Tickets :: [#9349] SyncML delete prefs form token issue

6.0.0-git

2021-01-18

Summary	SyncML delete prefs form token issue
Queue	Horde Groupware
Queue Version	1.2.8
Type	Bug
State	Resolved
Priority	2. Medium
Owners	jan (at) horde (dot) org
Requester	slusarz (at) horde (dot) org
Created	2010-10-28 (3735 days ago)
Due
Updated	2011-06-28 (3492 days ago)
Assigned	2010-11-04 (3728 days ago)
Resolved	2011-06-28 (3492 days ago)
Milestone	1.2.9
Patch	No

2011-06-28 18:00:10	Jan Schneider	Comment #12 Assigned to Jan Schneider State ⇒ Resolved	Reply to this comment
Nice catch!

2011-06-28 17:59:22	CVS Commit	Comment #11	Reply to this comment
Changes have been made in CVS for this ticket: Fix deleting of SyncML anchors if PHP short_open_tag is off (~~Bug #9349~~). http://cvs.horde.org/diff.php/horde/docs/CHANGES?rt=horde&r1=1.515.2.646&r2=1.515.2.647&ty=u http://cvs.horde.org/diff.php/horde/templates/syncml/syncml.inc?rt=horde&r1=1.1.2.4&r2=1.1.2.5&ty=u

2011-06-28 17:53:06	dunix (at) gmx (dot) de	Comment #10	Reply to this comment
So, changing line 35 in templates/syncml/syncml.inc to There is another short open tag in that file on line 51

2011-06-28 17:45:01	dunix (at) gmx (dot) de	Comment #9	Reply to this comment
You could check if you have a hidden horde_prefs_token field in the forms on that preference page. I have one, but it has no value because there is a short open tag that is not interpreted anymore on my server. So, changing line 35 in templates/syncml/syncml.inc to <input type="hidden" value="<?php echo Horde::getRequestToken('horde_prefs') ?>" name="horde_prefs_token"> fixed the problem for me.

2011-06-28 16:22:45	Jan Schneider	Comment #8	Reply to this comment
What additional information to provide? You could check if you have a hidden horde_prefs_token field in the forms on that preference page.

2011-06-28 15:57:25	dunix (at) gmx (dot) de	Comment #7	Reply to this comment
Same here, also with Horde 3.3.11

2011-06-22 19:10:32	jfrey (at) gmx (dot) de	Comment #6	Reply to this comment
Going to mark as not a bug since it can't be replicated. I can reproduce this issue on horde 3.3.11 - simply need to click "Delete" for any sync session or "Delete all" in SyncML options page. What additional information to provide?

2011-01-20 05:02:46	Michael Slusarz	Comment #5	Reply to this comment
Changes have been made in Git for this ticket: Wrong bug report.

2011-01-20 05:02:19	Git Commit	Comment #4	Reply to this comment
Changes have been made in Git for this ticket: ~~Bug #9349~~: Fix new subfolder doesn't show in folder list Problem only occurred if all (unsubscribed) folders are viewed. hasChildren() was always returning true because we created the parent element before making the initial hasChildren() check. Need to check for children before this. http://git.horde.org/horde-git/-/commit/245d08ddc7d2f1b0d72eee0b3f96ebc164534899

2010-11-08 21:12:07	Michael Slusarz	Comment #3 State ⇒ Not A Bug	Reply to this comment
Going to mark as not a bug since it can't be replicated.

2010-11-04 11:12:21	Jan Schneider	Comment #2 State ⇒ Feedback	Reply to this comment
I don't see this. I can delete individual sync anchors and all anchors at once just fine.

2010-10-28 22:33:36	Michael Slusarz	Comment #1 Type ⇒ Bug State ⇒ Unconfirmed Priority ⇒ 2. Medium Summary ⇒ SyncML delete prefs form token issue Queue ⇒ Horde Groupware Milestone ⇒ 1.2.9 Patch ⇒ No	Reply to this comment
From ~~Ticket #9289~~: Unfortunately after upgrade I still get "We cannot verify that this request..." when trying to delete sync sessions from Horde/Options/SyncML. Oct 27 22:23:28 direwolf horde[8584]: [horde] Backend of class SyncML_Backend_Horde created [pid 8584 on line 287 of "/usr/local/www/horde/lib/SyncML/Backend.php"] Oct 27 22:23:28 direwolf horde[8584]: [horde] We cannot verify that this request was really sent by you. It could be a malicious request. If you intended to perform this action, you can retry it now. [pid 8584 on line 176 of "/usr/local/www/horde/lib/Horde/Notification.php"] Oct 27 22:23:28 direwolf horde[8584]: [horde] SQL Query by SyncML_Backend_Horde::getUserAnchors(): SELECT syncml_syncpartner, syncml_db, syncml_clientanchor, syncml_serveranchor FROM horde_syncml_anchors WHERE syncml_uid = ?, values: peo [pid 8584 on line 650 of "/usr/local/www/horde/lib/SyncML/Backend/Horde.php"]