diff --git a/dev/boot.js b/dev/boot.js index f4d131326..0d52d9ba9 100644 --- a/dev/boot.js +++ b/dev/boot.js @@ -31,6 +31,19 @@ const navigator.cookieEnabled || redirect('NoCookie'); [].flat || redirect('BadBrowser'); +try { + let smctoken = localStorage.getItem('smctoken'); + if (!smctoken) { + let data = new Uint8Array(16); + crypto.getRandomValues(data); + smctoken = btoa(String.fromCharCode(...data)); + localStorage.setItem('smctoken', smctoken); + } + document.cookie = 'smctoken='+encodeURIComponent(smctoken)+"; path=/; samesite=strict"; +} catch (e) { + console.error(e); +} + let RL_APP_DATA = {}; doc.documentElement.classList.toggle('rl-mobile', 'mobile' === layout[2] || (!layout && 1000 > innerWidth)); diff --git a/snappymail/v/0.0.0/app/libraries/snappymail/crypt.php b/snappymail/v/0.0.0/app/libraries/snappymail/crypt.php index d49b51454..6ec79cec0 100644 --- a/snappymail/v/0.0.0/app/libraries/snappymail/crypt.php +++ b/snappymail/v/0.0.0/app/libraries/snappymail/crypt.php @@ -45,10 +45,12 @@ abstract class Crypt */ private static function Passphrase(?string $key) : string { - return \sha1( - ($key ?: \preg_replace('/[^a-z]+/i', '', \explode(')', $_SERVER['HTTP_USER_AGENT'])[0])) . APP_SALT, - true - ); + if (!$key) { + $key = isset($_COOKIE['smctoken']) + ? $_COOKIE['smctoken'] + : \preg_replace('/[^a-z]+/i', '', \explode(')', $_SERVER['HTTP_USER_AGENT'])[0]); + } + return \sha1($key . APP_SALT, true); } public static function Decrypt(array $data, string $key = null) /* : mixed */