Tickets :: [#10722] "cannot verify" error message on stripping attachments

Summary	"cannot verify" error message on stripping attachments
Queue	IMP
Queue Version	5.0.14
Type	Bug
State	Resolved
Priority	1. Low
Owners	slusarz (at) horde (dot) org
Requester	R.I.Phillips (at) bath (dot) ac (dot) uk
Created	11/08/2011 (4988 days ago)
Due
Updated	11/08/2011 (4988 days ago)
Assigned
Resolved	11/08/2011 (4988 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

11/08/2011 09:58:22 PM	Michael Slusarz	Assigned to Michael Slusarz State ⇒ Resolved

11/08/2011 09:58:07 PM	Git Commit	Comment #2	Reply to this comment
Changes have been made in Git for this ticket: ~~Bug #10722~~: Fix stripping attachments in traditional view 3 files changed, 13 insertions(+), 1 deletions(-) http://git.horde.org/horde-git/-/commit/de6c93f0326f8eabd84a0a682f109c2a87b704e9

11/08/2011 04:16:42 PM	R (dot) I (dot) Phillips (at) bath (dot) ac (dot) uk	Comment #1 Priority ⇒ 1. Low Patch ⇒ No Milestone ⇒ Queue ⇒ IMP Summary ⇒ "cannot verify" error message on stripping attachments Type ⇒ Bug State ⇒ Unconfirmed	Reply to this comment
In the Traditional mode of IMP, when selecting "Strip Attachment" users are presented with: "We cannot verify that this request was really sent by you. It could be a malicious request. If you intended to perform this action, you can retry it now." This appears to be because in imp/lib/Contents.php the seed if for imp.impcontents, yet message.php validates "imp.message" when checking the actionID The bug fix we put in place in message.php in the try block was: + ($vars->actionID == 'strip_attachment') ? + $injector->getInstance('Horde_Token')->validate($vars->message_token, 'imp.impcontents') : $injector->getInstance('Horde_Token')->validate($vars->message_token, 'imp.message'); I hope this doesn't affect the code adversely in other ways. I suspect lib/Contents.php should really be modified instead.