- Prevent from infinite redirect in case of broken session (#1487028)

git-svn-id: https://svn.roundcube.net/trunk@4079 208e9e7b-5314-0410-a742-e7e81cd9613c
author: alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> 2010-10-12 18:03:02 +0000
committer: alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> 2010-10-12 18:03:02 +0000
commit: ddecb0fe0d061aabfb1366be88d32ca1e49e809d (patch)
tree: e7e1a644bab9b035c564ba2a90caa4fd0233e2e0 /roundcubemail
parent: 862c3b5963552c07dd5156225a5f8c084e7c3e63 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/roundcubemail/program/steps/mail/compose.inc b/roundcubemail/program/steps/mail/compose.inc
index 1b39b5885..88fa425c2 100644
--- a/roundcubemail/program/steps/mail/compose.inc
+++ b/roundcubemail/program/steps/mail/compose.inc
@@ -33,9 +33,17 @@ $MESSAGE = NULL;
 // Since there are many ways to leave the compose page improperly, it seems necessary to clean-up an old
 // compose when a "new/forward/reply/draft" is called - otherwise the old session attachments will appear
 
-if (!is_array($_SESSION['compose']) || $_SESSION['compose']['id'] != get_input_value('_id', RCUBE_INPUT_GET))
+$MESSAGE_ID = get_input_value('_id', RCUBE_INPUT_GET);
+if (!is_array($_SESSION['compose']) || $_SESSION['compose']['id'] != $MESSAGE_ID)
 {
   rcmail_compose_cleanup();
+
+  // Infinite redirect prevention in case of broken session (#1487028)
+  if ($MESSAGE_ID)
+    raise_error(array('code' => 500, 'type' => 'php',
+      'file' => __FILE__, 'line' => __LINE__,
+      'message' => "Invalid session"), true, true);
+
   $_SESSION['compose'] = array(
     'id' => uniqid(mt_rand()),
     'param' => request2param(RCUBE_INPUT_GET),
author	alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c>	2010-10-12 18:03:02 +0000
committer	alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c>	2010-10-12 18:03:02 +0000
commit	ddecb0fe0d061aabfb1366be88d32ca1e49e809d (patch)
tree	e7e1a644bab9b035c564ba2a90caa4fd0233e2e0 /roundcubemail
parent	862c3b5963552c07dd5156225a5f8c084e7c3e63 (diff)