[horde] Possible auth problem with turba?

[Simon Scott]

Hi all

Ive checked bugs.horde.org for this, but I cant find it anywhere, so
accept my apologies if this has already been fixed. Im currently
running a nightly version of HEAD (from July 1) merely to evaluate
horde. I took a chance and opened it to the net with no other
security than horde auth. 3 of us are using it for webmail etc just
as a test.

Im at work at the moment, and dont have ssh access to the box, but I
just went to add a contact in turba. After I entered in all the
details and hit the add (or save?) button, I got a pron oriented
page..... 

There must be a way for someone to alter the link, or perhaps to
inject the page onto my server?

Ive shut the box down remotely for now, and will have a better look
tonight, but has this already been noted and fixed? If not, it may
still be hanging around in HEAD I guess.

Ill upgrade tonight, secure the box a bit more etc to avoid this
problem in the future, so this is just a bit of an FYI.

Thanks.