viewmail.php forbidden

Report bugs and workarounds
Post Reply
monsi
Posts: 2
Joined: 06 Jun 2017 09:11

viewmail.php forbidden

Post by monsi »

Hi all,

I've found an issue with viewing mail from the quarantined report.

When I click on the view link and I'm not logged in I get redirected to the login page, once I login the url gets modified replacing the & between token and id with & causing a forbidden message. If I manually correct it (once logged in) I am taken to the mail view, and if I place & back in the forbidden message returns.

Please can someone suggest what needs changing to fix this please!

EFA 3.0.2.3
monsi
Posts: 2
Joined: 06 Jun 2017 09:11

Re: viewmail.php forbidden

Post by monsi »

As a quick and dirty fix I've modified the checklogin.php file to replace the & with &

So on line 168 replace

header('Location: ' . sanitizeInput($redirect_url));

with

header('Location: ' . str_replace('&', '&', sanitizeInput($redirect_url)));

This works correctly on the quick tests I've done, hope it helps :)
henk
Posts: 517
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: viewmail.php forbidden

Post by henk »

Hi monsi,

Helps a lot indeed :clap:
before the change:

Code: Select all

https://eatspam.sinkhole.eu/mailscanner/viewmail.php?token=f595a4832fd0e0cbb8211933ede8f278aa17fbfe&id=A4CF9120245.ACCCD
after the change:

Code: Select all

https://eatspam.sinkhole.eu/mailscanner/viewmail.php?token=f595a4832fd0e0cbb8211933ede8f278aa17fbfe&id=A4CF9120245.ACCCD
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: viewmail.php forbidden

Post by shawniverson »

Post Reply