[Web-cyradm] [bugs #8793] Infinite Redirection Error
Luc de Louw
noreply at savannah.nongnu.org
Tue Nov 30 19:17:46 CET 2004
This mail is an automated notification from the bugs tracker
of the project: web-cyradm.
/**************************************************************************/
[bugs #8793] Latest Modifications:
Changes by:
Luc de Louw <luc at delouw.ch>
'Date:
Die 30.11.2004 at 18:21 (Europe/Zurich)
What | Removed | Added
---------------------------------------------------------------------------
Severity | 5 - Average | 3 - Ordinary
Priority | 5 - Normal | 1 - Later
/**************************************************************************/
[bugs #8793] Full Item Snapshot:
URL: <http://savannah.nongnu.org/bugs/?func=detailitem&item_id=8793>
Project: web-cyradm
Submitted by: 0
On: Die 04.05.2004 at 13:14
Category: main
Severity: 3 - Ordinary
Priority: 1 - Later
Item Group: normal bugs
Resolution: Postponed
Privacy: Public
Assigned to: None
Originator Name: Lobotomia
Originator Email: lobotomia at tiscali.it
Status: Open
Release: 0.5.4
Platform Version: FreeBSD
Reproducibility: Every Time
Planned Release: 0.5.4
Cyrus IMAP version: 2.1.x
PHP version: 4.3
Database type: MySQL 4.0
Summary: Infinite Redirection Error
Original Submission: I have installed web-cyradm 0.5.4, I have create and edit config.php, when i try to connect to http://myserver/web-cyradm the browser (mozilla firefoxx or microsoft internet explorer) give me an error on maximum number of redirection.
How is possibile to resolve this problem?
Follow-up Comments
------------------
-------------------------------------------------------
Date: Don 04.11.2004 at 11:05 By: 0 <None>
Note that same check exists in header.php, so you have to patch it there too.
mg at fork.pl
-------------------------------------------------------
Date: Don 04.11.2004 at 11:00 By: 0 <None>
The common cause is using symlink to web-cyradm directory in apache configuration, ie. you have
d /www/web-cyradm-0.5.4-1
l /www/web-cyradm -> /www/web-cyradm-0.5.4-1
and put "/www/web-cyradm" in httpd.conf
The guily is following piece of code in session.php
$ref=WC_BASE."/index.php";
if ($ref!=$_SERVER['SCRIPT_FILENAME']){
header("Location: index.php");
WC_BASE is defined as
define('WC_BASE', dirname(__FILE__));
dirname gives path after referencing symlink, while _SERVER[] contains path before referencing symlink - in above case - they don't match.
This is "so called" security feature mentioned in changelog
"Added new security feature, only referer WC_BASE/index.php is allowed to call subsequent pages"
solution
- don't use symlinks
- remove the check from session.php
mg at fork.pl
-------------------------------------------------------
Date: Don 10.06.2004 at 22:53 By: 0 <None>
I have just run in to the same problem with a tarball downloaded 06/09/2004. I've tried with apache2, mod_php4/5 on FreeBSD current.
-------------------------------------------------------
Date: Fre 28.05.2004 at 13:36 By: 0 <None>
HEEELP the same problem ocurre even with the last CVS version 2004/05/28
-------------------------------------------------------
Date: Fre 21.05.2004 at 04:32 By: 0 <None>
Yep same problem here, using Redhat 9, sendmail, apache1.3...
-------------------------------------------------------
Date: Don 13.05.2004 at 15:31 By: 0 <None>
I've got the same problem
FreeBSD 4.9, MySQL 4.0, Apache2, PHP4.3.x.
Any solution ?
rainer at ultra-secure.de
For detailed info, follow this link:
<http://savannah.nongnu.org/bugs/?func=detailitem&item_id=8793>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
More information about the Web-cyradm
mailing list