Bug 501260 - Users can't log in via squirrelmail
Summary: Users can't log in via squirrelmail
Alias: None
Product: Fedora
Classification: Fedora
Component: squirrelmail
Version: 9
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Michal Hlavinka
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2009-05-18 09:34 UTC by Pytela, Zdenek
Modified: 2009-05-21 07:01 UTC (History)
1 user (show)

Fixed In Version: 1.4.18-2.fc10
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-05-20 00:46:20 UTC
Type: ---

Attachments (Terms of Use)

Description Pytela, Zdenek 2009-05-18 09:34:38 UTC
After upgrade of squirrelmail to v1.4.18 some people can't log in, the message says

Undefined variable: aSpamIds in
/usr/share/squirrelmail/plugins/filters/filters.php on line 458

Most likely only those users who has activated their spam filter are concerned,
so disabling all spam filters may work as a quick fix:

$AllowSpamFilters = false
in /usr/share/squirrelmail/plugins/filters/setup.php.

Comment 1 Michal Hlavinka 2009-05-18 10:22:43 UTC
Hi, thanks for reporting this.

Could you please check if adding 

$aSpamIds = array();

on line 418 fixes your problem? Thanks

diff -up squirrelmail-1.4.18/plugins/filters/filters.php.orig squirrelmail-1.4.18/plugins/filters/filters.php
--- squirrelmail-1.4.18/plugins/filters/filters.php.orig        2009-05-18 12:16:26.628481587 +0200
+++ squirrelmail-1.4.18/plugins/filters/filters.php     2009-05-18 12:16:26.632481429 +0200
@@ -415,7 +415,7 @@ function spam_filters($imap_stream) {
     $messages = parseFetch($read, $search_array);

     $bulkquery = (strlen($SpamFilters_BulkQuery) > 0 ? true : false);
+    $aSpamIds = array();
     foreach($messages as $id=>$message) {
         if (isset($message['UID'])) {
             $MsgNum = $message['UID'];

Comment 2 Pytela, Zdenek 2009-05-18 15:56:14 UTC
Thank you, your solution works at least for one user. There are no more errors at the browser (in the error_log there are some php notices, they were there before and don't look to be related to this problem). I have to wait for other users to be sure that it works for everybody, but at least it really looks like the right solution.

This problem also probably exists in F10+ and rawhide, but the interface does not allow to choose more of distribution versions or being independent.

Comment 3 Michal Hlavinka 2009-05-19 06:38:47 UTC
Thanks for testing, I'll send this patch to upstream. Please let me know if you find this doesn't work for some users.

Comment 4 Fedora Update System 2009-05-19 09:13:27 UTC
squirrelmail-1.4.18-2.fc9 has been submitted as an update for Fedora 9.

Comment 5 Fedora Update System 2009-05-19 09:14:39 UTC
squirrelmail-1.4.18-2.fc10 has been submitted as an update for Fedora 10.

Comment 6 Fedora Update System 2009-05-19 09:15:19 UTC
squirrelmail-1.4.18-2.fc11 has been submitted as an update for Fedora 11.

Comment 7 Fedora Update System 2009-05-20 00:46:16 UTC
squirrelmail-1.4.18-2.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2009-05-20 00:53:23 UTC
squirrelmail-1.4.18-2.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2009-05-20 00:54:09 UTC
squirrelmail-1.4.18-2.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Pytela, Zdenek 2009-05-20 14:02:21 UTC
Your solution works fine, no more undefined variables.
But v1.4.18 probably introduced another bug: some users still can't log in, the browser is stalled with blank screen.
Last line in the server log is
"POST /src/redirect.php HTTP/1.1" 302

I know two possible fixes (not good ones):
either $AllowSpamFilters = false
or removing user's pref.
Setting the spam filters again (by clicking) is possible and the user account works.

Unfortunately this behavior cannot be reproduced, nor reduced to minimum configuration, it is not possible in advance to detect users who can't log in.

Comment 11 Michal Hlavinka 2009-05-20 14:19:52 UTC
is anything related in httpd's error log?

Comment 12 Pytela, Zdenek 2009-05-20 14:33:41 UTC
There is absolutely nothing related.
I've just found another bug of similar type:

This bug can be reproduced, 14 warnings are both on the screen and log.
The related pref is:

Comment 13 Michal Hlavinka 2009-05-21 07:01:32 UTC
ok, thanks for reporting.

There will be new release (1.4.19) from upstream today or tomorrow.

You can used this patch meanwhile:

Note You need to log in before you can comment on or make changes to this bug.