#1484510 closed Bugs (fixed)
R668 - index.php is not working ok...
| Reported by: | Reload | Owned by: | till |
|---|---|---|---|
| Priority: | 8 | Milestone: | |
| Component: | Client Scripts | Version: | git-master |
| Severity: | major | Keywords: | |
| Cc: |
Description
When I apply r668 to my server I'm unable to view
any sub folder. The main folder is shown the first
time. After that any folder I click on is presentet
empty... After a restore of index.php to pre 668
I'm able to work again....
Change History (11)
comment:1 Changed 6 years ago by till
- Owner set to till
- Status changed from new to assigned
comment:2 Changed 6 years ago by thomasb
- Resolution set to duplicate
- Status changed from assigned to closed
Duplicate of #1484508
comment:3 Changed 6 years ago by Reload
- Resolution duplicate deleted
- Status changed from closed to reopened
R675 did not solve the problem.
Also selecting multiple mail's and moving them to
another folder or deleting them isn't working.
comment:4 Changed 6 years ago by thomasb
Please give us more details about your environment. What platform, Webserver, PHP version do you run?
comment:5 Changed 6 years ago by Reload
My webhoster is running the following config:
Operating system Linux Kernel version 2.6.9-34.ELsmp Machine Type i686 Apache version 1.3.37 (Unix) PERL version 5.8.7 Path to PERL /usr/bin/perl Path to sendmail /usr/sbin/sendmail PHP version 4.4.6 MySQL version 5.0.24-standard-log cPanel Build 10.9.0-STABLE 13517 Theme cPanel X v2.5.0 cPanel Pro 1.0 (RC36)
comment:6 Changed 6 years ago by thomasb
Works for me with PHP 4.4.7 on Apache 1.3.33. Somehow the X-RoundCube-Referer header is not copied to $_SERVER. Looks like we need to make this configurable.
comment:7 Changed 6 years ago by knuckles
I am currently running Trunk 695 under the following:
2.6.22.1-41.fc7
Apache 2.2.4
Perl 5.8.8
PHP 5.2.3
MySQL 5.0.45
This also occurs on my sandbox CentOS 4.5 server with PHP 5.1.6 and Apache 2.
Moving multiple messages to a folder does not function as of SVN ~680. Moving a single message works without issue. Selecting multiple messages, dragging them, and dropping them in a folder produces no result. It also produces no errors in the error_log.
comment:8 Changed 6 years ago by andrei53
As thomasb pointed out, X-RoundCube-Referer header is not copied to $_SERVER, because in the client script:
this.xmlhttp.setRequestHeader('X-RoundCube-Referer', bw.get_cookie('sessid'));
this converts the "X-RoundCube-Referer" to lowercase - "x-roundcube-webmail". This happens in IE7.
Is this http header is really necessary?
comment:9 Changed 6 years ago by andrei53
see previos comment - the result is that all AJAX calls fail.
This was introduced in 668. Removing these lines solves the issue.
if ($OUTPUT->ajax_call)
{
if (empty($CONFIGdevel_mode?) && !rc_request_header('X-RoundCube-Referer'))
{
header('HTTP/1.1 404 Not Found');
die("Invalid Request");
}
}
comment:10 Changed 6 years ago by thomasb
- Resolution set to fixed
- Status changed from reopened to closed
This HTTP header was introduced to make sure that GET requests (to fetch data) are really sent by the RoundCube client and not a website that uses <script src="...">. This should fix an XSS vulnerability reported by JPCERT.
The following patch solved the problem: #1484523
comment:11 Changed 6 years ago by Reload
Thanks Thomasb the problem was solved with R740 :-D
Are you running php as cgi?