[imp] IMP 3 / IE6 exposed php code

liamr@umich.edu liamr@umich.edu
Mon, 21 Jan 2002 23:11:11 -0500


> That's the first I've seen of it.  Try turning off page
> compression.  Also, are there any hints if you view the source of
> the page?

Nothing in the log files (horde or php)... I do notice that it's putting the 
horde session key in the URL when it doesn't normally...

ie:

https://mail.umich.edu/horde/imp/mailbox.php?
Horde=7e33edba088fa1d74bc159135c8975ab&actionID=105

If DIFFd the source code (as revealed by my browser) and they're at the end of 
my message.  If I diff the source generated by mailbox.php normally 
w/compression and w/out compression, the changes are very minor (all of the 
ones I've found are due to different session keys).  If I diff the source code 
from mailbox.php generated by hitting the browser's back button, w/and w/o 
compression, there were a few interesting changes.  It looks like maybe we're 
missing some right angle brackets.

anyways.. I'm hoping we can come up w/ a work around, because we'd rather not 
turn off the page compression, and I'm not sure our management will agree that 
this is a "user education" issue.

thx
Liam

--- mailbox.php-out-compression	Mon Jan 21 22:54:23 2002
+++ mailbox.php-out-nocompression	Mon Jan 21 22:55:06 2002
@@ -722,5 +722,65 @@ Flags = new Array("32", "0", "0", "0", "
         <form method="post" name="copymove2" action="/horde/imp/mailbox.php">
         <a href="" onclick="Transfer(102, 2); return false;" 
onmouseout="status='';" onmouseover="status='Move'; return true;" 
class="widget">Move</a> |
         <a href="" onclick="Transfer(103, 2); return false;" 
onmouseout="status='';" onmouseover="status='Copy'; return true;" 
class="widget">Copy</a>
         <select name="targetMailbox" onchange="updateFolders(2);">
-            <
\ No newline at end of file
+            <option value="">Messages to</option>
+<option value="mail/cert">cert</option>
+<option value="mail/Drafts">Drafts</option>
+<option value="mail/filter">filter</option>
+<option value="mail/fun">fun</option>
+<option value="mail/kudos">kudos</option>
+<option value="mail/licenses">licenses</option>
+<option value="mail/perl">perl</option>
+<option value="mail/policy">policy</option>
+<option value="mail/printing">printing</option>
+<option value="mail/saved-messages">saved-messages</option>
+<option value="mail/security">security</option>
+<option value="mail/sent-mail">sent-mail</option>
+<option value="mail/sent-mail-aug-2001">sent-mail-aug-2001</option>
+<option value="mail/sent-mail-dec-2001">sent-mail-dec-2001</option>
+<option value="mail/sent-mail-oct-2001">sent-mail-oct-2001</option>
+<option value="mail/sent-mail-sep-2001">sent-mail-sep-2001</option>
+<option value="mail/silkymail">silkymail</option>
+<option value="mail/slash">slash</option>
+<option value="mail/test">test</option>
+<option value="mail/tin-whistle">tin-whistle</option>
+<option value="mail/Trash">Trash</option>
+<option value="mail/webfreak">webfreak</option>
+<option value="mail/webmaster">webmaster</option>
+<option value="mail/work">work</option>
+<option value="mail/x509">x509</option>
+        </select>
+        </form>
+    </td>
+    </tr>
+</table>
+
+</td>
+</tr>
+</table>
+<br />
+
+<script language="JavaScript" type="text/javascript">
+<!--
+
+function open_compose_win(args)
+{
+    var url = "/horde/imp/compose.php";
+    if (url.indexOf('?') == -1) glue = '?';
+    else glue = '&amp;';
+    var now = new Date();
+    var name = "compose_windows_" + now.getTime();
+    if (args != "") {
+        url = url + glue + args + "&amp;uniq=" + now.getTime();
+    } else {
+        url = url + glue + "uniq=" + now.getTime();
+    }
+    param 
= "toolbar=no,location=no,status=yes,scrollbars=yes,resizable=yes,width=700,hei
ght=650,left=0,top=0";
+    eval ("name = window.open(url, name, param)");
+    if (!eval("name.opener")) eval("name.opener = self");
+}
+
+// -->
+</script>
+</body>
+</html>