6.0.0-git
2019-04-21

[#10722] "cannot verify" error message on stripping attachments
Summary "cannot verify" error message on stripping attachments
Queue IMP
Queue Version 5.0.14
Type Bug
State Resolved
Priority 1. Low
Owners slusarz (at) horde (dot) org
Requester R.I.Phillips (at) bath (dot) ac (dot) uk
Created 2011-11-08 (2721 days ago)
Due
Updated 2011-11-08 (2721 days ago)
Assigned
Resolved 2011-11-08 (2721 days ago)
Milestone
Patch No

History
2011-11-08 21:58:22 Michael Slusarz Assigned to Michael Slusarz
State ⇒ Resolved
 
2011-11-08 21:58:07 Git Commit Comment #2 Reply to this comment
Changes have been made in Git for this ticket:

Bug #10722: Fix stripping attachments in traditional view

  3 files changed, 13 insertions(+), 1 deletions(-)
http://git.horde.org/horde-git/-/commit/de6c93f0326f8eabd84a0a682f109c2a87b704e9
2011-11-08 16:16:42 R (dot) I (dot) Phillips (at) bath (dot) ac (dot) uk Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 1. Low
Summary ⇒ "cannot verify" error message on stripping attachments
Queue ⇒ IMP
Milestone ⇒
Patch ⇒ No
Reply to this comment
In the Traditional mode of IMP, when selecting "Strip Attachment" 
users are presented with:

"We cannot verify that this request was really sent by you. It could 
be a malicious request. If you intended to perform this action, you 
can retry it now."

This appears to be because in imp/lib/Contents.php the seed if for 
imp.impcontents, yet message.php validates "imp.message" when checking 
the actionID

The bug fix we put in place in message.php in the try block was:

+      ($vars->actionID == 'strip_attachment') ?
+        $injector->getInstance('Horde_Token')->validate($vars->message_token, 
'imp.impcontents') :
        $injector->getInstance('Horde_Token')->validate($vars->message_token, 
'imp.message');

I hope this doesn't affect the code adversely in other ways.  I 
suspect lib/Contents.php should really be modified instead.

Saved Queries