Date: Tue, 22 Sep 2015 12:36:32 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 203260] mail/roundcube: FreeBSD patch in the port re-introduces the "Your session is invalid or expired" bug Message-ID: <bug-203260-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203260 Bug ID: 203260 Summary: mail/roundcube: FreeBSD patch in the port re-introduces the "Your session is invalid or expired" bug Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: ale@FreeBSD.org Reporter: Mark.Martinec@ijs.si Flags: maintainer-feedback?(ale@FreeBSD.org) Assignee: ale@FreeBSD.org The full issue is described at: http://trac.roundcube.net/ticket/1490546 It turns out that this SQL issue has long been fixed (or better: worked-around) in the Roundcube distribution, yet the patch in the FreeBSD port (files/patch-program_lib_Roundcube_rcube_session.php) re-introduces the problem by avoiding base64 encoding of the session.vars field in SQL, naively hoping that PHP's interface to SQL won't choke on a NULL byte in a data string. As a result a user gets logged out with a "Your session is invalid or expired" message on certain operations. Using roundcube-1.1.3, php 5.5.29, postgresql 9.3.9, FreeBSD 10.2 -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-203260-13>