Summary | "cannot verify" error message on stripping attachments |
Queue | IMP |
Queue Version | 5.0.14 |
Type | Bug |
State | Resolved |
Priority | 1. Low |
Owners | slusarz (at) horde (dot) org |
Requester | R.I.Phillips (at) bath (dot) ac (dot) uk |
Created | 11/08/2011 (4988 days ago) |
Due | |
Updated | 11/08/2011 (4988 days ago) |
Assigned | |
Resolved | 11/08/2011 (4988 days ago) |
Github Issue Link | |
Github Pull Request | |
Milestone | |
Patch | No |
State ⇒ Resolved
Bug #10722: Fix stripping attachments in traditional view3 files changed, 13 insertions(+), 1 deletions(-)
http://git.horde.org/horde-git/-/commit/de6c93f0326f8eabd84a0a682f109c2a87b704e9
Priority ⇒ 1. Low
Patch ⇒ No
Milestone ⇒
Queue ⇒ IMP
Summary ⇒ "cannot verify" error message on stripping attachments
Type ⇒ Bug
State ⇒ Unconfirmed
users are presented with:
"We cannot verify that this request was really sent by you. It could
be a malicious request. If you intended to perform this action, you
can retry it now."
This appears to be because in imp/lib/Contents.php the seed if for
imp.impcontents, yet message.php validates "imp.message" when checking
the actionID
The bug fix we put in place in message.php in the try block was:
+ ($vars->actionID == 'strip_attachment') ?
+ $injector->getInstance('Horde_Token')->validate($vars->message_token,
'imp.impcontents') :
$injector->getInstance('Horde_Token')->validate($vars->message_token,
'imp.message');
I hope this doesn't affect the code adversely in other ways. I
suspect lib/Contents.php should really be modified instead.