Reindl Harald h.reindl@thelounge.net schrieb am 09.04.19 um 11:16:20 Uhr:
What happend here that all of the sudden I don't have a working roundcube anymore? Where does this CSRF problem come from? I just upgraded to version 1.3.9 and the problem remains.
This just happens every once in a while, and nobody has a good answer. Our users certainly don't know what to do. They call us, we don't know what to do. I started disabling the CSRF protection entirely:
- Open program/lib/Roundcube/rcube.php 2. Search for "public
function check_request" 3. Have it always return true.
I fear I don't know how to do that. I don't know much about PHP if at all.
just write "return true;" as first line after the function definition, it's that easy
public function check_request($mode = rcube_utils::INPUT_POST) { return true; }
like so and comment out the rest of the function? Must be wrong, get a blank page.
Andreas
STOP SENDING THIS RUBBISH!!!!!!!!!!!!!!!!
_Thank you,_
_Kind regards,_
laky J
_director/executive Chef_
WEBSITE: www.handcraftedcuisine.com.au
MOBILE: +61468681891
EMAIL: bookings@handcraftedcuisine.com.au
On 2019-04-09 19:32, Andreas Meyer wrote:
Reindl Harald h.reindl@thelounge.net schrieb am 09.04.19 um 11:16:20 Uhr:
What happend here that all of the sudden I don't have a working roundcube anymore? Where does this CSRF problem come from? I just upgraded to version 1.3.9 and the problem remains.
This just happens every once in a while, and nobody has a good answer. Our users certainly don't know what to do. They call us, we don't know what to do. I started disabling the CSRF protection entirely:
- Open program/lib/Roundcube/rcube.php 2. Search for "public
function check_request" 3. Have it always return true.
I fear I don't know how to do that. I don't know much about PHP if
at all.
just write "return true;" as first line after the function definition,
it's that easy
public function check_request($mode = rcube_utils::INPUT_POST)
{ return true; }
like so and comment out the rest of the function? Must be wrong, get a blank page.
Andreas
oh my god!
Bye
handcrafted cusine bookings@handcraftedcuisine.com.au schrieb am 09.04.19 um 19:39:19 Uhr:
STOP SENDING THIS RUBBISH!!!!!!!!!!!!!!!!
_Thank you,_
_Kind regards,_
laky J
_director/executive Chef_
WEBSITE: www.handcraftedcuisine.com.au
MOBILE: +61468681891
EMAIL: bookings@handcraftedcuisine.com.au
On 2019-04-09 19:32, Andreas Meyer wrote:
Reindl Harald h.reindl@thelounge.net schrieb am 09.04.19 um 11:16:20 Uhr:
What happend here that all of the sudden I don't have a working roundcube anymore? Where does this CSRF problem come from? I just upgraded to version 1.3.9 and the problem remains.
This just happens every once in a while, and nobody has a good answer. Our users certainly don't know what to do. They call us, we don't know what to do. I started disabling the CSRF protection entirely:
- Open program/lib/Roundcube/rcube.php 2. Search for "public
function check_request" 3. Have it always return true.
I fear I don't know how to do that. I don't know much about PHP if at all.
just write "return true;" as first line after the function definition, it's that easy public function check_request($mode = rcube_utils::INPUT_POST) { return true; }like so and comment out the rest of the function? Must be wrong, get a blank page.
Andreas
On 4/9/19 5:32 AM, Andreas Meyer wrote:
public function check_request($mode = rcube_utils::INPUT_POST) { return true; }
like so and comment out the rest of the function? Must be wrong, get a blank page.
You probably have a typo, that's the way to do it.
- Andreas Meyer:
handcrafted cusine bookings@handcraftedcuisine.com.au schrieb am 09.04.19 um 19:39:19 Uhr [...]
Just add these guys to your mail killfile. Months ago, I explained to them how to get off this mailing list (as my good deed for the day), but it looks like they are still around. While they don't know much about mailing lists, they are apparently into creating culinary masterpieces from scratch, which is commendable. ;-)
-Ralph
Michael Orlitzky michael@orlitzky.com schrieb am 09.04.19 um 08:16:29 Uhr:
On 4/9/19 5:32 AM, Andreas Meyer wrote:
public function check_request($mode = rcube_utils::INPUT_POST) { return true; }
like so and comment out the rest of the function? Must be wrong, get a blank page.
You probably have a typo, that's the way to do it.
Guys, I'm sorry but I don't get it. I made it like this
public function check_request($mode = rcube_utils::INPUT_POST)
{ return true;
// check secure token in URL if enabled
if ($token = $this->get_secure_url_token()) {
foreach (explode('/', preg_replace('/[?#&].*$/', '', $_SERVER['REQUEST_URI'])) as $tok) {
if ($tok == $token) {
return true;
}
}
$this->request_status = self::REQUEST_ERROR_URL;
return false;
}
....
and can logout now but the problem with the empty mailfolders and the not chooseable preferences remains.
Kind regards
Andreas
Michael Orlitzky michael@orlitzky.com schrieb am 09.04.19 um 08:16:29 Uhr:
On 4/9/19 5:32 AM, Andreas Meyer wrote:
public function check_request($mode = rcube_utils::INPUT_POST) { return true; }
like so and comment out the rest of the function? Must be wrong, get a blank page.
You probably have a typo, that's the way to do it.
Finally found out what caused the problems with not being able to logout and not showing menus anymore in roundcube.
In httpd.conf I had set
Header set X-XSS-Protection "1; mode=block" Header always set X-Frame-Options "sameorigin" Header set X-Content-Type-Options nosniff Header set X-Permitted-Cross-Domain-Policies "none" #Header always set Referrer-Policy "same-origin" Header always set Referrer-Policy "no-referrer"
Commenting out Header set X-Content-Type-Options nosniff solved all the problems.
Thank you everybody!
Andreas
-
Andreas Meyer -
handcrafted cusine -
Michael Orlitzky -
Ralph Seichter