diff options
author | alecpl <alec@alec.pl> | 2010-10-12 18:03:02 +0000 |
---|---|---|
committer | alecpl <alec@alec.pl> | 2010-10-12 18:03:02 +0000 |
commit | ace851722e8ada8810dfc65bdc3c1499b2145354 (patch) | |
tree | 93b88bf007a903fa1544b4a6c3b03fe6d61bc561 /program/steps/mail | |
parent | fddd6f2db0dba4d106358aad6529134622fd3c2d (diff) |
- Prevent from infinite redirect in case of broken session (#1487028)
Diffstat (limited to 'program/steps/mail')
-rw-r--r-- | program/steps/mail/compose.inc | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc index 1b39b5885..88fa425c2 100644 --- a/program/steps/mail/compose.inc +++ b/program/steps/mail/compose.inc @@ -33,9 +33,17 @@ $MESSAGE = NULL; // Since there are many ways to leave the compose page improperly, it seems necessary to clean-up an old // compose when a "new/forward/reply/draft" is called - otherwise the old session attachments will appear -if (!is_array($_SESSION['compose']) || $_SESSION['compose']['id'] != get_input_value('_id', RCUBE_INPUT_GET)) +$MESSAGE_ID = get_input_value('_id', RCUBE_INPUT_GET); +if (!is_array($_SESSION['compose']) || $_SESSION['compose']['id'] != $MESSAGE_ID) { rcmail_compose_cleanup(); + + // Infinite redirect prevention in case of broken session (#1487028) + if ($MESSAGE_ID) + raise_error(array('code' => 500, 'type' => 'php', + 'file' => __FILE__, 'line' => __LINE__, + 'message' => "Invalid session"), true, true); + $_SESSION['compose'] = array( 'id' => uniqid(mt_rand()), 'param' => request2param(RCUBE_INPUT_GET), |