File replaced, cache cleared, and all working A-OK!



Yep fixed in Linux, firefox and opera will try windows later today but 
I think you've cracked it.



Cheers

Here are the relevant rules from modsecurity:



SecRule RESPONSE_BODY 
"(?:\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_st\

art|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open)|\$_(?:(?:pos|ge)t|session))\b" 
\

      "ctl:auditLogParts=+E,log,auditlog,msg:'PHP source code 
leakage',,id:'970015',severity:'4'"

SecRule RESPONSE_BODY "<\?(?!xml)" \

          "chain,ctl:auditLogParts=+E,log,auditlog,msg:'PHP source 
code leakage',,id:'970902',severity:'4'"

Please replace this file and re-test (after clearing your browser cache):

http://cvs.horde.org/co.php?r=1.9&f=horde%2Fjs%2Fenter_key_trap.js

And if you view the source of this page, what "leaked source" do you see?

UPDATE!



This bug appears also to be in the none http login as well.



It is also present when opera is used.

Is there anything I could do to help with this?



Generate a more detailed error report?



Let me know.



I've also noticed that modsecurity on my apche server is reporting:



[msg "ASP/JSP source code leakage"] [severity "WARNING"] against [uri 
"/horde/imp/mailbox.php?page=1"]

[msg "PHP source code leakage"] [severity "WARNING"] against [uri 
"/horde/imp/message.php?index=1091"]

Could it be that we load horde's enter_key_trap.js in IMP's login 
screen? Looking at the diff, that would explain it:

http://cvs.horde.org/diff.php?sa=1&r1=1.2.10.3&r2=1.8&f=horde%2Fjs%2Fenter_key_trap.js

That's very odd; I've never seen anything like that and I can't 
reproduce it. I'm at a loss as to what could cause that.

It would appear when logining into horde via a https route rather than 
http the login screen becomes "over sensitive". By that I mean any 
character entered into either the username or password box appears to 
be interpreted as a carriage return and login is attempted straight 
away.



If the username is stored and you are to enter the password a popup 
box appears as soon as you type the first letter of your password.



You can cut and paste into the boxes and they then work.



This behaviour is not observed in http mode.



IMP is being used to resolve the login.



Current setup:

Horde Version



     * Horde: 3.2-ALPHA



Horde Applications



     * Gollem: H3 (1.0.2) (run Gollem tests)

     * Horde: 3.2-ALPHA

     * Imp: H3 (4.1.4) (run Imp tests)

     * Ingo: H3 (1.1.3) (run Ingo tests)

     * Kronolith: H3 (2.1.5)

     * Mnemo: H3 (2.1.1)

     * Nag: H3 (2.1.3)

     * Sam: 1.0-cvs

     * Trean: 1.0-cvs (run Trean tests)

     * Turba: H3 (2.1.4) (run Turba tests)



This was an upgrade of a 3.1.4 system to accommodate the use of trean.



The behaviour has been observed when using firefox 2.0.0.6 in windows 
and linux environments.