Tickets :: [#10722] "cannot verify" error message on stripping attachments

Summary	"cannot verify" error message on stripping attachments
Queue	IMP
Queue Version	5.0.14
Type	Bug
State	Resolved
Priority	1. Low
Owners	slusarz (at) horde (dot) org
Requester	R.I.Phillips (at) bath (dot) ac (dot) uk
Created	2011-11-08 (2721 days ago)
Due
Updated	2011-11-08 (2721 days ago)
Assigned
Resolved	2011-11-08 (2721 days ago)
Milestone
Patch	No

2011-11-08 21:58:22	Michael Slusarz	Assigned to Michael Slusarz State ⇒ Resolved

2011-11-08 21:58:07	Git Commit	Comment #2	Reply to this comment
Changes have been made in Git for this ticket: ~~Bug #10722~~: Fix stripping attachments in traditional view 3 files changed, 13 insertions(+), 1 deletions(-) http://git.horde.org/horde-git/-/commit/de6c93f0326f8eabd84a0a682f109c2a87b704e9

2011-11-08 16:16:42	R (dot) I (dot) Phillips (at) bath (dot) ac (dot) uk	Comment #1 Type ⇒ Bug State ⇒ Unconfirmed Priority ⇒ 1. Low Summary ⇒ "cannot verify" error message on stripping attachments Queue ⇒ IMP Milestone ⇒ Patch ⇒ No	Reply to this comment
In the Traditional mode of IMP, when selecting "Strip Attachment" users are presented with: "We cannot verify that this request was really sent by you. It could be a malicious request. If you intended to perform this action, you can retry it now." This appears to be because in imp/lib/Contents.php the seed if for imp.impcontents, yet message.php validates "imp.message" when checking the actionID The bug fix we put in place in message.php in the try block was: + ($vars->actionID == 'strip_attachment') ? + $injector->getInstance('Horde_Token')->validate($vars->message_token, 'imp.impcontents') : $injector->getInstance('Horde_Token')->validate($vars->message_token, 'imp.message'); I hope this doesn't affect the code adversely in other ways. I suspect lib/Contents.php should really be modified instead.