Hi there,
Out of interest.
Is there a specific reason why roundcube uses two cookies: sessid and
sessauth?
I understand sessauth is used in the DB backend, but why isnt the
ID/UID used that is returned by start_session (sessid)
Kind regards, Sean
Sean N. Heukels wrote:
My bad for <1> : ahum, a file is being
ment
Sean N. Heukels wrote:
Found something strange in the code about error logging
<1>
in main.inc the errors directory is defined, but this directory does
not exist. Does PHP complain about this?
// set PHP error logging according to config
if ($conf['debug_level'] & 1)
{
ini_set('log_errors', 1);
ini_set('error_log', $conf['log_dir'].'/errors');
}
<2>
In .htaccess in the root of roundcube there is a deny/allow statement
for *.inc (suffix as .inc). Does this mean that if a user would know
the directory format that he/she would be able to read/execute other
file formats under the directory structure. For example files with the
suffix php or log?
Kind regards, Sean