Tickets :: [#9349] SyncML delete prefs form token issue

6.0.0-beta1

7/5/25

Summary	SyncML delete prefs form token issue
Queue	Horde Groupware
Queue Version	1.2.8
Type	Bug
State	Resolved
Priority	2. Medium
Owners	jan (at) horde (dot) org
Requester	slusarz (at) horde (dot) org
Created	10/28/2010 (5364 days ago)
Due
Updated	06/28/2011 (5121 days ago)
Assigned	11/04/2010 (5357 days ago)
Resolved	06/28/2011 (5121 days ago)
Github Issue Link
Github Pull Request
Milestone	1.2.9
Patch	No

06/28/2011 06:00:10 PM	Jan Schneider	Comment #12 Assigned to Jan Schneider State ⇒ Resolved	Reply to this comment
Nice catch!

06/28/2011 05:59:22 PM	CVS Commit	Comment #11	Reply to this comment
Changes have been made in CVS for this ticket: Fix deleting of SyncML anchors if PHP short_open_tag is off (~~Bug #9349~~). http://cvs.horde.org/diff.php/horde/docs/CHANGES?rt=horde&r1=1.515.2.646&r2=1.515.2.647&ty=u http://cvs.horde.org/diff.php/horde/templates/syncml/syncml.inc?rt=horde&r1=1.1.2.4&r2=1.1.2.5&ty=u

06/28/2011 05:53:06 PM	dunix (at) gmx (dot) de	Comment #10	Reply to this comment
So, changing line 35 in templates/syncml/syncml.inc to There is another short open tag in that file on line 51

06/28/2011 05:45:01 PM	dunix (at) gmx (dot) de	Comment #9	Reply to this comment
You could check if you have a hidden horde_prefs_token field in the forms on that preference page. I have one, but it has no value because there is a short open tag that is not interpreted anymore on my server. So, changing line 35 in templates/syncml/syncml.inc to <input type="hidden" value="<?php echo Horde::getRequestToken('horde_prefs') ?>" name="horde_prefs_token"> fixed the problem for me.

06/28/2011 04:22:45 PM	Jan Schneider	Comment #8	Reply to this comment
What additional information to provide? You could check if you have a hidden horde_prefs_token field in the forms on that preference page.

06/28/2011 03:57:25 PM	dunix (at) gmx (dot) de	Comment #7	Reply to this comment
Same here, also with Horde 3.3.11

06/22/2011 07:10:32 PM	jfrey (at) gmx (dot) de	Comment #6	Reply to this comment
Going to mark as not a bug since it can't be replicated. I can reproduce this issue on horde 3.3.11 - simply need to click "Delete" for any sync session or "Delete all" in SyncML options page. What additional information to provide?

01/20/2011 05:02:46 AM	Michael Slusarz	Comment #5	Reply to this comment
Changes have been made in Git for this ticket: Wrong bug report.

01/20/2011 05:02:19 AM	Git Commit	Comment #4	Reply to this comment
Changes have been made in Git for this ticket: ~~Bug #9349~~: Fix new subfolder doesn't show in folder list Problem only occurred if all (unsubscribed) folders are viewed. hasChildren() was always returning true because we created the parent element before making the initial hasChildren() check. Need to check for children before this. http://git.horde.org/horde-git/-/commit/245d08ddc7d2f1b0d72eee0b3f96ebc164534899

11/08/2010 09:12:07 PM	Michael Slusarz	Comment #3 State ⇒ Not A Bug	Reply to this comment
Going to mark as not a bug since it can't be replicated.

11/04/2010 11:12:21 AM	Jan Schneider	Comment #2 State ⇒ Feedback	Reply to this comment
I don't see this. I can delete individual sync anchors and all anchors at once just fine.

10/28/2010 10:33:36 PM	Michael Slusarz	Comment #1 Patch ⇒ No State ⇒ Unconfirmed Milestone ⇒ 1.2.9 Queue ⇒ Horde Groupware Summary ⇒ SyncML delete prefs form token issue Type ⇒ Bug Priority ⇒ 2. Medium	Reply to this comment
From ~~Ticket #9289~~: Unfortunately after upgrade I still get "We cannot verify that this request..." when trying to delete sync sessions from Horde/Options/SyncML. Oct 27 22:23:28 direwolf horde[8584]: [horde] Backend of class SyncML_Backend_Horde created [pid 8584 on line 287 of "/usr/local/www/horde/lib/SyncML/Backend.php"] Oct 27 22:23:28 direwolf horde[8584]: [horde] We cannot verify that this request was really sent by you. It could be a malicious request. If you intended to perform this action, you can retry it now. [pid 8584 on line 176 of "/usr/local/www/horde/lib/Horde/Notification.php"] Oct 27 22:23:28 direwolf horde[8584]: [horde] SQL Query by SyncML_Backend_Horde::getUserAnchors(): SELECT syncml_syncpartner, syncml_db, syncml_clientanchor, syncml_serveranchor FROM horde_syncml_anchors WHERE syncml_uid = ?, values: peo [pid 8584 on line 650 of "/usr/local/www/horde/lib/SyncML/Backend/Horde.php"]