[pkg-horde] Bug#629006: horde3: Notice "Undefined index: token_lifetime" when saving options. Saving option fails.
Morten M Neergaard
m-debian at 8d.no
Thu Jun 2 22:17:01 UTC 2011
Package: horde3
Version: 3.3.8+debian0-2
Severity: normal
Tags: patch
Using Horde3+IMP4. When saving options, the horde checks the cross-site
request forgery option related option ['server']['token_lifetime']. It
does so under the wrong config section, however; it testes
['urls']['token_lifetime']
This gives two lines of notices when attempting save, and settings are
not saved.
Notices given:
( ! ) Notice: Undefined index: token_lifetime in
/usr/share/horde3/lib/Horde.php on line 339
Call Stack
# Time Memory Function Location
1 0.0007 748272 {main}( ) ../prefs.php:0
2 0.1896 14471576 Prefs_UI::handleForm( ) ../prefs.php:153
3 0.1897 14472472 Horde::checkRequestToken( ) ../UI.php:70
( ! ) Notice: Undefined index: token_lifetime in
/usr/share/horde3/lib/Horde.php on line 340
Call Stack
# Time Memory Function Location
1 0.0007 748272 {main}( ) ../prefs.php:0
2 0.1896 14471576 Prefs_UI::handleForm( ) ../prefs.php:153
3 0.1897 14472472 Horde::checkRequestToken( ) ../UI.php:70
-- System Information:
Debian Release: 6.0.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages horde3 depends on:
ii apache2 2.2.16-6+squeeze1 Apache HTTP Server metapackage
ii apache2-mpm-prefork [h 2.2.16-6+squeeze1 Apache HTTP Server - traditional n
ii libjs-scriptaculous 1.8.3-1 JavaScript library for dynamic web
ii php-log 1.12.0-1 log module for PEAR
ii php-mail 1.2.0-2 PHP PEAR module for sending email
ii php-mail-mime 1.8.0-2 PHP PEAR module for creating MIME
ii php5-cgi 5.3.3-7+squeeze1 server-side, HTML-embedded scripti
ii php5-gd 5.3.3-7+squeeze1 GD module for php5
ii php5-mcrypt 5.3.3-7+squeeze1 MCrypt module for php5
Versions of packages horde3 recommends:
ii fckeditor 1:2.6.6-1 rich text format javascript web ed
ii locales 2.11.2-10 Embedded GNU C Library: National L
ii logrotate 3.7.8-6 Log rotation utility
ii php-date 1.4.7-1 PHP PEAR module for date and time
ii php-db 1.7.13-2 PHP PEAR Database Abstraction Laye
ii php-file 1.3.0-1 PHP Pear modules for common file a
ii php-mdb2 2.5.0b2-1 PHP PEAR module to provide a commo
ii php-mdb2-driver-mysql 1.5.0b2-1 PHP PEAR module to provide a MySQL
ii php-mdb2-driver-pgsql 1.5.0b2-1 PHP PEAR module to provide a Postg
ii php-mdb2-driver-sqlite 1.5.0b2-1 PHP PEAR module to provide a SQLit
ii php-services-weather 1.4.2-2 acts as an interface to various on
ii php5-cli 5.3.3-7+squeeze1 command-line interpreter for the p
ii php5-ldap 5.3.3-7+squeeze1 LDAP module for php5
ii php5-mysql 5.3.3-7+squeeze1 MySQL module for php5
ii php5-pgsql 5.3.3-7+squeeze1 PostgreSQL module for php5
ii tinymce 3.3.8+dfsg0-0.1 platform independent web based Jav
ii tinymce2 2.1.3-1 platform independent web based Jav
Versions of packages horde3 suggests:
pn chora2 <none> (no description available)
pn enscript <none> (no description available)
ii gettext 0.18.1.1-3 GNU Internationalization utilities
pn gollem <none> (no description available)
ii imp4 4.3.7+debian0-2.1 webmail component for horde framew
pn kronolith2 <none> (no description available)
ii libgeoip1 1.4.7~beta6+dfsg-1 A non-DNS IP-to-country resolver l
pn libwpd-tools <none> (no description available)
pn mnemo2 <none> (no description available)
pn php-net-imap <none> (no description available)
pn php5-auth-pam <none> (no description available)
ii php5-common [php5-mha 5.3.3-7+squeeze1 Common files for packages built fr
pn ppthtml <none> (no description available)
ii rpm 4.8.1-6 package manager for RPM
pn source-highlight <none> (no description available)
ii turba2 2.3.4+debian0-1 contact management component for h
ii unrtf 0.19.3-1.1+b1 RTF to other formats converter
pn webcpp <none> (no description available)
pn wv <none> (no description available)
ii xlhtml 0.5.1-6 A program for converting Microsoft
-- Configuration Files:
/etc/horde/horde3/.htaccess [Errno 13] Permission denied: u'/etc/horde/horde3/.htaccess'
/etc/horde/horde3/conf.php [Errno 13] Permission denied: u'/etc/horde/horde3/conf.php'
/etc/horde/horde3/conf.xml [Errno 13] Permission denied: u'/etc/horde/horde3/conf.xml'
/etc/horde/horde3/hooks.php [Errno 13] Permission denied: u'/etc/horde/horde3/hooks.php'
/etc/horde/horde3/mime_drivers.php [Errno 13] Permission denied: u'/etc/horde/horde3/mime_drivers.php'
/etc/horde/horde3/motd.php [Errno 13] Permission denied: u'/etc/horde/horde3/motd.php'
/etc/horde/horde3/nls.php [Errno 13] Permission denied: u'/etc/horde/horde3/nls.php'
/etc/horde/horde3/prefs.php [Errno 13] Permission denied: u'/etc/horde/horde3/prefs.php'
/etc/horde/horde3/registry.d/README [Errno 13] Permission denied: u'/etc/horde/horde3/registry.d/README'
/etc/horde/horde3/registry.php [Errno 13] Permission denied: u'/etc/horde/horde3/registry.php'
-- no debconf information
-------------- next part --------------
--- /usr/share/horde3/lib/Horde.php 2010-11-09 01:07:06.000000000 +0100
+++ /tmp/Horde.php 2011-06-03 00:04:46.000000000 +0200
@@ -336,8 +336,8 @@
return PEAR::raiseError(_("We cannot verify that this request was really sent by you. It could be a malicious request. If you intended to perform this action, you can retry it now."));
}
- if (($_SESSION['horde_form_secrets'][$token] + $GLOBALS['conf']['urls']['token_lifetime'] * 60) < time()) {
- return PEAR::raiseError(sprintf(_("This request cannot be completed because the link you followed or the form you submitted was only valid for %s minutes. Please try again now."), $GLOBALS['conf']['urls']['token_lifetime']));
+ if (($_SESSION['horde_form_secrets'][$token] + $GLOBALS['conf']['server']['token_lifetime'] * 60) < time()) {
+ return PEAR::raiseError(sprintf(_("This request cannot be completed because the link you followed or the form you submitted was only valid for %s minutes. Please try again now."), $GLOBALS['conf']['server']['token_lifetime']));
}
return true;
More information about the pkg-horde-hackers
mailing list