[RCD] [RCU] recurring problem at the level of authentication and total absence of log

fakessh at fakessh.eu fakessh at fakessh.eu
Fri Nov 27 22:41:25 CET 2009


Le mercredi 25 novembre 2009 19:56, fakessh a écrit :
> On Wed, 25 Nov 2009 11:19:08 -0600, chasd <chasd at silveroaks.com> wrote:
> >> Research indicates that you referred me over file
> >>
> >> [root at r13151 www]# find . -name '*.php' -exec grep -l "header
> >> ('Content-Type:" {} \;
> >
> > The regular expression got broken to an additional line by my MUA.
> > Make sure that regex is all on one line, and then run that command.
> >
> > It looks like you'll also have to look for files that end in " .inc "
> > as well
> >
> > find . -name '*.inc' -exec grep -l "header('Content-Type:" {} \;
> > ./program/steps/addressbook/export.inc
> > ./program/steps/mail/attachments.inc
> > ./program/steps/mail/get.inc
> >
> >> exactly how it should change the file returned by the command
> >> quoted above
> >
> > anywhere you see :
> >
> > header('Content-Type: ***************);
> >
> > put
> >
> > header('Accept: text/xml');
> >
> > on a line beneath it.
> > I'm not sure if the Accept header should also include other mime types.
> > Here is a random Accept: header from our Intranet :
> > Accept:application/xml,application/xhtml+xml,text/html;q=0.9,text/
> > plain;q=0.8,image/png,*/*;q=0.5
> >
> > There are tools to see those headers, I used Safari's Web Inspector.
> >
> >
> > Note the actual mime type sent via the Content-Type: header isn't
> > always the same :
> >
> > find . -name '*.inc' -exec grep "header('Content-Type:" {} \;
> >
> > header('Content-Type: text/x-vcard; charset='.RCMAIL_CHARSET);
> >      header('Content-Type: ' . $attachment['mimetype']);
> >    header('Content-Type: text/html; charset=' . RCMAIL_CHARSET);
> >
> > find . -name '*.php' -exec grep "header('Content-Type:" {} \;
> >
> > header('Content-Type: text/plain');
> >                  header('Content-Type: text/html; charset=' . $this-
> >
> >  >charset);
> >
> >              header('Content-Type: text/plain; charset=' . $this-
> >
> >  >get_charset());
> >
> >    header('Content-Type: text/plain; charset=UTF-8');
> >      header('Content-Type: text/css');
> >
> >
> > RoundCube sends that Content-Type: header for every page, but it
> > sends other headers depending on what page or what data is being
> > sent. If you add the Accept: header at each point where the Content-
> > Type: header is sent, that should make mod_security happy.
>
> I failed to operate roundcubemail with the changes indicated in your post
> when mod_security is active
>
> mod_security with in disabled state, the roundcubemail release 0.3.1
> works well under CentOS 5.4 MacOS X 10.4 with Safari or Firefox: any
> this with a PPC processor
>
>
> changes indicated by you, are not sufficient or is not correct, at least
> with mod_security for apache can not access the webmail
>
> I still need your help and your advanced knowledge in the operation of
> roundcube
>
>
> thanks for your help
>
> thanks
> _______________________________________________
> List info: http://lists.roundcube.net/dev/



Hi all
Hi list 
Hi charles


here's nobody else who encounters the same problems with the release 0.3.1 and 
mod_security. here is the problem for tests ordered by Charles, we must stop 
roundcube and now I have three accounts running on production with roundcube 
disables mod_security


It bothers me to stop my webmail service for several hours


if anyone has a solution, an official patch



a good suggestion



thanks for all your


thanks
_______________________________________________
List info: http://lists.roundcube.net/dev/



More information about the Dev mailing list