[Tickets #12926] invalid token when printing from frameset

[noreply at bugs.horde.org]

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/12926
------------------------------------------------------------------------------
  Ticket             | 12926
  Created By         | dav at geoazur.unice.fr
  Summary            | invalid token when printing from frameset
  Queue              | Horde Groupware Webmail Edition
  Version            | 5.1.3
  Type               | Bug
  State              | Unconfirmed
  Priority           | 2. Medium
  Milestone          |
  Patch              |
  Owners             |
------------------------------------------------------------------------------


dav at geoazur.unice.fr (2014-01-20 17:08) wrote:

We use Horde inside a frameset (Gandi domain with "masked" forwarding  
mode) : login is Ok after setting "use_only_cookies" to false, but  
view, print, etc. actions for mail/imp, open a new window with "fatal  
error - invalid token".

However when using Horde with direct url, theses actions open correct windows.

Actually, when logging from frameset http://webmail.domain1/ then  
trying to print a mail, url of the new window is
https://server.domain2/horde/imp/view.php?Horde=hhh&amp%3Bview_token=ttt-ttt&actionID=print_attach&buid=bbb&id=1&mailbox=mmm&token=ttt-ttt&uniq=uuu

whereas when logging from http://server/horde/ then printing, url is
https://server.domain2/horde/imp/view.php?view_token=ttt-ttt&actionID=print_attach&buid=bbb&id=1&mailbox=mmm&token=ttt-ttt&uniq=uuu

If I edit url with "invalid token" and just replace  
"&amp%3Bview_token" with "&view_token" then reload, it works : the  
window shows the expected result.

Any idea from where "&" was encoded to "&" when using frame ?