#2762 404 on reload

pending-out-of-date
nobody
None
5
2011-08-27
2011-08-26
No

A user, who usually refreshes her inbox by clicking Refresh in Firefox (3.6.20 on Mac 10.6), reports a 404 error under certain circumstances, Clicking on "INBOX" usually fixes it. I haven't been able to reproduce exactly, but it appears to stem from code to recreate the right pane after an expired session. Apache logs show status codes and referrers:

"GET /src/webmail.php?right_frame=/src/right_main.php?mailbox=INBOX&sort=0&startMessage=1 HTTP/1.1" 200 272 "https://example.org/src/login.php"
"GET /src/left_main.php HTTP/1.1" 200 1456 "https://example.org/src/webmail.php?right_frame=/src/right_main.php?mailbox=INBOX&sort=0&startMessage=1"
"GET /src/%2Fsrc%2Fright_main.php%3Fmailbox%3DINBOX HTTP/1.1" 404
719 "https://example.org/src/webmail.php?right_frame=/src/right_main.php?mailbox=INBOX&sort=0&startMessage=1"

SquirrelMail 1.4.11. Attached patch removes the apparent cause, a surplus urlencode in the default case at the end of webmail.php. Possibly quotation marks should still be escaped.

Discussion

  • Cedric Knight

    Cedric Knight - 2011-08-26

    Remove unescape on SM1.4.11

     
  • Cedric Knight

    Cedric Knight - 2011-08-26

    bug 1685072 may be relevant.

     
  • Cedric Knight

    Cedric Knight - 2011-08-26

    User reports the fix works so far. More on the conditions precipitating it:
    "to give you a general idea of my use... my email IS my
    desktop - it is open ALWAYS, and I alternate between approximately 5 to 20
    tabs in firefox always - leaving the mailbox listing in this first tab,
    and opening tabs to check each mail and respond. So, yes, I leave it
    abandoned as I respond to the x mails I opened, then go back, and refresh.
    Could be 10 minutes, could be 2 hours. " Behaviour started a few weeks ago (the only conceivably relevant server change is openssl 0.9.8g to 0.9.8o) and there is no request from SquirrelMail to log in again.

     
  • Paul Lesniewski

    Paul Lesniewski - 2011-08-26

    Version 1.4.11 is many years old. Please upgrade to a new version and report if you still see this issue. (Note that there are many published security issues with version 1.4.11 - you are doing a disservice to your users by not upgrading and risking the security of your own systems.)

     
  • Paul Lesniewski

    Paul Lesniewski - 2011-08-26
    • status: open --> pending-out-of-date
     
  • Cedric Knight

    Cedric Knight - 2011-08-27
    • status: pending-out-of-date --> open
     
  • Cedric Knight

    Cedric Knight - 2011-08-27

    Thanks for the reminder about 1.4.11. (We're in the process of applying site-specific hacks to a Debian squeeze 1.4.21-2 installation.)

    However, I can see the bug still exists in the code in the SM-1_4-STABLE branch. I will try to replicate on 1.4.21, but as I say, I haven't replicated the user's experience as yet anyway.

     
  • Paul Lesniewski

    Paul Lesniewski - 2011-08-27
    • status: open --> pending-out-of-date
     
  • Paul Lesniewski

    Paul Lesniewski - 2011-08-27

    No, I believe you see that the code you changed is still the same in our repository, but it does not sound to me like you've tested it. There's plenty of code on the receiving end of the request being built there, and the handling of that URI may have changed. I can't reproduce this issue. If I could, I'd be happy to look in more detail and consider your patch. It'd be most helpful if you could test or help us reproduce against 1.4.22 or 1.4.23svn. Thanks.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks