From owner-svn-ports-all@freebsd.org  Tue Sep 22 18:22:13 2015
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id EE13DA07E4B;
 Tue, 22 Sep 2015 18:22:13 +0000 (UTC) (envelope-from ale@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id CF40E1C95;
 Tue, 22 Sep 2015 18:22:13 +0000 (UTC) (envelope-from ale@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.70])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t8MIMDB9073318;
 Tue, 22 Sep 2015 18:22:13 GMT (envelope-from ale@FreeBSD.org)
Received: (from ale@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id t8MIMD4f073316;
 Tue, 22 Sep 2015 18:22:13 GMT (envelope-from ale@FreeBSD.org)
Message-Id: <201509221822.t8MIMD4f073316@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: ale set sender to ale@FreeBSD.org
 using -f
From: Alex Dupre <ale@FreeBSD.org>
Date: Tue, 22 Sep 2015 18:22:13 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r397565 - in head/mail/roundcube: . files
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Sep 2015 18:22:14 -0000

Author: ale
Date: Tue Sep 22 18:22:12 2015
New Revision: 397565
URL: https://svnweb.freebsd.org/changeset/ports/397565

Log:
  Fix session handling when php-suhosin session encryption is not enabled.
  
  PR:		203260
  Submitted by:	Mark.Martinec@ijs.si

Modified:
  head/mail/roundcube/Makefile
  head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php

Modified: head/mail/roundcube/Makefile
==============================================================================
--- head/mail/roundcube/Makefile	Tue Sep 22 18:18:13 2015	(r397564)
+++ head/mail/roundcube/Makefile	Tue Sep 22 18:22:12 2015	(r397565)
@@ -2,6 +2,7 @@
 
 PORTNAME=	roundcube
 DISTVERSION=	1.1.3
+PORTREVISION=	1
 PORTEPOCH=	1
 CATEGORIES?=	mail www
 MASTER_SITES=	SF/${PORTNAME}mail/${PORTNAME}mail/${DISTVERSION:tu}

Modified: head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php
==============================================================================
--- head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php	Tue Sep 22 18:18:13 2015	(r397564)
+++ head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php	Tue Sep 22 18:22:12 2015	(r397565)
@@ -1,5 +1,5 @@
---- program/lib/Roundcube/rcube_session.php.orig	2015-02-08 13:43:28.000000000 +0000
-+++ program/lib/Roundcube/rcube_session.php	2015-02-19 13:43:29.477065794 +0000
+--- program/lib/Roundcube/rcube_session.php.orig	2015-09-22 15:24:26.400132239 +0000
++++ program/lib/Roundcube/rcube_session.php	2015-09-22 15:24:08.430133455 +0000
 @@ -35,7 +35,6 @@
      private $time_diff = 0;
      private $reloaded = false;
@@ -8,16 +8,34 @@
      private $gc_handlers = array();
      private $cookiename = 'roundcube_sessauth';
      private $vars;
-@@ -184,7 +183,7 @@
+@@ -46,6 +45,7 @@
+     private $logging = false;
+     private $storage;
+     private $memcache;
++    private $need_base64 = false;
+ 
+     /**
+      * Blocks session data from being written to database.
+@@ -95,6 +95,9 @@
+         else if ($this->storage != 'php') {
+             ini_set('session.serialize_handler', 'php');
+ 
++            if (ini_get("suhosin.session.encrypt") !== "1")
++                $this->need_base64 = true;
++
+             // set custom functions for PHP session management
+             session_set_save_handler(
+                 array($this, 'open'),
+@@ -192,7 +195,7 @@
              $this->time_diff = time() - strtotime($sql_arr['ts']);
              $this->changed   = strtotime($sql_arr['changed']);
              $this->ip        = $sql_arr['ip'];
 -            $this->vars      = base64_decode($sql_arr['vars']);
-+            $this->vars      = $sql_arr['vars'];
++            $this->vars      = $this->_decode($sql_arr['vars']);
              $this->key       = $key;
  
              return !empty($this->vars) ? (string) $this->vars : '';
-@@ -224,12 +223,12 @@
+@@ -232,12 +235,12 @@
          }
  
          if ($oldvars !== null) {
@@ -28,27 +46,28 @@
                  $this->db->query("UPDATE {$this->table_name} "
                      . "SET `changed` = $now, `vars` = ? WHERE `sess_id` = ?",
 -                    base64_encode($newvars), $key);
-+                    $newvars, $key);
++                    $this->_encode($newvars), $key);
              }
              else if ($ts - $this->changed + $this->time_diff > $this->lifetime / 2) {
                  $this->db->query("UPDATE {$this->table_name} SET `changed` = $now"
-@@ -240,7 +239,7 @@
+@@ -248,44 +251,30 @@
              $this->db->query("INSERT INTO {$this->table_name}"
                  . " (`sess_id`, `vars`, `ip`, `created`, `changed`)"
                  . " VALUES (?, ?, ?, $now, $now)",
 -                $key, base64_encode($vars), (string)$this->ip);
-+                $key, $vars, (string)$this->ip);
++                $key, $this->_encode($vars), (string)$this->ip);
          }
  
          return true;
-@@ -248,40 +247,6 @@
+     }
  
  
-     /**
+-    /**
 -     * Merge vars with old vars and apply unsets
 -     */
 -    private function _fixvars($vars, $oldvars)
--    {
++    private function _encode($vars)
+     {
 -        if ($oldvars !== null) {
 -            $a_oldvars = $this->unserialize($oldvars);
 -            if (is_array($a_oldvars)) {
@@ -71,18 +90,27 @@
 -            else {
 -                $newvars = $vars;
 -            }
--        }
--
++        if ($this->need_base64) {
++            return base64_encode($vars);
++        } else {
++            return $vars;
+         }
++    }
+ 
 -        $this->unsets = array();
 -        return $newvars;
--    }
--
--
--    /**
-      * Handler for session_destroy()
-      *
-      * @param string Session ID
-@@ -342,7 +307,7 @@
++
++    private function _decode($vars) 
++    {
++        if ($this->need_base64) {
++            return base64_decode($vars);
++        } else {
++            return $vars;
++        }
+     }
+ 
+ 
+@@ -350,7 +339,7 @@
          else // else read data again
              $oldvars = $this->mc_read($key);
  
@@ -91,7 +119,7 @@
  
          if ($newvars !== $oldvars || $ts - $this->changed > $this->lifetime / 3) {
              return $this->memcache->set($key, serialize(array('changed' => time(), 'ip' => $this->ip, 'vars' => $newvars)),
-@@ -480,8 +445,6 @@
+@@ -488,8 +477,6 @@
              return $this->destroy(session_id());
          }