From 7e2fd95d9e838326377d584360f88912b6762020 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Sat, 7 Apr 2012 06:53:38 +0000 Subject: [PATCH] * CalDAV/CardDAV: add API version to pseudo session-id used to invalidate all sessions from the previous version (which eg. give database errors, because using old schema) --- phpgwapi/inc/class.egw_session.inc.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/phpgwapi/inc/class.egw_session.inc.php b/phpgwapi/inc/class.egw_session.inc.php index 1e4d10fa71..4314d25068 100644 --- a/phpgwapi/inc/class.egw_session.inc.php +++ b/phpgwapi/inc/class.egw_session.inc.php @@ -761,7 +761,8 @@ class egw_session in_array(basename($_SERVER['SCRIPT_NAME']),array('webdav.php','groupdav.php'))) { // we generate a pseudo-sessionid from the basic auth credentials - $sessionid = md5($_SERVER['PHP_AUTH_USER'].':'.$_SERVER['PHP_AUTH_PW'].':'.$_SERVER['HTTP_HOST'].':'.EGW_SERVER_ROOT.':'.self::getuser_ip()); + $sessionid = md5($_SERVER['PHP_AUTH_USER'].':'.$_SERVER['PHP_AUTH_PW'].':'.$_SERVER['HTTP_HOST'].':'. + EGW_SERVER_ROOT.':'.self::getuser_ip().':'.$GLOBALS['egw_info']['apps']['phpgwapi']['version']); } // same for digest auth elseif (isset($_SERVER['PHP_AUTH_DIGEST']) && @@ -770,7 +771,8 @@ class egw_session // we generate a pseudo-sessionid from the digest username, realm and nounce // can't use full $_SERVER['PHP_AUTH_DIGEST'], as it changes (contains eg. the url) $data = egw_digest_auth::parse_digest($_SERVER['PHP_AUTH_DIGEST']); - $sessionid = md5($data['username'].':'.$data['realm'].':'.$data['nonce'].':'.$_SERVER['HTTP_HOST'].':'.EGW_SERVER_ROOT.':'.self::getuser_ip()); + $sessionid = md5($data['username'].':'.$data['realm'].':'.$data['nonce'].':'.$_SERVER['HTTP_HOST']. + EGW_SERVER_ROOT.':'.self::getuser_ip().':'.$GLOBALS['egw_info']['apps']['phpgwapi']['version']); } elseif(!$only_basic_auth && isset($_REQUEST[self::EGW_SESSION_NAME])) {