[Bug 203260] mail/roundcube: FreeBSD patch in the port re-introduces the "Your session is invalid or expired" bug

Tue Sep 22 12:36:32 UTC 2015

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203260

            Bug ID: 203260
           Summary: mail/roundcube: FreeBSD patch in the port
                    re-introduces the "Your session is invalid or expired"
                    bug
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ale at FreeBSD.org
          Reporter: Mark.Martinec at ijs.si
             Flags: maintainer-feedback?(ale at FreeBSD.org)
          Assignee: ale at FreeBSD.org

The full issue is described at:

  http://trac.roundcube.net/ticket/1490546

It turns out that this SQL issue has long been fixed (or better:
worked-around) in the Roundcube distribution, yet the patch in the
FreeBSD port (files/patch-program_lib_Roundcube_rcube_session.php)
re-introduces the problem by avoiding base64 encoding of the
session.vars field in SQL, naively hoping that PHP's interface
to SQL won't choke on a NULL byte in a data string. As a result
a user gets logged out with a "Your session is invalid or expired"
message on certain operations.

Using roundcube-1.1.3, php 5.5.29, postgresql 9.3.9, FreeBSD 10.2

-- 
You are receiving this mail because:
You are the assignee for the bug.