Package: squirrelmail
Version: 1:1.2.6-2
Severity: normal
To reproduce:
1. Log in
2. Wait for time-out
3. Try to click on any link or refresh folder list
I have a default install of squirrelmail which I haven't modified. I have the
latest woody updates installed. At
installation time I specified for it to only be accessible through https. It
works fine except that after the
above steps all it will display is:
*** Output of web browser ***
Warning: Failed opening '/var/www/squirrelmail/functions/page_header.php' for
inclusion
(include_path='.:/usr/share/pear') in
/usr/share/squirrelmail/functions/display_messages.php on line 105
Warning: Failed opening '/var/www/squirrelmail/config/config.php' for inclusion
(include_path='.:/usr/share/pear') in
/usr/share/squirrelmail/functions/display_messages.php on line 108
Warning: Cannot add header information - headers already sent by (output
started at
/usr/share/squirrelmail/functions/display_messages.php:105) in
/usr/share/squirrelmail/functions/i18n.php on
line 720
Fatal error: Call to undefined function: displayhtmlheader() in
/usr/share/squirrelmail/functions/display_messages.php on line 145
*** End of browser output ***
What I'd expect to see would be a page telling me that the session had timed
out and offering to let me log back
in.
>From this it seems that the function logout_error is referencing the document
>root with variable $DOCUMENT_ROOT
rather than the actual location of the squirrelmail php files. Ie it is trying
to access:
/var/www/squirrelmail/functions/page_header.php
when actually the file is at
/usr/share/squirrelmail/functions/page_header.php
The line which sets $DOCUMENT_ROOT to this inappropriate value is commented
thus:
// fix by Thijs Kinkhorst for Debian Woody: set DOCUMENT_ROOT from
// _SERVER to prevent it being set through URI-manipulation.
// (Debian bug #292714)
$DOCUMENT_ROOT = $_SERVER['DOCUMENT_ROOT'];
So I guess the above line was a fix for a previous bug which unfortunately got
the wrong value.
All advice gratefully received,
Andrew.
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux www 2.4.18-bf2.4 #1 Son Apr 14 09:53:28 CEST 2002 i686
Locale: LANG=C, LC_CTYPE=C
Versions of packages squirrelmail depends on:
ii apache 1.3.26-0woody6 Versatile, high-performance HTTP s
ii apache-ssl 1.3.26.1+1.48-0woody3 Versatile, high-performance HTTP s
ii debconf 1.0.32 Debian configuration management sy
ii ispell 3.1.20-21.1 International Ispell (an interacti
ii perl 5.6.1-8.8 Larry Wall's Practical Extraction
ii php4 4:4.1.2-7.0.1 A server-side, HTML-embedded scrip
ii wwwconfig-common 0.0.19 Debian web auto configuration.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
