[imp] htmlspecialchars (was Re: [imp] IMP HEAD CVS: error in newmail popup)

mays@optonline.net mays@optonline.net
Thu, 06 Dec 2001 13:55:58 -0500


Barry Flanagan wrote:

> Using HEAD CVS of IMP, updated yesterday.
>
> If you have new mail popups enabled, and are in a folder other than the one
> the new mail arrives in, the URL that the popup directs you to is broken. The
> URL sent is like:
>
> /mailbox.php?newmail_popup=no&mailbox=INBOX
>
> Notice the "amp;" after the & - if you take out the "amp;" bit all is well.
>
> --
>
> -Barry Flanagan

I notice a similar problem when using imp authentication with horde.  On log
out, a user is redirected to something similar to


http://example.com/horde/imp/login.php?reason=logout&redirect_url=http%3A%2F%2Fexample.com%2Fhorde%2Flogin.php

Notice the same "amp;" after the &.  Taking out the "amp;" here as well does the
correct thing.  What I believe the intent to be is that horde/imp/login.php
redirects again to horde/login.php.  The extra 'amp;' prevents the recognition
of the redirect_url.  This looks to be coming from the code in
Registry::linkByPackage, which is being called from Registry::link.  At the very
end of linkByPackage, the resulting link is run through htmlspecialchars before
being returned.  This causes the '&' to be changed to '&'.  I don't know
what other implications there might be, but removing the call to
htmlspecialchars here allows the redirect_url portion to be processed (correctly
?) by imp/login.php.

Without this change, when the next user logs in, they are taken immediately to
their INBOX.  This is in contrast to the initial log in where the user is taken
to the main horde page.  I don't know which is the desired behavior, but they
should at least be consistent.

A diff below is against RELENG_2 of horde from a day or so ago.

Mark

--- horde.new/lib/Registry.php.orig     Fri Nov 30 20:13:10 2001
+++ horde.new/lib/Registry.php  Thu Dec  6 13:28:09 2001
@@ -338,7 +338,7 @@
         // in a stricter registry).
         $link = preg_replace('|\|.+\||U', '', $link);

-        return htmlspecialchars($link);
+        return $link;
     }

     /**



>From jan@horde.org Date: Thu,  6 Dec 2001 19:49:17 +0100
Return-Path: <jan@horde.org>
Mailing-List: contact imp-help@lists.horde.org; run by ezmlm
Delivered-To: mailing list imp@lists.horde.org
Received: (qmail 11023 invoked from network); 6 Dec 2001 18:58:23 -0000
Received: from mailout05.sul.t-online.com (HELO mailout05.sul.t-online.de) (194.25.134.82)
  by clark.horde.org with SMTP; 6 Dec 2001 18:58:23 -0000
Received: from fwd06.sul.t-online.de 
	by mailout05.sul.t-online.de with smtp 
	id 16C3iI-0006yP-01; Thu, 06 Dec 2001 19:57:42 +0100
Received: from linux.wg.de (320034214675-0001@[217.225.46.190]) by fmrl06.sul.t-online.com
	with esmtp id 16C3iE-1AxjZgC; Thu, 6 Dec 2001 19:57:38 +0100
Received: from localhost (localhost [127.0.0.1])
	by linux.wg.de (8.11.0/8.11.0/SuSE Linux 8.11.0-0.4) with ESMTP id fB6InHk04486
	for <imp@lists.horde.org>; Thu, 6 Dec 2001 19:49:17 +0100
Received: from 192.168.60.1 ( [192.168.60.1])
	as user jan@linux by linux.wg.de with HTTP;
	Thu,  6 Dec 2001 19:49:17 +0100
Message-ID: <1007664557.3c0fbdad38d48@linux.wg.de>
Date: Thu,  6 Dec 2001 19:49:17 +0100
From: Jan Schneider <jan@horde.org>
To: imp@lists.horde.org
References: <20011206160927.97856.qmail@web14801.mail.yahoo.com>
In-Reply-To: <20011206160927.97856.qmail@web14801.mail.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 4.0-cvs
X-Sender: 320034214675-0001@t-dialin.net
Subject: Re: [imp] migrating from imp 2.2.7 to horde-2.0 RC-3/imp 3

Zitat von RooTiX <rootix@yahoo.fr>:

> I have found script to migrate addressbook from imp2
> to turba and i have modified it because the database
> format has changed. It seems to work and i have used
> it.
> I have created an other for migrate signature and name
> and works too. So, if it can help you...
> I'm joining the files.

Great, but it didn't go to the mailing list. Append it as text/plain 
attachment or provide us a link where it is downloadable.

Jan.

::::::::::::::::::::::::::::::::::::::::
AMMMa AG - discover your knowledge
:::::::::::::::::::::::::::
Detmolder Str. 25-33 :: D-33604 Bielefeld
fon +49.521.96878-0 :: fax  +49.521.96878-20
http://www.ammma.de
::::::::::::::::::::::::::::::::::::::::::::::