From a74d02390353ba6294297ed3e76e4ed47841f9b2 Mon Sep 17 00:00:00 2001 From: Thomas Bruederli Date: Thu, 12 Mar 2015 09:47:43 +0100 Subject: Generate random hash for the per-user local storage prefix (#1490279); only unserialize user prefs once --- program/lib/Roundcube/rcube_user.php | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) (limited to 'program/lib/Roundcube/rcube_user.php') diff --git a/program/lib/Roundcube/rcube_user.php b/program/lib/Roundcube/rcube_user.php index 77c58dd14..1a61efd5e 100644 --- a/program/lib/Roundcube/rcube_user.php +++ b/program/lib/Roundcube/rcube_user.php @@ -29,6 +29,7 @@ class rcube_user public $ID; public $data; public $language; + public $prefs; /** * Holds database connection. @@ -132,10 +133,14 @@ class rcube_user */ function get_prefs() { - $prefs = array(); + if (isset($this->prefs)) { + return $this->prefs; + } + + $this->prefs = array(); if (!empty($this->language)) - $prefs['language'] = $this->language; + $this->prefs['language'] = $this->language; if ($this->ID) { // Preferences from session (write-master is unavailable) @@ -153,11 +158,11 @@ class rcube_user } if ($this->data['preferences']) { - $prefs += (array)unserialize($this->data['preferences']); + $this->prefs += (array)unserialize($this->data['preferences']); } } - return $prefs; + return $this->prefs; } /** @@ -183,7 +188,7 @@ class rcube_user $config = $this->rc->config; // merge (partial) prefs array with existing settings - $save_prefs = $a_user_prefs + $old_prefs; + $this->prefs = $save_prefs = $a_user_prefs + $old_prefs; unset($save_prefs['language']); // don't save prefs with default values if they haven't been changed yet @@ -229,12 +234,20 @@ class rcube_user } /** - * Generate a unique hash to identify this user which + * Generate a unique hash to identify this user whith */ function get_hash() { - $key = substr($this->rc->config->get('des_key'), 1, 4); - return md5($this->data['user_id'] . $key . $this->data['username'] . '@' . $this->data['mail_host']); + $prefs = $this->get_prefs(); + + // generate a random hash and store it in user prefs + if (empty($prefs['client_hash'])) { + mt_srand((double)microtime() * 1000000); + $prefs['client_hash'] = md5($this->data['username'] . mt_rand() . $this->data['mail_host']); + $this->save_prefs(array('client_hash' => $prefs['client_hash'])); + } + + return $prefs['client_hash']; } /** -- cgit v1.2.3 From e2fb34028980910e006f09b4fd93c4172f79b306 Mon Sep 17 00:00:00 2001 From: Thomas Bruederli Date: Thu, 12 Mar 2015 09:59:47 +0100 Subject: Remove obsolete mt_srand() calls --- plugins/password/drivers/ldap.php | 3 --- program/lib/Roundcube/rcube_user.php | 1 - 2 files changed, 4 deletions(-) (limited to 'program/lib/Roundcube/rcube_user.php') diff --git a/plugins/password/drivers/ldap.php b/plugins/password/drivers/ldap.php index a11c38d17..6ed5ada04 100644 --- a/plugins/password/drivers/ldap.php +++ b/plugins/password/drivers/ldap.php @@ -289,7 +289,6 @@ class rcube_ldap_password break; case 'ssha': - mt_srand((double) microtime() * 1000000); $salt = substr(pack('h*', md5(mt_rand())), 0, 8); if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) { @@ -316,7 +315,6 @@ class rcube_ldap_password case 'smd5': - mt_srand((double) microtime() * 1000000); $salt = substr(pack('h*', md5(mt_rand())), 0, 8); if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) { @@ -373,7 +371,6 @@ class rcube_ldap_password { $possible = '0123456789' . 'abcdefghijklmnopqrstuvwxyz' . 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' . './'; $str = ''; - // mt_srand((double)microtime() * 1000000); while (strlen($str) < $length) { $str .= substr($possible, (rand() % strlen($possible)), 1); diff --git a/program/lib/Roundcube/rcube_user.php b/program/lib/Roundcube/rcube_user.php index 1a61efd5e..8ed34fc28 100644 --- a/program/lib/Roundcube/rcube_user.php +++ b/program/lib/Roundcube/rcube_user.php @@ -242,7 +242,6 @@ class rcube_user // generate a random hash and store it in user prefs if (empty($prefs['client_hash'])) { - mt_srand((double)microtime() * 1000000); $prefs['client_hash'] = md5($this->data['username'] . mt_rand() . $this->data['mail_host']); $this->save_prefs(array('client_hash' => $prefs['client_hash'])); } -- cgit v1.2.3