From 06dc9838e0327c9472cbd3f353b40317eba0ecef Mon Sep 17 00:00:00 2001 From: thomascube Date: Fri, 16 Sep 2011 17:53:35 +0000 Subject: Fix session race conditions when composing new messages --- CHANGELOG | 1 + program/include/rcube_json_output.php | 1 + program/include/rcube_session.php | 6 +++--- program/steps/mail/attachments.inc | 2 +- program/steps/mail/compose.inc | 4 ++-- program/steps/mail/func.inc | 4 ++-- program/steps/mail/sendmail.inc | 2 +- 7 files changed, 11 insertions(+), 9 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index a7d752215..f6ab58bef 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Fix session race conditions when composing new messages - Fix encoding of LDAP contacts identifiers (#1488079) - jQuery 1.6.4 - Make date/time format user configurable; drop 'date_today' config option diff --git a/program/include/rcube_json_output.php b/program/include/rcube_json_output.php index ade9cc033..e0a29c1b1 100644 --- a/program/include/rcube_json_output.php +++ b/program/include/rcube_json_output.php @@ -219,6 +219,7 @@ class rcube_json_output */ public function send() { + sleep(6); $this->remote_response(); exit; } diff --git a/program/include/rcube_session.php b/program/include/rcube_session.php index c1d9b9c6c..27cf69464 100644 --- a/program/include/rcube_session.php +++ b/program/include/rcube_session.php @@ -321,9 +321,9 @@ class rcube_session */ public function cleanup() { - // current compose information is stored in $_SESSION['compose'], move it to $_SESSION['compose_data'] - if ($_SESSION['compose']) { - $_SESSION['compose_data'][$_SESSION['compose']['id']] = $_SESSION['compose']; + // current compose information is stored in $_SESSION['compose'], move it to $_SESSION['compose_data_'] + if ($compose_id = $_SESSION['compose']['id']) { + $_SESSION['compose_data_'.$compose_id] = $_SESSION['compose']; $this->remove('compose'); } } diff --git a/program/steps/mail/attachments.inc b/program/steps/mail/attachments.inc index 4674034a1..ffb164279 100644 --- a/program/steps/mail/attachments.inc +++ b/program/steps/mail/attachments.inc @@ -25,7 +25,7 @@ if (!empty($_GET['_progress'])) { } $COMPOSE_ID = get_input_value('_id', RCUBE_INPUT_GPC); -$_SESSION['compose'] = $_SESSION['compose_data'][$COMPOSE_ID]; +$_SESSION['compose'] = $_SESSION['compose_data_'.$COMPOSE_ID]; if (!$_SESSION['compose']) { die("Invalid session var!"); diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc index 7e8a26fc1..4307c36d0 100644 --- a/program/steps/mail/compose.inc +++ b/program/steps/mail/compose.inc @@ -29,7 +29,7 @@ $MESSAGE_FORM = NULL; $MESSAGE = NULL; $COMPOSE_ID = get_input_value('_id', RCUBE_INPUT_GET); -$_SESSION['compose'] = $_SESSION['compose_data'][$COMPOSE_ID]; +$_SESSION['compose'] = $_SESSION['compose_data_'.$COMPOSE_ID]; // Nothing below is called during message composition, only at "new/forward/reply/draft" initialization or // if a compose-ID is given (i.e. when the compose step is opened in a new window/tab). @@ -39,7 +39,7 @@ if (!is_array($_SESSION['compose'])) if ($COMPOSE_ID) raise_error(array('code' => 500, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, - 'message' => "Invalid session"), true, true); + 'message' => "Invalid compose ID"), true, true); $_SESSION['compose'] = array( 'id' => uniqid(mt_rand()), diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 98040e99f..36b18ce48 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -1430,12 +1430,12 @@ function rcmail_message_part_frame($attrib) */ function rcmail_compose_cleanup($id) { - if (!isset($_SESSION['compose_data'][$id])) + if (!isset($_SESSION['compose_data_'.$id])) return; $rcmail = rcmail::get_instance(); $rcmail->plugins->exec_hook('attachments_cleanup', array('group' => $id)); - unset($_SESSION['compose_data'][$id]); + $rcmail->session->remove('compose_data_'.$id); } diff --git a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc index f81c1529d..7850859f3 100644 --- a/program/steps/mail/sendmail.inc +++ b/program/steps/mail/sendmail.inc @@ -27,7 +27,7 @@ $OUTPUT->framed = TRUE; $savedraft = !empty($_POST['_draft']) ? true : false; $COMPOSE_ID = get_input_value('_id', RCUBE_INPUT_GPC); -$_SESSION['compose'] = $_SESSION['compose_data'][$COMPOSE_ID]; +$_SESSION['compose'] = $_SESSION['compose_data_'.$COMPOSE_ID]; /****** checks ********/ -- cgit v1.2.3