From 53fd122b89ff14b056094fcbcbd294bb63687778 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miquel=20Rodr=C3=ADguez=20Telep=20/=20Michael=20Rodr=C3=AD?=
 =?UTF-8?q?guez-Torrent?= <miquel@designunbound.co.uk>
Date: Tue, 26 Mar 2013 12:46:13 +0000
Subject: [PATCH 1/2] Minor typo, coding style fixes for OC_Util::getInstanceId

---
 lib/util.php | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/lib/util.php b/lib/util.php
index 7e8fc9b6bb..e8d4e56ef1 100755
--- a/lib/util.php
+++ b/lib/util.php
@@ -411,18 +411,18 @@ class OC_Util {
 		exit();
 	}
 
-	/**
-	 * get an id unqiue for this instance
-	 * @return string
-	 */
-	public static function getInstanceId() {
-		$id=OC_Config::getValue('instanceid', null);
-		if(is_null($id)) {
-			$id=uniqid();
-			OC_Config::setValue('instanceid', $id);
-		}
-		return $id;
-	}
+    /**
+     * get an id unique for this instance
+     * @return string
+     */
+    public static function getInstanceId() {
+        $id = OC_Config::getValue('instanceid', null);
+        if(is_null($id)) {
+            $id = uniqid();
+            OC_Config::setValue('instanceid', $id);
+        }
+        return $id;
+    }
 
 	/**
 	 * @brief Static lifespan (in seconds) when a request token expires.

From 93a6ed3dab8d54fa2c735381298bec2bbcdfde41 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miquel=20Rodr=C3=ADguez=20Telep=20/=20Michael=20Rodr=C3=AD?=
 =?UTF-8?q?guez-Torrent?= <miquel@designunbound.co.uk>
Date: Tue, 26 Mar 2013 21:49:32 +0000
Subject: [PATCH 2/2] Ensure instanceid contains a letter

instanceid is generated by uniqid() and then used as the
session_name. Because session_name requires at least one letter
and uniqid() does not guarantee to provide that, in the case that
uniqid() generates a string of only digits, the user will be stuck
in an infinite login loop because every request will generate a
new PHP session.
---
 lib/util.php       | 3 ++-
 tests/lib/util.php | 5 +++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/util.php b/lib/util.php
index e8d4e56ef1..1fa3ad765d 100755
--- a/lib/util.php
+++ b/lib/util.php
@@ -418,7 +418,8 @@ class OC_Util {
     public static function getInstanceId() {
         $id = OC_Config::getValue('instanceid', null);
         if(is_null($id)) {
-            $id = uniqid();
+            // We need to guarantee at least one letter in instanceid so it can be used as the session_name
+            $id = 'oc' . uniqid();
             OC_Config::setValue('instanceid', $id);
         }
         return $id;
diff --git a/tests/lib/util.php b/tests/lib/util.php
index 1c9054264c..1f25382592 100644
--- a/tests/lib/util.php
+++ b/tests/lib/util.php
@@ -54,4 +54,9 @@ class Test_Util extends PHPUnit_Framework_TestCase {
 		$this->assertEquals('no-reply@example.com', $email);
 		OC_Config::deleteKey('mail_domain');
 	}
+
+  function testGetInstanceIdGeneratesValidId() {
+    OC_Config::deleteKey('instanceid');
+    $this->assertStringStartsWith('oc', OC_Util::getInstanceId());
+  }
 }