[horde] H6 bug: verifySignedUrl
Torben Dannhauer
torben at dannhauer.info
Thu Feb 20 00:08:54 UTC 2025
Hi,
The function verifySignedUrl($data, now = null) is a trouble troublemaker in H6.
This function seems to expect a string, but this works only as expected in fresh logins.
If you switch to another WiFi and then try to open another app in horde, the verification is triggered (makes sense). Unfortunately this time the passed data to the verification function is an array instead.
It seems the url array is taken from horde $injector->getInstance(‘Horde_Variables’);
How is the desired approach?
a) Should we ensure it is always called as string and the restructure aller callers, or
b) should we make the function itself instead more resilient. This is a bit tricky as the lifetime is included in the hash.
Thanks,
Torben
Von unterwegs gesendet
Sent from mobile
More information about the horde
mailing list