From f75bc5c24b126a1de7b0f9e92f4453b642ae7227 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 08 Sep 2015 03:38:45 -0400
Subject: [PATCH] Use random security tokens instead of hashes based on encryption key (#1490404)

---
 program/lib/Roundcube/rcube.php |   13 ++++++-------
 1 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/program/lib/Roundcube/rcube.php b/program/lib/Roundcube/rcube.php
index 37b5a3a..09c8f90 100644
--- a/program/lib/Roundcube/rcube.php
+++ b/program/lib/Roundcube/rcube.php
@@ -900,15 +900,14 @@
      */
     public function get_request_token()
     {
-        $sess_id = $_COOKIE[ini_get('session.name')];
-        if (!$sess_id) {
-            $sess_id = session_id();
+        if (empty($_SESSION['request_token'])) {
+            $plugin = $this->plugins->exec_hook('request_token', array(
+                'value' => rcube_utils::random_bytes(32)));
+
+            $_SESSION['request_token'] = $plugin['value'];
         }
 
-        $plugin = $this->plugins->exec_hook('request_token', array(
-            'value' => md5('RT' . $this->get_user_id() . $this->config->get('des_key') . $sess_id)));
-
-        return $plugin['value'];
+        return $_SESSION['request_token'];
     }
 
     /**

--
Gitblit v1.9.1