Imported Upstream version 0.5.2+dfsg

[roundcube.git] / program / include / rcmail.php

diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index d3d2390793909220ec116e881d278167b80cec76..4aa95a0ded775d39a0aae422165e700fbddc8e9d 100644 (file)
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -15,7 +15,7 @@
  | Author: Thomas Bruederli <roundcube@gmail.com>                        |
  +-----------------------------------------------------------------------+
 
- $Id: rcmail.php 4509 2011-02-09 10:51:50Z thomasb $
+ $Id: rcmail.php 4626 2011-03-31 12:32:44Z alec $
 
 */
 
@@ -1071,9 +1071,6 @@ class rcmail
    */
   public function shutdown()
   {
-    if (is_object($this->imap))
-      $this->imap->close();
-
     if (is_object($this->smtp))
       $this->smtp->disconnect();
 
@@ -1108,12 +1105,9 @@ class rcmail
    */
   public function get_request_token()
   {
-    $key = $this->task;
-
-    if (!$_SESSION['request_tokens'][$key])
-      $_SESSION['request_tokens'][$key] = md5(uniqid($key . mt_rand(), true));
-
-    return $_SESSION['request_tokens'][$key];
+    $sess_id = $_COOKIE[ini_get('session.name')];
+    if (!$sess_id) $sess_id = session_id();
+    return md5('RT' . $this->task . $this->config->get('des_key') . $sess_id);
   }
 
 
@@ -1126,7 +1120,8 @@ class rcmail
   public function check_request($mode = RCUBE_INPUT_POST)
   {
     $token = get_input_value('_token', $mode);
-    return !empty($token) && $_SESSION['request_tokens'][$this->task] == $token;
+    $sess_id = $_COOKIE[ini_get('session.name')];
+    return !empty($sess_id) && $token == $this->get_request_token();
   }
 
 
@@ -1198,6 +1193,9 @@ class rcmail
       }
     }
 
+    if (is_object($this->imap))
+      $this->imap->close();
+
     return $base64 ? base64_encode($cipher) : $cipher;
   }