From 93a6ed3dab8d54fa2c735381298bec2bbcdfde41 Mon Sep 17 00:00:00 2001
From: Miquel Rodríguez Telep / Michael Rodríguez-Torrent
 <miquel@designunbound.co.uk>
Date: Tue, 26 Mar 2013 21:49:32 +0000
Subject: Ensure instanceid contains a letter

instanceid is generated by uniqid() and then used as the
session_name. Because session_name requires at least one letter
and uniqid() does not guarantee to provide that, in the case that
uniqid() generates a string of only digits, the user will be stuck
in an infinite login loop because every request will generate a
new PHP session.
---
 lib/util.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/util.php b/lib/util.php
index e8d4e56ef17..1fa3ad765d0 100755
--- a/lib/util.php
+++ b/lib/util.php
@@ -418,7 +418,8 @@ class OC_Util {
     public static function getInstanceId() {
         $id = OC_Config::getValue('instanceid', null);
         if(is_null($id)) {
-            $id = uniqid();
+            // We need to guarantee at least one letter in instanceid so it can be used as the session_name
+            $id = 'oc' . uniqid();
             OC_Config::setValue('instanceid', $id);
         }
         return $id;
-- 
cgit v1.2.3