Bug#91814: horde: Generating bad URLs in session

Ola Lundqvist opal@debian.org
Fri, 26 Oct 2001 16:52:12 +0200


Hi

Is this the bug that causes Internet Explorer to not work properly
when using https?

Regards,

// Ola

PS.
Please CC 91814@bugs.debian.org
DS.

On Mon, Mar 26, 2001 at 02:30:51PM -0600, John Goerzen wrote:
> Package: horde
> Version: 2:1.2.4-6
> Severity: important
> 
> I've been having reports from people that cannot log into my IMP
> installation at https://www.complete.org/imp/, running under apache.  After
> connecting to it with a SSL client, I had this conversation:
> 
> GET /imp/ HTTP/1.0
> 
> HTTP/1.1 302 Found
> Date: Mon, 26 Mar 2001 20:18:44 GMT
> Server: Apache/1.3.14 (Unix) Debian/GNU PHP/4.0.4pl1 mod_ssl/2.7.1
> OpenSSL/0.9.6X-Powered-By: PHP/4.0.4pl1
> Status: 302 Moved Temporarily
> Set-Cookie: HordeSession=f7c7e16a336c537ba44a7409ddd98801; path=/
> Location: https:///imp/index.php3?HordeSession=f7c7e16a336c537ba44a7409ddd98801
> Connection: close
> Content-Type: text/html
> 
> Note that bad URL from the Location header.  I tracked this down to
> /etc/horde/session.inc.  I don't know what the problem is.  The below patch
> fixed it for me (it won't for anyone else; I hard-coded my site's URL into
> it!)
> 
> --- session.inc~        Sun Mar  4 04:49:05 2001
> +++ session.inc Mon Mar 26 14:25:38 2001
> @@ -413,7 +413,7 @@
>                                 } else {
>                                         $PROTOCOL='http';
>                                 }
> -                               header("Location: ". $PROTOCOL. "://".$HTTP_HOS
> +                               header("Location: ". $PROTOCOL. "://www.complet
>                                 exit;
>                         }
>                 }
> 
> 
> -- System Information
> Debian Release: testing/unstable
> Kernel Version: Linux pi 2.2.16 #1 Fri Jun 9 00:31:56 CDT 2000 i586 unknown
> 
> Versions of the packages horde depends on:
> ii  apache         1.3.14-2.3     Versatile, high-performance HTTP server
> ii  binutils       2.11.90.0.1-1  The GNU assembler, linker and binary utiliti
> ii  debconf        0.9.28         Debian configuration management system
> ii  grep           2.4.2-1        GNU grep, egrep and fgrep.
> ii  perl           5.6.0-21       Larry Wall's Practical Extracting and Report
> ii  perl-5.005     6.1            Transitional package.
> ii  php4           4.0.4pl1-5     A server-side, HTML-embedded scripting langu
> ii  sed            3.02-6         The GNU sed stream editor.
> ii  wwwconfig-comm 0.0.3-3        Debian web auto configuration.
> rc  php3           3.0.18-10      A server-side, HTML-embedded scripting langu
> apache-ssl	Not installed or no info
> ii  apache         1.3.14-2.3     Versatile, high-performance HTTP server
> 	^^^ (Provides virtual package httpd)
> 
> --- Ignoring conffile /etc/horde/local.inc (not world readable)
> 
> --- Ignoring conffile /etc/horde/horde_phplib.inc.in (not world readable)
> 
> --- Ignoring modified conffile /etc/horde/session.inc (>8k)
> 

-- 
 --------------------- Ola Lundqvist ---------------------------
/  opal@debian.org                     Björnkärrsgatan 5 A.11   \
|  opal@lysator.liu.se                 584 36 LINKÖPING         |
|  +46 (0)13-17 69 83                  +46 (0)70-332 1551       |
|  http://www.opal.dhs.org             UIN/icq: 4912500         |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---------------------------------------------------------------