[Tickets #2664] fails to view attachment due unset actionID
bugs@bugs.horde.org
bugs at bugs.horde.org
Sun Oct 2 20:07:04 PDT 2005
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=2664
-----------------------------------------------------------------------
Ticket | 2664
Updated By | Chuck Hagenbuch <chuck at horde.org>
Summary | fails to view attachment due unset actionID
Queue | IMP
Version | FRAMEWORK_3
State | Assigned
Priority | 3. High
Type | Bug
Owners | Jan Schneider
-----------------------------------------------------------------------
Chuck Hagenbuch <chuck at horde.org> (2005-10-02 20:07) wrote:
> Such cases should be very rare, because they could only happen where
> we use request variable *before* including core.php.
> OTOH is a useful guard against security holes caused by slappy
> programming from us.
Rare, yes, but not nonexistant as we've seen. So it breaks those cases with
newer apps and older Horde versions. I guess I'm just not sure if we want to
break BC for what's essentially an enhancement vs. for something that was
definitively broken.
More information about the bugs
mailing list