From 0ae64f08f1abfaf780f8dbad16223d2f0f28b313 Mon Sep 17 00:00:00 2001 From: lkehresman Date: Wed, 17 Jan 2001 01:06:57 +0000 Subject: [PATCH] Finally fixed the IE/SSL download problem. git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@950 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- ChangeLog | 1 + config/config_default.php | 4 ++++ functions/imap_general.php | 5 +++-- functions/mime.php | 6 +++--- src/download.php | 19 +++++++++++-------- src/load_prefs.php | 2 +- src/redirect.php | 2 ++ 7 files changed, 25 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index dd1f5057..086e2c98 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ Version 1.0pre3 -- DEVELOPMENT ------------------------------ +- Finally fixed the IE/SSL download problem!! - Updated Polish translation diff --git a/config/config_default.php b/config/config_default.php index cce85fb3..faec2b60 100644 --- a/config/config_default.php +++ b/config/config_default.php @@ -276,4 +276,8 @@ // This is typically people in the US that are running Solaris 7. $invert_time = false; + + // This should be a unique string, unique to your server. Something + // that nobody would guess, and nobody can find out. + $otp_pad = "SecretKey$domain"; ?> diff --git a/functions/imap_general.php b/functions/imap_general.php index 5e80c89c..b8d0e867 100755 --- a/functions/imap_general.php +++ b/functions/imap_general.php @@ -59,14 +59,15 @@ ** will be displayed. This function returns the imap connection handle. ******************************************************************************/ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $hide) { - global $color, $squirrelmail_language, $HTTP_ACCEPT_LANGUAGE, $onetimepad; + global $color, $squirrelmail_language, $HTTP_ACCEPT_LANGUAGE, $onetimepad, $otp_pad; $imap_stream = fsockopen ($imap_server_address, $imap_port, &$error_number, &$error_string, 15); $server_info = fgets ($imap_stream, 1024); // Decrypt the password - $password = OneTimePadDecrypt($password, $onetimepad); + $onetpad = OneTimePadDecrypt($onetimepad, $otp_pad); + $password = OneTimePadDecrypt($password, $onetpad); /** Do some error correction **/ if (!$imap_stream) { diff --git a/functions/mime.php b/functions/mime.php index 7e054d05..668934cc 100644 --- a/functions/mime.php +++ b/functions/mime.php @@ -503,7 +503,7 @@ translateText($body, $wrap_at, $body_message->header->charset); } - $body .= "
". _("Download this as a file") ."

"; + $body .= "
". _("Download this as a file") ."

"; /** Display the ATTACHMENTS: message if there's more than one part **/ $body .= ""; @@ -558,12 +558,12 @@ $ent = urlencode($message->header->entity_id); $DefaultLink = - "../src/download.php?startMessage=$startMessage&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent"; + "../src/download.php?startMessage=$startMessage&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent&otp=".$GLOBALS["onetimepad"]; if ($where && $what) $DefaultLink .= '&where=' . urlencode($where) . '&what=' . urlencode($what); $Links['download link']['text'] = _('download'); $Links['download link']['href'] = - "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent"; + "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent&otp=".$GLOBALS["onetimepad"]; $ImageURL = ''; $HookResults = do_hook("attachment $type0/$type1", $Links, diff --git a/src/download.php b/src/download.php index ced450fe..c3608fa3 100644 --- a/src/download.php +++ b/src/download.php @@ -9,6 +9,9 @@ ** Also allows displaying of attachments when possible. **/ + $download_php = true; + $onetimepad = $otp; + if (!isset($config_php)) include("../config/config.php"); if (!isset($strings_php)) @@ -22,12 +25,12 @@ if (!isset($i18n_php)) include("../functions/i18n.php"); - include("../src/load_prefs.php"); function viewText($color, $body, $id, $entid, $mailbox, $type1, $wrap_at) { global $where, $what, $charset; global $startMessage; + include("../src/load_prefs.php"); displayPageHeader($color, "None"); echo "
"; @@ -109,8 +112,8 @@ case "text": $body = mime_fetch_body($imapConnection, $passed_id, $passed_ent_id); $body = decodeBody($body, $header->encoding); - header("Content-Disposition: filename=\"$filename\""); - header("Content-type: application/octet-stream; name=\"$filename\""); + header("Content-Disposition: attachment; filename=$filename"); + header("Content-type: application/octet-stream; name=$filename"); set_up_language(getPref($data_dir, $username, "language")); if ($type1 == "plain") { echo _("Subject") . ": " . decodeHeader(sqStripSlashes($top_header->subject)) . "\n"; @@ -121,8 +124,8 @@ echo trim($body); break; default: - header("Content-Disposition: filename=$filename"); - header("Content-type: application/octet-stream; name=\"$filename\""); + header("Content-Disposition: attachment; filename=$filename"); + header("Content-type: application/octet-stream; name=$filename"); mime_print_body_lines ($imapConnection, $passed_id, $passed_ent_id, $header->encoding); break; } @@ -137,8 +140,8 @@ } else { $body = mime_fetch_body($imapConnection, $passed_id, $passed_ent_id); $body = decodeBody($body, $header->encoding); - header("Content-type: $type0/$type1; name=\"$filename\""); - header("Content-Disposition: filename=\"$filename\""); + header("Content-type: $type0/$type1; name=$filename"); + header("Content-Disposition: attachment; filename=$filename"); echo $body; } break; @@ -150,7 +153,7 @@ break; default: header("Content-type: $type0/$type1; name=\"$filename\""); - header("Content-Disposition: filename=\"$filename\""); + header("Content-Disposition: attachment; filename=\"$filename\""); mime_print_body_lines ($imapConnection, $passed_id, $passed_ent_id, $header->encoding); break; } diff --git a/src/load_prefs.php b/src/load_prefs.php index d37d1082..2e7f80e4 100644 --- a/src/load_prefs.php +++ b/src/load_prefs.php @@ -59,7 +59,7 @@ } } - session_register("theme_css"); + if (!$download_php) session_register("theme_css"); $use_javascript_addr_book = getPref($data_dir, $username, "use_javascript_addr_book"); if ($use_javascript_addr_book == "") diff --git a/src/redirect.php b/src/redirect.php index adebcca7..0aebefc6 100644 --- a/src/redirect.php +++ b/src/redirect.php @@ -14,6 +14,7 @@ if (!isset($strings_php)) include ("../functions/strings.php"); +include("../config/config.php"); // Before starting the session, the base URI must be known. // Assuming that this file is in the src/ subdirectory (or @@ -55,6 +56,7 @@ $onetimepad = OneTimePadCreate(strlen($secretkey)); $key = OneTimePadEncrypt($secretkey, $onetimepad); session_register("onetimepad"); + $onetimepad = OneTimePadEncrypt($onetimepad, $otp_pad); // verify that username and password are correct if ($force_username_lowercase) $login_username = strtolower($login_username); -- 2.25.1