[imp] imp expire - login error
horde at abismo.org
horde at abismo.org
Mon Mar 29 08:02:13 PST 2004
Good Afternoon
I reported this error in Dec 2002 and was quite surprised at finding it
still in the latest RELENG_3 version. At the time, no one sent any
feedback.
I was even more surprised (and happy ;) ) that my dirty fix still works.
Could someone please have a look and comment (patch file included)?
###### Setup: ######
Webmail server setup, masking horde name to imp:
horde-2.2.4_2
imp-3.2.2_1
turba-1.2.1_1
Apache conf:
DocumentRoot PATH/www/horde/imp
Alias /horde/ PATH/www/horde/
Alias /imp/ PATH/www/horde/imp/
Alias /turba/ PATH/www/horde/turba/
###### Description: ######
If your session expires and you try accessing Turba / were in Turba
section, you are unable to logon using the resulting logon page.
###### Steps to Replicate: ######
+ Logon
+ Access Turba
+ Delete ticket (via sql delete ...)
+ reload page / press inbox
expired page given...
+ Try logon on that page -> always session timeout
###### What the patch does ######
Rerwrites the wrong session_id received via web access
The fix is dirty as it:
* redirects the user to the simplest form of the service (in my case,
imp)
* most probably the very worst way to deal with the problem
best regards
--
No one so thoroughly appreciates the value of constructive criticism as the
one who's giving it.
-- Hal Chadwick
---
Jose' Carlos
-------------- next part --------------
--- redirect.php.dist Mon Mar 29 16:40:46 2004
+++ redirect.php Mon Mar 29 16:41:12 2004
@@ -106,6 +106,9 @@
if (Horde::getFormData('url')) {
$url = Horde::getFormData('url');
$url = IMP::addParameter($url, 'actionID=' . $actionID);
+ $pattern = session_name() . "=\w+";
+ $replacement = session_name() . "=" . session_id();
+ $url = preg_replace("($pattern)",$replacement, $url);
} else {
$url = _getInitialUrl($actionID);
}
More information about the imp
mailing list