summaryrefslogtreecommitdiff
path: root/program/include
diff options
context:
space:
mode:
authoralecpl <alec@alec.pl>2011-03-31 12:32:44 +0000
committeralecpl <alec@alec.pl>2011-03-31 12:32:44 +0000
commit382b8b1351e1a4598f04ab184cec803b96d7e4b7 (patch)
tree4a168a018618445f53afd5aa651fb655e68149d9 /program/include
parent5228a5558f0ee9af785f1b4cdcef4d97b17b33f6 (diff)
- Applied fixes from trunk
Diffstat (limited to 'program/include')
-rw-r--r--program/include/rcmail.php12
-rw-r--r--program/include/rcube_browser.php2
2 files changed, 6 insertions, 8 deletions
diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index e1dc22d07..8b4383e10 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -1105,12 +1105,9 @@ class rcmail
*/
public function get_request_token()
{
- $key = $this->task;
-
- if (!$_SESSION['request_tokens'][$key])
- $_SESSION['request_tokens'][$key] = md5(uniqid($key . mt_rand(), true));
-
- return $_SESSION['request_tokens'][$key];
+ $sess_id = $_COOKIE[ini_get('session.name')];
+ if (!$sess_id) $sess_id = session_id();
+ return md5('RT' . $this->task . $this->config->get('des_key') . $sess_id);
}
@@ -1123,7 +1120,8 @@ class rcmail
public function check_request($mode = RCUBE_INPUT_POST)
{
$token = get_input_value('_token', $mode);
- return !empty($token) && $_SESSION['request_tokens'][$this->task] == $token;
+ $sess_id = $_COOKIE[ini_get('session.name')];
+ return !empty($sess_id) && $token == $this->get_request_token();
}
diff --git a/program/include/rcube_browser.php b/program/include/rcube_browser.php
index d080c605d..d74ec708a 100644
--- a/program/include/rcube_browser.php
+++ b/program/include/rcube_browser.php
@@ -42,7 +42,7 @@ class rcube_browser
$this->ns4 = strstr($HTTP_USER_AGENT, 'mozilla/4') && !strstr($HTTP_USER_AGENT, 'msie');
$this->ns = ($this->ns4 || strstr($HTTP_USER_AGENT, 'netscape'));
$this->ie = !$this->opera && strstr($HTTP_USER_AGENT, 'compatible; msie');
- $this->mz = strstr($HTTP_USER_AGENT, 'mozilla/5');
+ $this->mz = !$this->ie && strstr($HTTP_USER_AGENT, 'mozilla/5');
$this->chrome = strstr($HTTP_USER_AGENT, 'chrome');
$this->khtml = strstr($HTTP_USER_AGENT, 'khtml');
$this->safari = !$this->chrome && ($this->khtml || strstr($HTTP_USER_AGENT, 'safari'));