[horde] We cannot verify that this request was really sent by you.

[Paul Faure]

If I open a message and click on forward, it uses this link:

javascript:popup_imp('/horde/imp/compose.php',700,650,'actionID=forwardall&index=12269&identity=0&thismailbox=INBOX');

And always throws that error you described.

If instead I over over the word "Forward" and use any of the 3 links
which appear, then I dont get that error:

javascript:popup_imp('/horde/imp/compose.php',700,650,'actionID=forward_all&index=12269&identity=0&thismailbox=INBOX');
javascript:popup_imp('/horde/imp/compose.php',700,650,'actionID=forward_body&index=12269&identity=0&thismailbox=INBOX');
javascript:popup_imp('/horde/imp/compose.php',700,650,'actionID=forward_attachments&index=12269&identity=0&thismailbox=INBOX');

The difference being the actionID=forwardall instead of
actionID=forward_all.

Webmail Edition 1.2
Mail (imp) H3 (4.3)




On Tue, 2008-10-14 at 16:20 -0400, Steve Devine wrote:
> We have one user who is consistently getting this error.
> "We cannot verify that this request was really sent by you. It could  
> be a malicious request."  He will get it 3 or 4 times a day most often  
> right after he has logged in but not always.
> 
> I think this error comes from "function checkRequestToken" in imp/lib/IMP.php
> Whats the purpose of this? I see it gets called from folders.php, mailbox.php
> and message.php
> It's description is "check if a token for form is valid" .. so is this  
> supposed to check for cross-site scripting or some other trickery?
> Any suggestions on trouble shooting this?
> We are running horde-webmail-1.1.3
> Thanks
> 
> 
> 
> Steve Devine
> Email & Storage
> Academic Technical Services
> Michigan State University
> 
> 313 Computer Center
> East Lansing, MI 48824-1042
> 1-517-432-7327
> 
> 
> --
> Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org