[imp] Re: Hanging on redirect.php due to overlong URL (+165 chars) in IE

Eli eli-list at experthost.com
Wed Apr 20 12:17:03 PDT 2005 

I've re-encountered this bug while using IE again but this time it was
normal operations causing it.

Because the entire set of IMAP server settings are passed as a GET request,
the URL becomes too long for IE to handle in a Refresh header, thus the
browser just sits at a blank page with a URL pointing to the redirect.php
file.  Changing the Refresh header lines in redirect.php to Location headers
fixes the problem.

I was told that the use of Refresh headers is because of some SSL thing - so
I tested with an https URL and using Location headers did not see any
problems?

(top posting just because this thread is old).

> -----Original Message-----
> From: imp-bounces at lists.horde.org 
> [mailto:imp-bounces at lists.horde.org] On Behalf Of Eli
> Sent: Monday, March 28, 2005 6:22 PM
> To: imp at lists.horde.org
> Subject: [imp] Hanging on redirect.php due to overlong URL 
> (+165 chars) in IE
> 
> 
> I have apparently discovered (not that nobody else may have 
> already known
> this) that IE (6, latest w/patches in WinXP) is apparently 
> exhibiting a 165
> character limit when using a Refresh: header
> 
> In redirect.php, I modified line 170 from:
> 
> header('Refresh: 0; URL=' . $url);
> 
> to:
> 
> header('Location: ' . $url);
> 
> and it seems to have fixed a problem I was experiencing.  The 
> problem was
> that if if the URL was longer than 165 characters, IE would 
> not honor the
> Refresh: header and just hang.  Once using the Location: header, IE
> redirects properly and functions fine.
> 
> Apparently the Refresh: header is used to avoid warnings in 
> IE when using
> the "login with SSL" feature or whatever, so my question 
> is... Why are all
> the credentials such as username, server, etc... All passed 
> back via GET if
> such a limit could be hit rather easily.  On one account, I 
> was merely 10 or
> so characters away from hitting this problem - and I know 
> there are domains
> with much longer names than mine.
> 
> It would require a substantial change I think, but could all 
> the server info
> be saved in the $_SESSION info instead?  Has anyone else had 
> this problem?
> 
> Eli. 
> 
> 
> -- 
> IMP mailing list - Join the hunt: http://horde.org/bounties/#imp
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: imp-unsubscribe at lists.horde.org
>

More information about the imp mailing list