[pkg-horde] Bug#629006: horde3: Notice "Undefined index: token_lifetime" when saving options. Saving option fails.

Morten M Neergaard m-debian at 8d.no
Thu Jun 2 22:17:01 UTC 2011 

Package: horde3
Version: 3.3.8+debian0-2
Severity: normal
Tags: patch


Using Horde3+IMP4. When saving options, the horde checks the cross-site
request forgery option related option ['server']['token_lifetime']. It
does so under the wrong config section, however; it testes
['urls']['token_lifetime']

This gives two lines of notices when attempting save, and settings are
not saved.

Notices given:

( ! ) Notice: Undefined index: token_lifetime in
/usr/share/horde3/lib/Horde.php on line 339
Call Stack
#       Time    Memory  Function        Location
1       0.0007  748272  {main}( )       ../prefs.php:0
2       0.1896  14471576        Prefs_UI::handleForm( ) ../prefs.php:153
3       0.1897  14472472        Horde::checkRequestToken( )     ../UI.php:70

( ! ) Notice: Undefined index: token_lifetime in
/usr/share/horde3/lib/Horde.php on line 340
Call Stack
#       Time    Memory  Function        Location
1       0.0007  748272  {main}( )       ../prefs.php:0
2       0.1896  14471576        Prefs_UI::handleForm( ) ../prefs.php:153
3       0.1897  14472472        Horde::checkRequestToken( )     ../UI.php:70

-- System Information:
Debian Release: 6.0.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages horde3 depends on:
ii  apache2                2.2.16-6+squeeze1 Apache HTTP Server metapackage
ii  apache2-mpm-prefork [h 2.2.16-6+squeeze1 Apache HTTP Server - traditional n
ii  libjs-scriptaculous    1.8.3-1           JavaScript library for dynamic web
ii  php-log                1.12.0-1          log module for PEAR
ii  php-mail               1.2.0-2           PHP PEAR module for sending email
ii  php-mail-mime          1.8.0-2           PHP PEAR module for creating MIME 
ii  php5-cgi               5.3.3-7+squeeze1  server-side, HTML-embedded scripti
ii  php5-gd                5.3.3-7+squeeze1  GD module for php5
ii  php5-mcrypt            5.3.3-7+squeeze1  MCrypt module for php5

Versions of packages horde3 recommends:
ii  fckeditor               1:2.6.6-1        rich text format javascript web ed
ii  locales                 2.11.2-10        Embedded GNU C Library: National L
ii  logrotate               3.7.8-6          Log rotation utility
ii  php-date                1.4.7-1          PHP PEAR module for date and time 
ii  php-db                  1.7.13-2         PHP PEAR Database Abstraction Laye
ii  php-file                1.3.0-1          PHP Pear modules for common file a
ii  php-mdb2                2.5.0b2-1        PHP PEAR module to provide a commo
ii  php-mdb2-driver-mysql   1.5.0b2-1        PHP PEAR module to provide a MySQL
ii  php-mdb2-driver-pgsql   1.5.0b2-1        PHP PEAR module to provide a Postg
ii  php-mdb2-driver-sqlite  1.5.0b2-1        PHP PEAR module to provide a SQLit
ii  php-services-weather    1.4.2-2          acts as an interface to various on
ii  php5-cli                5.3.3-7+squeeze1 command-line interpreter for the p
ii  php5-ldap               5.3.3-7+squeeze1 LDAP module for php5
ii  php5-mysql              5.3.3-7+squeeze1 MySQL module for php5
ii  php5-pgsql              5.3.3-7+squeeze1 PostgreSQL module for php5
ii  tinymce                 3.3.8+dfsg0-0.1  platform independent web based Jav
ii  tinymce2                2.1.3-1          platform independent web based Jav

Versions of packages horde3 suggests:
pn  chora2                <none>             (no description available)
pn  enscript              <none>             (no description available)
ii  gettext               0.18.1.1-3         GNU Internationalization utilities
pn  gollem                <none>             (no description available)
ii  imp4                  4.3.7+debian0-2.1  webmail component for horde framew
pn  kronolith2            <none>             (no description available)
ii  libgeoip1             1.4.7~beta6+dfsg-1 A non-DNS IP-to-country resolver l
pn  libwpd-tools          <none>             (no description available)
pn  mnemo2                <none>             (no description available)
pn  php-net-imap          <none>             (no description available)
pn  php5-auth-pam         <none>             (no description available)
ii  php5-common [php5-mha 5.3.3-7+squeeze1   Common files for packages built fr
pn  ppthtml               <none>             (no description available)
ii  rpm                   4.8.1-6            package manager for RPM
pn  source-highlight      <none>             (no description available)
ii  turba2                2.3.4+debian0-1    contact management component for h
ii  unrtf                 0.19.3-1.1+b1      RTF to other formats converter
pn  webcpp                <none>             (no description available)
pn  wv                    <none>             (no description available)
ii  xlhtml                0.5.1-6            A program for converting Microsoft

-- Configuration Files:
/etc/horde/horde3/.htaccess [Errno 13] Permission denied: u'/etc/horde/horde3/.htaccess'
/etc/horde/horde3/conf.php [Errno 13] Permission denied: u'/etc/horde/horde3/conf.php'
/etc/horde/horde3/conf.xml [Errno 13] Permission denied: u'/etc/horde/horde3/conf.xml'
/etc/horde/horde3/hooks.php [Errno 13] Permission denied: u'/etc/horde/horde3/hooks.php'
/etc/horde/horde3/mime_drivers.php [Errno 13] Permission denied: u'/etc/horde/horde3/mime_drivers.php'
/etc/horde/horde3/motd.php [Errno 13] Permission denied: u'/etc/horde/horde3/motd.php'
/etc/horde/horde3/nls.php [Errno 13] Permission denied: u'/etc/horde/horde3/nls.php'
/etc/horde/horde3/prefs.php [Errno 13] Permission denied: u'/etc/horde/horde3/prefs.php'
/etc/horde/horde3/registry.d/README [Errno 13] Permission denied: u'/etc/horde/horde3/registry.d/README'
/etc/horde/horde3/registry.php [Errno 13] Permission denied: u'/etc/horde/horde3/registry.php'

-- no debconf information
-------------- next part --------------
--- /usr/share/horde3/lib/Horde.php	2010-11-09 01:07:06.000000000 +0100
+++ /tmp/Horde.php	2011-06-03 00:04:46.000000000 +0200
@@ -336,8 +336,8 @@
             return PEAR::raiseError(_("We cannot verify that this request was really sent by you. It could be a malicious request. If you intended to perform this action, you can retry it now."));
         }
 
-        if (($_SESSION['horde_form_secrets'][$token] + $GLOBALS['conf']['urls']['token_lifetime'] * 60) < time()) {
-            return PEAR::raiseError(sprintf(_("This request cannot be completed because the link you followed or the form you submitted was only valid for %s minutes. Please try again now."), $GLOBALS['conf']['urls']['token_lifetime']));
+        if (($_SESSION['horde_form_secrets'][$token] + $GLOBALS['conf']['server']['token_lifetime'] * 60) < time()) {
+            return PEAR::raiseError(sprintf(_("This request cannot be completed because the link you followed or the form you submitted was only valid for %s minutes. Please try again now."), $GLOBALS['conf']['server']['token_lifetime']));
         }
 
         return true;

More information about the pkg-horde-hackers mailing list