[#2664] fails to view attachment due unset actionID
Summary fails to view attachment due unset actionID
Queue IMP
Queue Version FRAMEWORK_3
Type Bug
State Resolved
Priority 3. High
Owners Jan Schneider <jan (at) horde (dot) org>
Requester mi (dot) braun (at) onlinehome (dot) de
Created 09/23/2005 (1203 days ago)
Due
Updated 10/03/2005 (1193 days ago)
Assigned 10/02/2005 (1194 days ago)
Resolved 10/03/2005 (1193 days ago)
Attachments patch-imp-actionID.diff Download
Milestone
Patch No

History
10/03/2005 Chuck Hagenbuch Comment #7
State ⇒ Resolved		 Reply to this comment
Okay, i'm convinced. Let's just make sure we document it well.
10/03/2005 Jan Schneider Comment #6 Reply to this comment
Rare, yes, but not nonexistant as we've seen. So it breaks those
cases with newer apps and older Horde versions. I guess I'm just not
sure if we want to break BC for what's essentially an enhancement vs.
for something that was definitively broken.
If it was a simple enhancement, I would agree. But this is more like 
an anticipated security fix to me.
10/02/2005 Chuck Hagenbuch Comment #5 Reply to this comment
Such cases should be very rare, because they could only happen where
we use request variable *before* including core.php.
OTOH is a useful guard against security holes caused by slappy
programming from us.
Rare, yes, but not nonexistant as we've seen. So it breaks those cases 
with newer apps and older Horde versions. I guess I'm just not sure if 
we want to break BC for what's essentially an enhancement vs. for 
something that was definitively broken.
10/02/2005 Jan Schneider Comment #4 Reply to this comment
Such cases should be very rare, because they could only happen where 
we use request variable *before* including core.php.
OTOH is a useful guard against security holes caused by slappy 
programming from us.
10/02/2005 Chuck Hagenbuch State ⇒ Assigned
 
10/02/2005 Chuck Hagenbuch Comment #3 Reply to this comment
Committed, thanks.

This is obviously a BC break (my change, not this patch), but I
consider it worth it. What do others think?
I'm unconvinced, honestly. I think this is unlikely to be a big 
problem throughout Horde, but the subtle breakages like this might be.
09/24/2005 Jan Schneider Comment #2
State ⇒ Feedback		 Reply to this comment
Committed, thanks.

This is obviously a BC break (my change, not this patch), but I 
consider it worth it. What do others think?
09/23/2005 Chuck Hagenbuch Assigned to Jan Schneider
State ⇒ Assigned
 
09/23/2005 mi (dot) braun (at) onlinehome (dot) de Comment #1
Queue ⇒ IMP
New Attachment: patch-imp-actionID.diff Download
Summary ⇒ fails to view attachment due unset actionID
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 3. High		 Reply to this comment
Hi,

i'm using current IMP with register_globals set.
It fails to display an part of the message or source of the message 
par view.php due HORDE_BASE."/lib/core.php" does unset $actionID, if 
register_globals is enabled.
Therefor actionID needs to be set after core.php is included.
A patch is attached.