Bug#91814: horde: Generating bad URLs in session
Ola Lundqvist
opal@debian.org
Fri, 26 Oct 2001 16:52:12 +0200
Hi
Is this the bug that causes Internet Explorer to not work properly
when using https?
Regards,
// Ola
PS.
Please CC 91814@bugs.debian.org
DS.
On Mon, Mar 26, 2001 at 02:30:51PM -0600, John Goerzen wrote:
> Package: horde
> Version: 2:1.2.4-6
> Severity: important
>
> I've been having reports from people that cannot log into my IMP
> installation at https://www.complete.org/imp/, running under apache. After
> connecting to it with a SSL client, I had this conversation:
>
> GET /imp/ HTTP/1.0
>
> HTTP/1.1 302 Found
> Date: Mon, 26 Mar 2001 20:18:44 GMT
> Server: Apache/1.3.14 (Unix) Debian/GNU PHP/4.0.4pl1 mod_ssl/2.7.1
> OpenSSL/0.9.6X-Powered-By: PHP/4.0.4pl1
> Status: 302 Moved Temporarily
> Set-Cookie: HordeSession=f7c7e16a336c537ba44a7409ddd98801; path=/
> Location: https:///imp/index.php3?HordeSession=f7c7e16a336c537ba44a7409ddd98801
> Connection: close
> Content-Type: text/html
>
> Note that bad URL from the Location header. I tracked this down to
> /etc/horde/session.inc. I don't know what the problem is. The below patch
> fixed it for me (it won't for anyone else; I hard-coded my site's URL into
> it!)
>
> --- session.inc~ Sun Mar 4 04:49:05 2001
> +++ session.inc Mon Mar 26 14:25:38 2001
> @@ -413,7 +413,7 @@
> } else {
> $PROTOCOL='http';
> }
> - header("Location: ". $PROTOCOL. "://".$HTTP_HOS
> + header("Location: ". $PROTOCOL. "://www.complet
> exit;
> }
> }
>
>
> -- System Information
> Debian Release: testing/unstable
> Kernel Version: Linux pi 2.2.16 #1 Fri Jun 9 00:31:56 CDT 2000 i586 unknown
>
> Versions of the packages horde depends on:
> ii apache 1.3.14-2.3 Versatile, high-performance HTTP server
> ii binutils 2.11.90.0.1-1 The GNU assembler, linker and binary utiliti
> ii debconf 0.9.28 Debian configuration management system
> ii grep 2.4.2-1 GNU grep, egrep and fgrep.
> ii perl 5.6.0-21 Larry Wall's Practical Extracting and Report
> ii perl-5.005 6.1 Transitional package.
> ii php4 4.0.4pl1-5 A server-side, HTML-embedded scripting langu
> ii sed 3.02-6 The GNU sed stream editor.
> ii wwwconfig-comm 0.0.3-3 Debian web auto configuration.
> rc php3 3.0.18-10 A server-side, HTML-embedded scripting langu
> apache-ssl Not installed or no info
> ii apache 1.3.14-2.3 Versatile, high-performance HTTP server
> ^^^ (Provides virtual package httpd)
>
> --- Ignoring conffile /etc/horde/local.inc (not world readable)
>
> --- Ignoring conffile /etc/horde/horde_phplib.inc.in (not world readable)
>
> --- Ignoring modified conffile /etc/horde/session.inc (>8k)
>
--
--------------------- Ola Lundqvist ---------------------------
/ opal@debian.org Björnkärrsgatan 5 A.11 \
| opal@lysator.liu.se 584 36 LINKÖPING |
| +46 (0)13-17 69 83 +46 (0)70-332 1551 |
| http://www.opal.dhs.org UIN/icq: 4912500 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------