diff options
author | Thomas Bruederli <thomas@roundcube.net> | 2013-03-02 00:10:54 +0100 |
---|---|---|
committer | Thomas Bruederli <bruederli@kolabsys.com> | 2013-04-04 21:03:23 +0200 |
commit | d6cbdea04d18dc860a402c60ee28826975e18d30 (patch) | |
tree | 7693b5d19aed3d8d9d9201f325d5f3cfacca5e0f /program/steps/mail | |
parent | ea002b6d7637497d9caab39381fbe66985634fac (diff) |
Add methods to append certain nodes to session data in order to avoid session saving race conditions. Fixes #1488422
Diffstat (limited to 'program/steps/mail')
-rw-r--r-- | program/steps/mail/attachments.inc | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/program/steps/mail/attachments.inc b/program/steps/mail/attachments.inc index 180fc0bb9..f83f6892e 100644 --- a/program/steps/mail/attachments.inc +++ b/program/steps/mail/attachments.inc @@ -27,8 +27,10 @@ if (!empty($_GET['_progress'])) { $COMPOSE_ID = get_input_value('_id', RCUBE_INPUT_GPC); $COMPOSE = null; -if ($COMPOSE_ID && $_SESSION['compose_data_'.$COMPOSE_ID]) - $COMPOSE =& $_SESSION['compose_data_'.$COMPOSE_ID]; +if ($COMPOSE_ID && $_SESSION['compose_data_' . $COMPOSE_ID]) { + $SESSION_KEY = 'compose_data_' . $COMPOSE_ID; + $COMPOSE =& $_SESSION[$SESSION_KEY]; +} if (!$COMPOSE) { die("Invalid session var!"); @@ -45,7 +47,7 @@ if ($RCMAIL->action=='remove-attachment') $attachment = $RCMAIL->plugins->exec_hook('attachment_delete', $attachment); if ($attachment['status']) { if (is_array($COMPOSE['attachments'][$id])) { - unset($COMPOSE['attachments'][$id]); + $RCMAIL->session->remove($SESSION_KEY.'.attachments.'.$id); $OUTPUT->command('remove_from_attachment_list', "rcmfile$id"); } } @@ -77,11 +79,7 @@ if ($RCMAIL->action=='display-attachment') exit; } -// attachment upload action - -if (!is_array($COMPOSE['attachments'])) { - $COMPOSE['attachments'] = array(); -} +/***** attachment upload action *****/ // clear all stored output properties (like scripts and env vars) $OUTPUT->reset(); @@ -112,7 +110,7 @@ if (is_array($_FILES['_attachments']['tmp_name'])) { // store new attachment in session unset($attachment['status'], $attachment['abort']); - $COMPOSE['attachments'][$id] = $attachment; + $RCMAIL->session->append($SESSION_KEY.'.attachments', $id, $attachment); if (($icon = $COMPOSE['deleteicon']) && is_file($icon)) { $button = html::img(array( |