On 2018年10月31日 10:06, James B. Byrne via squirrelmail-users wrote:
>
>
> On Wed, October 31, 2018 11:45, James B. Byrne via squirrelmail-users
> wrote:
>> This is ridiculous. I cannot compose a message of any reasonable
>> length in a separate window in SM without getting a security error
>> when I try and send.
>>
>> SquirrelMail version 1.4.23 [SVN]
>> By the SquirrelMail Project Team
>> ERROR
>> The current page request appears to have originated from an untrusted
>> source.
>> Go to the login page
>>
>>
>> When I try to recover the message contents and go back to the previous
>> page I get this:
>>
>> Document Expired
>>
>> This document is no longer available.
>>
>> The requested document is not available in Firefox’s cache.
>>
>> As a security precaution, Firefox does not automatically
>> re-request sensitive documents.
>> Click Try Again to re-request the document from the website.
>>
>> Where is this 'FEATURE'? configured and how do I turn it off?
>>
>>
>>
>
> These are all the places that the error message is set:
>
> find /usr/local/www/squirrelmail/ | xargs grep -in 'untrusted source'
>
> /usr/local/www/squirrelmail/plugins/compatibility/includes/1.5.2/global.php:1287:
> logout_error(_("The current page request appears to have
> originated from an untrusted source."));
>
> /usr/local/www/squirrelmail/po/squirrelmail.pot:1479:"The current page
> request appears to have originated from an untrusted source."
>
> /usr/local/www/squirrelmail/functions/strings.php:1473:
> logout_error(_("The current page request appears to have originated
> from an untrusted source."));
Along with checking what the server's PHP session lifetime is, you can
consider updating to more recent snapshot of SquirrelMail, which has
been changed to allow per-session anti-CSRF security tokens. Also, the
Quicksave plugin will help in such situations, since it saves the text
of unsent messages (and a new version is upcoming with greater storage
capacity).
--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
