[RCD] [RCU] recurring problem at the level of authentication and total absence of log

fakessh fakessh at fakessh.eu
Wed Nov 25 19:56:41 CET 2009


On Wed, 25 Nov 2009 11:19:08 -0600, chasd <chasd at silveroaks.com> wrote:
>>
>> Research indicates that you referred me over file
>>
>> [root at r13151 www]# find . -name '*.php' -exec grep -l "header
>> ('Content-Type:" {} \;
> 
> The regular expression got broken to an additional line by my MUA.
> Make sure that regex is all on one line, and then run that command.
> 
> It looks like you'll also have to look for files that end in " .inc "  
> as well
> 
> find . -name '*.inc' -exec grep -l "header('Content-Type:" {} \;
> ./program/steps/addressbook/export.inc
> ./program/steps/mail/attachments.inc
> ./program/steps/mail/get.inc
> 
> 
>> exactly how it should change the file returned by the command  
>> quoted above
> 
> anywhere you see :
> 
> header('Content-Type: ***************);
> 
> put
> 
> header('Accept: text/xml');
> 
> on a line beneath it.
> I'm not sure if the Accept header should also include other mime types.
> Here is a random Accept: header from our Intranet :
> Accept:application/xml,application/xhtml+xml,text/html;q=0.9,text/ 
> plain;q=0.8,image/png,*/*;q=0.5
> 
> There are tools to see those headers, I used Safari's Web Inspector.
> 
> 
> Note the actual mime type sent via the Content-Type: header isn't  
> always the same :
> 
> find . -name '*.inc' -exec grep "header('Content-Type:" {} \;
> 
> header('Content-Type: text/x-vcard; charset='.RCMAIL_CHARSET);
>      header('Content-Type: ' . $attachment['mimetype']);
>    header('Content-Type: text/html; charset=' . RCMAIL_CHARSET);
> 
> find . -name '*.php' -exec grep "header('Content-Type:" {} \;
> 
> header('Content-Type: text/plain');
>                  header('Content-Type: text/html; charset=' . $this- 
>  >charset);
>              header('Content-Type: text/plain; charset=' . $this- 
>  >get_charset());
>    header('Content-Type: text/plain; charset=UTF-8');
>      header('Content-Type: text/css');
> 
> 
> RoundCube sends that Content-Type: header for every page, but it  
> sends other headers depending on what page or what data is being  
> sent. If you add the Accept: header at each point where the Content- 
> Type: header is sent, that should make mod_security happy.


I failed to operate roundcubemail with the changes indicated in your post
when mod_security is active

mod_security with in disabled state, the roundcubemail release 0.3.1
works well under CentOS 5.4 MacOS X 10.4 with Safari or Firefox: any
this with a PPC processor


changes indicated by you, are not sufficient or is not correct, at least
with mod_security for apache can not access the webmail

I still need your help and your advanced knowledge in the operation of
roundcube


thanks for your help

thanks
_______________________________________________
List info: http://lists.roundcube.net/dev/



More information about the Dev mailing list