[#7819] User can't get back recompose data -- gets "..
Summary User can't get back recompose data -- gets "..
Queue IMP
Queue Version 4.3.2
Type Bug
State Resolved
Priority 2. Medium
Owners Michael Slusarz <slusarz (at) horde (dot) org>
Requester coleman (at) boulder (dot) nist (dot) gov
Created 12/31/2008 (185 days ago)
Due
Updated 01/07/2009 (178 days ago)
Assigned 01/03/2009 (182 days ago)
Resolved 01/07/2009 (178 days ago)
Attachments
Milestone
Patch No

History
01/07/2009 Michael Slusarz Comment #3
State ⇒ Resolved		 Reply to this comment
Fixed.
01/07/2009 CVS Commit Comment #2 Reply to this comment
Changes have been made in CVS for this ticket:

http://cvs.horde.org/diff.php/imp/compose.php?rt=horde&r1=2.800.2.120&r2=2.800.2.121&ty=u
01/03/2009 Chuck Hagenbuch Assigned to Michael Slusarz
Priority ⇒ 2. Medium
State ⇒ Assigned
 
12/31/2008 coleman (at) boulder (dot) nist (dot) gov Comment #1
Patch ⇒
Milestone ⇒
Summary ⇒ User can't get back recompose data -- gets "..
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 3. High
Queue ⇒ IMP		 Reply to this comment
When a user is logged out while a compose window is still active,
the user gets the error "We cannot verify that this request was really 
sent by you. It could be a malicious request." The problem is due to 
the $_SESSION variable being unset when
the user was logged out. When the user logs back into the compose 
page, checkRequestToken returns an error since the SESSION was erased, 
thus the value
of $_SESSION['horde_form_secrets'] is NULL. This can never be set in 
this situation
since the code to set it occurs further down in compose.php when it is 
set as a part of
setting the template for the compose window further in the code.