[#10722] "cannot verify" error message on stripping attachments
Summary "cannot verify" error message on stripping attachments
Queue IMP
Queue Version 5.0.14
Type Bug
State Resolved
Priority 1. Low
Owners slusarz (at) horde (dot) org
Requester R.I.Phillips (at) bath (dot) ac (dot) uk
Created 2011-11-08 (2721 days ago)
Updated 2011-11-08 (2721 days ago)
Resolved 2011-11-08 (2721 days ago)
Patch No

2011-11-08 21:58:22 Michael Slusarz Assigned to Michael Slusarz
State ⇒ Resolved
2011-11-08 21:58:07 Git Commit Comment #2 Reply to this comment
Changes have been made in Git for this ticket:

Bug #10722: Fix stripping attachments in traditional view

  3 files changed, 13 insertions(+), 1 deletions(-)
2011-11-08 16:16:42 R (dot) I (dot) Phillips (at) bath (dot) ac (dot) uk Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 1. Low
Summary ⇒ "cannot verify" error message on stripping attachments
Queue ⇒ IMP
Milestone ⇒
Patch ⇒ No
Reply to this comment
In the Traditional mode of IMP, when selecting "Strip Attachment" 
users are presented with:

"We cannot verify that this request was really sent by you. It could 
be a malicious request. If you intended to perform this action, you 
can retry it now."

This appears to be because in imp/lib/Contents.php the seed if for 
imp.impcontents, yet message.php validates "imp.message" when checking 
the actionID

The bug fix we put in place in message.php in the try block was:

+      ($vars->actionID == 'strip_attachment') ?
+        $injector->getInstance('Horde_Token')->validate($vars->message_token, 
'imp.impcontents') :

I hope this doesn't affect the code adversely in other ways.  I 
suspect lib/Contents.php should really be modified instead.

Saved Queries