Hi all,
I've found an issue with viewing mail from the quarantined report.
When I click on the view link and I'm not logged in I get redirected to the login page, once I login the url gets modified replacing the & between token and id with & causing a forbidden message. If I manually correct it (once logged in) I am taken to the mail view, and if I place & back in the forbidden message returns.
Please can someone suggest what needs changing to fix this please!
EFA 3.0.2.3
viewmail.php forbidden
Re: viewmail.php forbidden
As a quick and dirty fix I've modified the checklogin.php file to replace the & with &
So on line 168 replace
header('Location: ' . sanitizeInput($redirect_url));
with
header('Location: ' . str_replace('&', '&', sanitizeInput($redirect_url)));
This works correctly on the quick tests I've done, hope it helps
So on line 168 replace
header('Location: ' . sanitizeInput($redirect_url));
with
header('Location: ' . str_replace('&', '&', sanitizeInput($redirect_url)));
This works correctly on the quick tests I've done, hope it helps
Re: viewmail.php forbidden
Hi monsi,
Helps a lot indeed
before the change:
after the change:
Helps a lot indeed
before the change:
Code: Select all
https://eatspam.sinkhole.eu/mailscanner/viewmail.php?token=f595a4832fd0e0cbb8211933ede8f278aa17fbfe&id=A4CF9120245.ACCCD
Code: Select all
https://eatspam.sinkhole.eu/mailscanner/viewmail.php?token=f595a4832fd0e0cbb8211933ede8f278aa17fbfe&id=A4CF9120245.ACCCD
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact: