From bc104ef3568e8b4d88acef908a4b4eca51b5b3c6 Mon Sep 17 00:00:00 2001 From: lkehresman Date: Thu, 18 Jan 2001 00:50:38 +0000 Subject: [PATCH] Added a much better fix for the IE/SSL problem. No security hazards were introduced. I put the onetimepad code back to what it originally was, and everything should work great now. git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@962 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- functions/imap_general.php | 5 ++--- functions/mime.php | 6 +++--- src/download.php | 7 ++++--- src/redirect.php | 1 - 4 files changed, 9 insertions(+), 10 deletions(-) diff --git a/functions/imap_general.php b/functions/imap_general.php index 1debd618..7222eed9 100755 --- a/functions/imap_general.php +++ b/functions/imap_general.php @@ -90,15 +90,14 @@ ** will be displayed. This function returns the imap connection handle. ******************************************************************************/ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $hide) { - global $color, $squirrelmail_language, $HTTP_ACCEPT_LANGUAGE, $onetimepad, $otp_pad; + global $color, $squirrelmail_language, $HTTP_ACCEPT_LANGUAGE, $onetimepad; $imap_stream = fsockopen ($imap_server_address, $imap_port, &$error_number, &$error_string, 15); $server_info = fgets ($imap_stream, 1024); // Decrypt the password - $onetpad = OneTimePadDecrypt($onetimepad, $otp_pad); - $password = OneTimePadDecrypt($password, $onetpad); + $password = OneTimePadDecrypt($password, $onetimepad); /** Do some error correction **/ if (!$imap_stream) { diff --git a/functions/mime.php b/functions/mime.php index 6c4df0f7..4ed4435a 100644 --- a/functions/mime.php +++ b/functions/mime.php @@ -503,7 +503,7 @@ translateText($body, $wrap_at, $body_message->header->charset); } - $body .= "
". _("Download this as a file") ."

"; + $body .= "
". _("Download this as a file") ."

"; /** Display the ATTACHMENTS: message if there's more than one part **/ $body .= ""; @@ -558,12 +558,12 @@ $ent = urlencode($message->header->entity_id); $DefaultLink = - "../src/download.php?startMessage=$startMessage&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent&otp=".$GLOBALS["onetimepad"]; + "../src/download.php?startMessage=$startMessage&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent"; if ($where && $what) $DefaultLink .= '&where=' . urlencode($where) . '&what=' . urlencode($what); $Links['download link']['text'] = _('download'); $Links['download link']['href'] = - "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent&otp=".$GLOBALS["onetimepad"]; + "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent"; $ImageURL = ''; $HookResults = do_hook("attachment $type0/$type1", $Links, diff --git a/src/download.php b/src/download.php index 17fe7f2b..03505fb3 100644 --- a/src/download.php +++ b/src/download.php @@ -9,9 +9,6 @@ ** Also allows displaying of attachments when possible. **/ - $download_php = true; - $onetimepad = $otp; - if (!isset($config_php)) include("../config/config.php"); if (!isset($strings_php)) @@ -25,6 +22,10 @@ if (!isset($i18n_php)) include("../functions/i18n.php"); + session_start(); + header("Pragma: "); + header("Cache-Control: cache"); + include("../src/load_prefs.php"); function viewText($color, $body, $id, $entid, $mailbox, $type1, $wrap_at) { diff --git a/src/redirect.php b/src/redirect.php index 0aebefc6..868d0575 100644 --- a/src/redirect.php +++ b/src/redirect.php @@ -56,7 +56,6 @@ include("../config/config.php"); $onetimepad = OneTimePadCreate(strlen($secretkey)); $key = OneTimePadEncrypt($secretkey, $onetimepad); session_register("onetimepad"); - $onetimepad = OneTimePadEncrypt($onetimepad, $otp_pad); // verify that username and password are correct if ($force_username_lowercase) $login_username = strtolower($login_username); -- 2.25.1