6.0.0-git
2021-01-18

[#9349] SyncML delete prefs form token issue
Summary SyncML delete prefs form token issue
Queue Horde Groupware
Queue Version 1.2.8
Type Bug
State Resolved
Priority 2. Medium
Owners jan (at) horde (dot) org
Requester slusarz (at) horde (dot) org
Created 2010-10-28 (3735 days ago)
Due
Updated 2011-06-28 (3492 days ago)
Assigned 2010-11-04 (3728 days ago)
Resolved 2011-06-28 (3492 days ago)
Milestone 1.2.9
Patch No

History
2011-06-28 18:00:10 Jan Schneider Comment #12
Assigned to Jan Schneider
State ⇒ Resolved
Reply to this comment
Nice catch!
2011-06-28 17:53:06 dunix (at) gmx (dot) de Comment #10 Reply to this comment
So, changing line 35 in templates/syncml/syncml.inc to
There is another short open tag in that file on line 51
2011-06-28 17:45:01 dunix (at) gmx (dot) de Comment #9 Reply to this comment
You could check if you have a hidden horde_prefs_token field in the 
forms on that preference page.
I have one, but it has no value because there is a short open tag   
that is not interpreted anymore on my server.

So, changing line 35 in templates/syncml/syncml.inc to
<input type="hidden" value="<?php echo 
Horde::getRequestToken('horde_prefs') ?>" name="horde_prefs_token">
fixed the problem for me.
2011-06-28 16:22:45 Jan Schneider Comment #8 Reply to this comment
What additional information to provide?
You could check if you have a hidden horde_prefs_token field in the 
forms on that preference page.
2011-06-28 15:57:25 dunix (at) gmx (dot) de Comment #7 Reply to this comment
Same here, also with Horde 3.3.11
2011-06-22 19:10:32 jfrey (at) gmx (dot) de Comment #6 Reply to this comment
Going to mark as not a bug since it can't be replicated.
I can reproduce this issue on horde 3.3.11 - simply need to click 
"Delete" for any sync session or "Delete all" in SyncML options page.

What additional information to provide?
2011-01-20 05:02:46 Michael Slusarz Comment #5 Reply to this comment
Changes have been made in Git for this ticket:
Wrong bug report.
2011-01-20 05:02:19 Git Commit Comment #4 Reply to this comment
Changes have been made in Git for this ticket:

Bug #9349: Fix new subfolder doesn't show in folder list
Problem only occurred if all (unsubscribed) folders are viewed.
hasChildren() was always returning true because we created the parent
element before making the initial hasChildren() check.  Need to check
for children before this.

http://git.horde.org/horde-git/-/commit/245d08ddc7d2f1b0d72eee0b3f96ebc164534899
2010-11-08 21:12:07 Michael Slusarz Comment #3
State ⇒ Not A Bug
Reply to this comment
Going to mark as not a bug since it can't be replicated.
2010-11-04 11:12:21 Jan Schneider Comment #2
State ⇒ Feedback
Reply to this comment
I don't see this. I can delete individual sync anchors and all anchors 
at once just fine.
2010-10-28 22:33:36 Michael Slusarz Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 2. Medium
Summary ⇒ SyncML delete prefs form token issue
Queue ⇒ Horde Groupware
Milestone ⇒ 1.2.9
Patch ⇒ No
Reply to this comment
From Ticket #9289:

Unfortunately after upgrade I still get "We cannot verify that this
request..." when trying to delete sync sessions from
Horde/Options/SyncML.

Oct 27 22:23:28 direwolf horde[8584]: [horde] Backend of class
SyncML_Backend_Horde created [pid 8584 on line 287 of
"/usr/local/www/horde/lib/SyncML/Backend.php"]
Oct 27 22:23:28 direwolf horde[8584]: [horde] We cannot verify that
this request was really sent by you. It could be a malicious request.
If you intended to perform this action, you can retry it now. [pid
8584 on line 176 of "/usr/local/www/horde/lib/Horde/Notification.php"]
Oct 27 22:23:28 direwolf horde[8584]: [horde] SQL Query by
SyncML_Backend_Horde::getUserAnchors(): SELECT syncml_syncpartner,
syncml_db, syncml_clientanchor, syncml_serveranchor FROM
horde_syncml_anchors WHERE syncml_uid = ?, values: peo [pid 8584 on
line 650 of "/usr/local/www/horde/lib/SyncML/Backend/Horde.php"]

Saved Queries