Ticket #1485952 (closed Patches: fixed)

Opened 9 months ago

Last modified 5 months ago

Login page loaded into iframes (preview/addressbook)

Reported by: rosali Owned by:
Priority: 5 Milestone: 0.3.1
Component: Client Scripts Version: svn-trunk
Severity: minor Keywords:
Cc:

Description

If the session is invalid or killed (f.e. by plugin $rcmail->kill_session) the login page is loaded into roundcube's iframes.

Attachments

rc_logout_frame.r3024.patch (1.1 KB) - added by JohnDoh 5 months ago.

Change History

Changed 5 months ago by JohnDoh

Changed 5 months ago by JohnDoh

  • type changed from Bugs to Patches

attach patch fixes this issue and also a related bug:

If you are no longer logged in and RC checks for new email it returns server not found error, this is becuase it cannot verify the X-RoundCube-Request when there is no session. Checking for a user gets round this and will always result in being logged out so I dont think it is a securty risk.

Changed 5 months ago by alec

  • status changed from new to closed
  • resolution set to fixed

Patch applied in r3040.

Note: See TracTickets for help on using tickets.