Hi All,
First of all, I would like to introduce myself. My name is Adolfo and I'm from Buenos Aires Argentina. I'm 27 years old. I've been programming for 8 over years. Initially, I did some low level c programming but then I jumped into web programming through php. I coded in php for 6 years or so until my current job where I do perl (mod_perl). After looking at different opensource projects, I found this project interesting. I always like playing with imap protocol (In the past I built a private/group messaging based on imap in a site similar to fb) and javascript. My idea is contributing to this project in my spare time, mainly because of two reasons: 1) Enjoying while I code 2) Giving something back to the opensource world.
By the way, I went through the tickets queue and I took one that didn't seem to hard to solve. I'm not sure if someone else already looked at it. Ticket #1486860
I think that there are two ways of fixing that.
setcookie($name, $value, $exp, $cookie['path'], $cookie['domain'], rcube_https_check(), true); 2) Attached patch which I'm not sure if you agree with. I moved the https redirect logic from index.php to rcmail.php, right before initializing the session. The idea is to avoid setting a new ses id for the non secure request that is redirected to https. Basically, we do the redirect before any session handling, so it picks up the previous session stored under ssl.
Let me know what you think.
Thanks, Adolfo.
--- 8< --- detachments --- 8< --- The following attachments have been detached and are available for viewing. http://detached.gigo.com/rc/Wv/jmLYPNYw/index_diff.txt http://detached.gigo.com/rc/Wv/jmLYPNYw/rcmail_diff.txt Only click these links if you trust the sender, as well as this message. --- 8< --- detachments --- 8< ---
List info: http://lists.roundcube.net/dev/ BT/aba52c80
Adolfo Castro Menna wrote:
My idea is contributing to this project in my spare time, mainly because of two reasons: 1) Enjoying while I code 2) Giving something back to the opensource world.
Nice.
- Attached patch which I'm not sure if you agree with. I moved the
https redirect logic from index.php to rcmail.php, right before initializing the session. The idea is to avoid setting a new ses id for the non secure request that is redirected to https. Basically, we do the redirect before any session handling, so it picks up the previous session stored under ssl.
Almost good, but we've got also use_https option, see rcube_https_check(). So, we'll need probably to rewrite this function as a method of rcmail object.
There's another related ticket in trac http://trac.roundcube.net/ticket/1484764
http://detached.gigo.com/rc/Wv/jmLYPNYw/index_diff.txt http://detached.gigo.com/rc/Wv/jmLYPNYw/rcmail_diff.txt
Please, create one-file patches.