Ensure instanceid contains a letter

instanceid is generated by uniqid() and then used as the session_name. Because session_name requires at least one letter and uniqid() does not guarantee to provide that, in the case that uniqid() generates a string of only digits, the user will be stuck in an infinite login loop because every request will generate a new PHP session.
12 years ago · 93a6ed3dab
parent 53fd122b89
commit 93a6ed3dab
2 changed files with 7 additions and 1 deletions
--- a/lib/util.php
+++ b/lib/util.php
@ -418,7 +418,8 @@ class OC_Util {
    public static function getInstanceId() {
        $id = OC_Config::getValue('instanceid', null);
        if(is_null($id)) {
-            $id = uniqid();
+            // We need to guarantee at least one letter in instanceid so it can be used as the session_name
+            $id = 'oc' . uniqid();
            OC_Config::setValue('instanceid', $id);
        }
        return $id;
--- a/tests/lib/util.php
+++ b/tests/lib/util.php
@ -54,4 +54,9 @@ class Test_Util extends PHPUnit_Framework_TestCase {
 		$this->assertEquals('no-reply@example.com', $email);
 		OC_Config::deleteKey('mail_domain');
 	}
+
+  function testGetInstanceIdGeneratesValidId() {
+    OC_Config::deleteKey('instanceid');
+    $this->assertStringStartsWith('oc', OC_Util::getInstanceId());
+  }
 }