Fri, 10 Apr 2026 09:35:41 +0000 https://bugs.horde.org/ticket/5696 https login problem It would appear when logining into horde via a https route rather than http the login screen becomes "over sensitive". By that I mean any character entered into either the username or password box appears to be interpreted as a carriage return and login is attempted straight away. If the username is stored and you are to enter the password a popup box appears as soon as you type the first letter of your password. You can cut and paste into the boxes and they then work. This behaviour is not observed in http mode. IMP is being used to resolve the login. Current setup: Horde Version * Horde: 3.2-ALPHA Horde Applications * Gollem: H3 (1.0.2) (run Gollem tests) * Horde: 3.2-ALPHA * Imp: H3 (4.1.4) (run Imp tests) * Ingo: H3 (1.1.3) (run Ingo tests) * Kronolith: H3 (2.1.5) * Mnemo: H3 (2.1.1) * Nag: H3 (2.1.3) * Sam: 1.0-cvs * Trean: 1.0-cvs (run Trean tests) * Turba: H3 (2.1.4) (run Turba tests) This was an upgrade of a 3.1.4 system to accommodate the use of trean. The behaviour has been observed when using firefox 2.0.0.6 in windows and linux environments. Wed, 05 Sep 2007 06:25:43 +0000 https://bugs.horde.org/ticket/5696#t36593 That's very odd; I've never seen anything like that and I can't reproduce it. I'm at a loss as to what could cause that. Wed, 05 Sep 2007 14:16:45 +0000 https://bugs.horde.org/ticket/5696#t36622 Could it be that we load horde's enter_key_trap.js in IMP's login screen? Looking at the diff, that would explain it: http://cvs.horde.org/diff.php?sa=1&r1=1.2.10.3&r2=1.8&f=horde%2Fjs%2Fenter_key_trap.js Wed, 05 Sep 2007 14:21:26 +0000 https://bugs.horde.org/ticket/5696#t36631 Is there anything I could do to help with this? Generate a more detailed error report? Let me know. I've also noticed that modsecurity on my apche server is reporting: [msg "ASP/JSP source code leakage"] [severity "WARNING"] against [uri "/horde/imp/mailbox.php?page=1"] [msg "PHP source code leakage"] [severity "WARNING"] against [uri "/horde/imp/message.php?index=1091"] Wed, 05 Sep 2007 18:34:27 +0000 https://bugs.horde.org/ticket/5696#t36661 UPDATE! This bug appears also to be in the none http login as well. It is also present when opera is used. Wed, 05 Sep 2007 19:22:14 +0000 https://bugs.horde.org/ticket/5696#t36662 > [msg "PHP source code leakage"] [severity "WARNING"] against [uri > "/horde/imp/message.php?index=1091"] And if you view the source of this page, what "leaked source" do you see? Thu, 06 Sep 2007 03:47:01 +0000 https://bugs.horde.org/ticket/5696#t36694 Please replace this file and re-test (after clearing your browser cache): http://cvs.horde.org/co.php?r=1.9&f=horde%2Fjs%2Fenter_key_trap.js Thu, 06 Sep 2007 03:50:01 +0000 https://bugs.horde.org/ticket/5696#t36697 Here are the relevant rules from modsecurity: SecRule RESPONSE_BODY "(?:\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_st\ art|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open)|\$_(?:(?:pos|ge)t|session))\b" \ "ctl:auditLogParts=+E,log,auditlog,msg:'PHP source code leakage',,id:'970015',severity:'4'" SecRule RESPONSE_BODY "<\?(?!xml)" \ "chain,ctl:auditLogParts=+E,log,auditlog,msg:'PHP source code leakage',,id:'970902',severity:'4'" Thu, 06 Sep 2007 03:59:46 +0000 https://bugs.horde.org/ticket/5696#t36710 > Please replace this file and re-test (after clearing your browser cache): > http://cvs.horde.org/co.php?r=1.9&f=horde%2Fjs%2Fenter_key_trap.js File replaced, cache cleared, and all working A-OK! Yep fixed in Linux, firefox and opera will try windows later today but I think you've cracked it. Cheers Thu, 06 Sep 2007 06:29:29 +0000 https://bugs.horde.org/ticket/5696#t36712