6.0.0-git
2019-04-21

[#9024] DIMP initialises IMP session
Summary DIMP initialises IMP session
Queue DIMP
Queue Version 1.1.4
Type Bug
State Resolved
Priority 1. Low
Owners slusarz (at) horde (dot) org
Requester Valentin.Vidic (at) carnet (dot) hr
Created 2010-05-13 (3265 days ago)
Due
Updated 2010-05-13 (3265 days ago)
Assigned 2010-05-13 (3265 days ago)
Resolved 2010-05-13 (3265 days ago)
Milestone
Patch Yes

History
2010-05-13 21:55:53 Michael Slusarz Comment #4
State ⇒ Resolved
Reply to this comment
Fixed in IMP 4.3.8 and DIMP 1.1.5.
2010-05-13 21:55:36 CVS Commit Comment #3 Reply to this comment
Changes have been made in CVS for this ticket:

Bug: 9024
Submitted by: Valentin.Vidic@CARNet.hr
Don't set viewmode if session is not active.
http://cvs.horde.org/diff.php/dimp/lib/base.php?rt=horde&r1=1.33.2.9&r2=1.33.2.10&ty=u
2010-05-13 21:53:04 CVS Commit Comment #2 Reply to this comment
Changes have been made in CVS for this ticket:

Bug: 9024
Submitted by: Valentin.Vidic@CARNet.hr
Don't set viewmode if session is not active.
http://cvs.horde.org/diff.php/imp/lib/base.php?rt=horde&r1=1.79.10.21&r2=1.79.10.22&ty=u
2010-05-13 15:21:46 Jan Schneider Assigned to Michael Slusarz
State ⇒ Assigned
 
2010-05-13 13:49:09 Valentin (dot) Vidic (at) carnet (dot) hr Comment #1
Type ⇒ Bug
Summary ⇒ DIMP initialises IMP session
Priority ⇒ 1. Low
State ⇒ Unconfirmed
Queue ⇒ DIMP
Milestone ⇒
Patch ⇒ Yes
New Attachment: dimp_session.diff Download
Reply to this comment
Accessing https://webmail.host/dimp/ without being logged in redirects 
to Horde login screen. After logging in /dimp/index.php is opened 
again but this time IMP session is missing. Another redirect happens 
here, this time to /imp/redirect.php. Finally /imp/redirect.php 
forwards to /imp/login.php with logout_reason=failed. This final 
redirect happens here:

/* If we already have a session: */
if (isset($_SESSION['imp']) && is_array($_SESSION['imp'])) {
     /* Make sure that if a username was specified, it is the current
      * username. */
     if (($imapuser !== null && ($imapuser != $_SESSION['imp']['user'])) ||
         ($pass !== null && ($pass != 
Secret::read(Secret::getKey('imp'), $_SESSION['imp']['pass'])))) {

         /* Disable the old session. */
         unset($_SESSION['imp']);
         _redirect(Auth::addLogoutParameters(IMP::logoutUrl(), 
AUTH_REASON_FAILED));
     }

Problem is that DIMP initializes $_SESSION['imp'] with

    $_SESSION['imp']['viewmode'] = 'dimp'

but the rest of the session is missing so IMP thinks something went 
wrong. Attached patch fixes this causing DIMP to update the session 
only if it's already initialized.

Saved Queries