching')) {
+    // get all expired sessions
+    $sql_result = $DB->query(
+	"SELECT sess_id
+        FROM " . get_table_name('session') . "
+        WHERE " . $DB->unixtimestamp($DB->now())."-".$DB->unixtimestamp('changed') . " > ?",
+	$maxlifetime);
                                    
-  $exp_sessions = array();
-  while ($sql_arr = $DB->fetch_assoc($sql_result)) {
-    $exp_sessions[] = $sql_arr['sess_id'];
-  }
-
-  $caching = $rcmail->config->get('enable_caching');
-
-  if (sizeof($exp_sessions)) {
-    // delete session cache records
-    if ($caching) {
-      $DB->query("DELETE FROM " . get_table_name('cache') . "
-                  WHERE session_id IN ('".join("','", $exp_sessions)."')");
+    $exp_sessions = array();
+    while ($sql_arr = $DB->fetch_assoc($sql_result)) {
+      $exp_sessions[] = $sql_arr['sess_id'];
     }
 
-    // delete session records
+    if (sizeof($exp_sessions)) {
+      $exp_sessions = "'" . join("','", $exp_sessions) . "'";
+      // delete session cache records
+      $DB->query("DELETE FROM " . get_table_name('cache') . "
+            WHERE session_id IN (" . $exp_sessions . ")");
+
+      // delete session records
+      $DB->query("DELETE FROM " . get_table_name('session') . "
+            WHERE sess_id IN (" . $exp_sessions . ")");
+    }
+
+    // also run message cache GC
+    rcmail_message_cache_gc();
+  
+  } else {
+    // just delete all expired sessions
     $DB->query("DELETE FROM " . get_table_name('session') . "
-                WHERE sess_id IN ('".join("','", $exp_sessions)."')");
+        WHERE " . $DB->unixtimestamp($DB->now())."-".$DB->unixtimestamp('changed') . " > ?",
+	$maxlifetime);
   }
 
-  // also run message cache GC
-  if ($caching) {
-    rcmail_message_cache_gc();
-  }
   rcmail_temp_gc();
 
   return true;
@@ -183,9 +187,7 @@
   $cookie   = session_get_cookie_params();
   $lifetime = $cookie['lifetime'] ? time() + $cookie['lifetime'] : 0;
 
-  setcookie(session_name(), '', time() - 3600);
-  setcookie(session_name(), $random, $lifetime, $cookie['path'], $cookie['domain'],
-            $_SERVER['HTTPS'] && ($_SERVER['HTTPS']!='off'));
+  rcmail::setcookie(session_name(), $random, $lifetime);
 
   return true;
 }

--
Gitblit v1.9.1