[imp] IMP 3 / IE6 exposed php code
liamr@umich.edu
liamr@umich.edu
Mon, 21 Jan 2002 23:11:11 -0500
> That's the first I've seen of it. Try turning off page
> compression. Also, are there any hints if you view the source of
> the page?
Nothing in the log files (horde or php)... I do notice that it's putting the
horde session key in the URL when it doesn't normally...
ie:
https://mail.umich.edu/horde/imp/mailbox.php?
Horde=7e33edba088fa1d74bc159135c8975ab&actionID=105
If DIFFd the source code (as revealed by my browser) and they're at the end of
my message. If I diff the source generated by mailbox.php normally
w/compression and w/out compression, the changes are very minor (all of the
ones I've found are due to different session keys). If I diff the source code
from mailbox.php generated by hitting the browser's back button, w/and w/o
compression, there were a few interesting changes. It looks like maybe we're
missing some right angle brackets.
anyways.. I'm hoping we can come up w/ a work around, because we'd rather not
turn off the page compression, and I'm not sure our management will agree that
this is a "user education" issue.
thx
Liam
--- mailbox.php-out-compression Mon Jan 21 22:54:23 2002
+++ mailbox.php-out-nocompression Mon Jan 21 22:55:06 2002
@@ -722,5 +722,65 @@ Flags = new Array("32", "0", "0", "0", "
<form method="post" name="copymove2" action="/horde/imp/mailbox.php">
<a href="" onclick="Transfer(102, 2); return false;"
onmouseout="status='';" onmouseover="status='Move'; return true;"
class="widget">Move</a> |
<a href="" onclick="Transfer(103, 2); return false;"
onmouseout="status='';" onmouseover="status='Copy'; return true;"
class="widget">Copy</a>
<select name="targetMailbox" onchange="updateFolders(2);">
- <
\ No newline at end of file
+ <option value="">Messages to</option>
+<option value="mail/cert">cert</option>
+<option value="mail/Drafts">Drafts</option>
+<option value="mail/filter">filter</option>
+<option value="mail/fun">fun</option>
+<option value="mail/kudos">kudos</option>
+<option value="mail/licenses">licenses</option>
+<option value="mail/perl">perl</option>
+<option value="mail/policy">policy</option>
+<option value="mail/printing">printing</option>
+<option value="mail/saved-messages">saved-messages</option>
+<option value="mail/security">security</option>
+<option value="mail/sent-mail">sent-mail</option>
+<option value="mail/sent-mail-aug-2001">sent-mail-aug-2001</option>
+<option value="mail/sent-mail-dec-2001">sent-mail-dec-2001</option>
+<option value="mail/sent-mail-oct-2001">sent-mail-oct-2001</option>
+<option value="mail/sent-mail-sep-2001">sent-mail-sep-2001</option>
+<option value="mail/silkymail">silkymail</option>
+<option value="mail/slash">slash</option>
+<option value="mail/test">test</option>
+<option value="mail/tin-whistle">tin-whistle</option>
+<option value="mail/Trash">Trash</option>
+<option value="mail/webfreak">webfreak</option>
+<option value="mail/webmaster">webmaster</option>
+<option value="mail/work">work</option>
+<option value="mail/x509">x509</option>
+ </select>
+ </form>
+ </td>
+ </tr>
+</table>
+
+</td>
+</tr>
+</table>
+<br />
+
+<script language="JavaScript" type="text/javascript">
+<!--
+
+function open_compose_win(args)
+{
+ var url = "/horde/imp/compose.php";
+ if (url.indexOf('?') == -1) glue = '?';
+ else glue = '&';
+ var now = new Date();
+ var name = "compose_windows_" + now.getTime();
+ if (args != "") {
+ url = url + glue + args + "&uniq=" + now.getTime();
+ } else {
+ url = url + glue + "uniq=" + now.getTime();
+ }
+ param
= "toolbar=no,location=no,status=yes,scrollbars=yes,resizable=yes,width=700,hei
ght=650,left=0,top=0";
+ eval ("name = window.open(url, name, param)");
+ if (!eval("name.opener")) eval("name.opener = self");
+}
+
+// -->
+</script>
+</body>
+</html>