#357 calling download.php without prior login results in download
Hi NOCC-Team,
in download.php the http headers are not correct, if a user is not logged in. You may call e.g.
https://nocc.some.domain/download.php
without logging in before and you will get a download box and not an error message in the browser.
In my installation I just moved the lines
$ev = "";
$pop = new nocc_imap($ev);
if (NoccException::isException($ev)) {
require ('./html/header.php');
require ('./html/error.php');
require ('./html/footer.php');
return;
}
$file = $pop->fetchbody($mail, $part, $ev);
if (NoccException::isException($ev)) {
require ('./html/header.php');
require ('./html/error.php');
require ('./html/footer.php');
return;
}
in front of the
// Set correct http headers.
part of the code. So, if a user is not logged in the connection fails and the error message is created before the http headers for a download are created.
Regards and Thanx for your great tool!
Oli
Thank you Oliver for the hint!
I fix it already in my local NOCC version, but have currently problems with commit it to CVS. :-(
Maybe a problem after SF.net migrates the CVS servers. I will try it tomorrow again.
Greetings,
Tim
Ok, commit the changes to CVS. So the next NOCC version will include this fix.
Thanks again Oliver!