209349 – www/roundcube: access to this resource is secured against CSRF

Bug 209349 - www/roundcube: access to this resource is secured against CSRF

Summary: www/roundcube: access to this resource is secured against CSRF

Status:	Closed Overcome By Events

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Alex Dupre

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-05-06 23:36 UTC by wxl
Modified:	2016-05-11 16:46 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
www/roundcube 1.1.4 patch for CSRF error on logout (472 bytes, patch) 2016-05-06 23:36 UTC, wxl	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description wxl 2016-05-06 23:36:52 UTC

Created attachment 170074 [details]
www/roundcube 1.1.4 patch for CSRF error on logout

Logouts in Roundcube 1.1.4 don't complete cleanly. Instead, the following error message appears:

> Request Check Failed
> For your protection, access to this resource is secured against CSRF.
> If you see this, you probably didn't log out before leaving the web
> application.
> Human interaction is now required to continue.
> Please contact your server-administrator.

This is related to a known bug now fixed in the 1.1.5 release:
https://github.com/roundcube/roundcubemail/issues/4956

In lieu of pulling down the new release, the attached patch will solve the problem.

Comment 1 Tilman Keskinoz freebsd_committer

2016-05-11 16:28:47 UTC

over to maintainer