6.0.0-beta1
7/5/25

[#10722] "cannot verify" error message on stripping attachments
Summary "cannot verify" error message on stripping attachments
Queue IMP
Queue Version 5.0.14
Type Bug
State Resolved
Priority 1. Low
Owners slusarz (at) horde (dot) org
Requester R.I.Phillips (at) bath (dot) ac (dot) uk
Created 11/08/2011 (4988 days ago)
Due
Updated 11/08/2011 (4988 days ago)
Assigned
Resolved 11/08/2011 (4988 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch No

History
11/08/2011 09:58:22 PM Michael Slusarz Assigned to Michael Slusarz
State ⇒ Resolved
 
11/08/2011 09:58:07 PM Git Commit Comment #2 Reply to this comment
Changes have been made in Git for this ticket:

Bug #10722: Fix stripping attachments in traditional view

  3 files changed, 13 insertions(+), 1 deletions(-)
http://git.horde.org/horde-git/-/commit/de6c93f0326f8eabd84a0a682f109c2a87b704e9
11/08/2011 04:16:42 PM R (dot) I (dot) Phillips (at) bath (dot) ac (dot) uk Comment #1
Priority ⇒ 1. Low
Patch ⇒ No
Milestone ⇒
Queue ⇒ IMP
Summary ⇒ "cannot verify" error message on stripping attachments
Type ⇒ Bug
State ⇒ Unconfirmed
Reply to this comment
In the Traditional mode of IMP, when selecting "Strip Attachment" 
users are presented with:

"We cannot verify that this request was really sent by you. It could 
be a malicious request. If you intended to perform this action, you 
can retry it now."

This appears to be because in imp/lib/Contents.php the seed if for 
imp.impcontents, yet message.php validates "imp.message" when checking 
the actionID

The bug fix we put in place in message.php in the try block was:

+      ($vars->actionID == 'strip_attachment') ?
+        $injector->getInstance('Horde_Token')->validate($vars->message_token, 
'imp.impcontents') :
        $injector->getInstance('Horde_Token')->validate($vars->message_token, 
'imp.message');

I hope this doesn't affect the code adversely in other ways.  I 
suspect lib/Contents.php should really be modified instead.

Saved Queries