efa-project.org


https://forum.efa-project.org/

viewmail.php forbidden

https://forum.efa-project.org/viewtopic.php?t=2447

Page 1 of 1

viewmail.php forbidden

Posted: 06 Jun 2017 09:42
by monsi
Hi all,

I've found an issue with viewing mail from the quarantined report.

When I click on the view link and I'm not logged in I get redirected to the login page, once I login the url gets modified replacing the & between token and id with & causing a forbidden message. If I manually correct it (once logged in) I am taken to the mail view, and if I place & back in the forbidden message returns.

Please can someone suggest what needs changing to fix this please!

EFA 3.0.2.3

Re: viewmail.php forbidden

Posted: 06 Jun 2017 10:35
by monsi
As a quick and dirty fix I've modified the checklogin.php file to replace the & with &

So on line 168 replace

header('Location: ' . sanitizeInput($redirect_url));

with

header('Location: ' . str_replace('&', '&', sanitizeInput($redirect_url)));

This works correctly on the quick tests I've done, hope it helps :)

Re: viewmail.php forbidden

Posted: 07 Jun 2017 21:11
by henk
Hi monsi,

Helps a lot indeed :clap:
before the change:

Code: Select all

https://eatspam.sinkhole.eu/mailscanner/viewmail.php?token=f595a4832fd0e0cbb8211933ede8f278aa17fbfe&id=A4CF9120245.ACCCD
after the change:

Code: Select all

https://eatspam.sinkhole.eu/mailscanner/viewmail.php?token=f595a4832fd0e0cbb8211933ede8f278aa17fbfe&id=A4CF9120245.ACCCD

Re: viewmail.php forbidden

Posted: 07 Jun 2017 22:20
by shawniverson
https://github.com/E-F-A/v3/issues/372
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited