[Tickets #10722] "cannot verify" error message on stripping attachments
bugs at horde.org
bugs at horde.org
Tue Nov 8 16:16:43 UTC 2011
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/10722
------------------------------------------------------------------------------
Ticket | 10722
Created By | R.I.Phillips at bath.ac.uk
Summary | "cannot verify" error message on stripping attachments
Queue | IMP
Version | 5.0.14
Type | Bug
State | Unconfirmed
Priority | 1. Low
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
R.I.Phillips at bath.ac.uk (2011-11-08 16:16) wrote:
In the Traditional mode of IMP, when selecting "Strip Attachment"
users are presented with:
"We cannot verify that this request was really sent by you. It could
be a malicious request. If you intended to perform this action, you
can retry it now."
This appears to be because in imp/lib/Contents.php the seed if for
imp.impcontents, yet message.php validates "imp.message" when checking
the actionID
The bug fix we put in place in message.php in the try block was:
+ ($vars->actionID == 'strip_attachment') ?
+ $injector->getInstance('Horde_Token')->validate($vars->message_token,
'imp.impcontents') :
$injector->getInstance('Horde_Token')->validate($vars->message_token,
'imp.message');
I hope this doesn't affect the code adversely in other ways. I
suspect lib/Contents.php should really be modified instead.
More information about the bugs
mailing list