Added a much better fix for the IE/SSL problem. No security hazards
authorlkehresman <lkehresman@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Thu, 18 Jan 2001 00:50:38 +0000 (00:50 +0000)
committerlkehresman <lkehresman@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Thu, 18 Jan 2001 00:50:38 +0000 (00:50 +0000)
were introduced.  I put the onetimepad code back to what it originally
was, and everything should work great now.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@962 7612ce4b-ef26-0410-bec9-ea0150e637f0

functions/imap_general.php
functions/mime.php
src/download.php
src/redirect.php

index 1debd61..7222eed 100755 (executable)
     **  will be displayed.  This function returns the imap connection handle.
     ******************************************************************************/
    function sqimap_login ($username, $password, $imap_server_address, $imap_port, $hide) {
-      global $color, $squirrelmail_language, $HTTP_ACCEPT_LANGUAGE, $onetimepad, $otp_pad;
+      global $color, $squirrelmail_language, $HTTP_ACCEPT_LANGUAGE, $onetimepad;
 
       $imap_stream = fsockopen ($imap_server_address, $imap_port,
          &$error_number, &$error_string, 15);
       $server_info = fgets ($imap_stream, 1024);
       
       // Decrypt the password
-      $onetpad = OneTimePadDecrypt($onetimepad, $otp_pad);
-      $password = OneTimePadDecrypt($password, $onetpad);
+      $password = OneTimePadDecrypt($password, $onetimepad);
 
       /** Do some error correction **/
       if (!$imap_stream) {
index 6c4df0f..4ed4435 100644 (file)
             translateText($body, $wrap_at, $body_message->header->charset);
          }   
    
-         $body .= "<SMALL><CENTER><A HREF=\"../src/download.php?absolute_dl=true&passed_id=$id&passed_ent_id=$ent_num&mailbox=$urlmailbox&otp=".$GLOBALS["onetimepad"]."\">". _("Download this as a file") ."</A></CENTER><BR></SMALL>";
+         $body .= "<SMALL><CENTER><A HREF=\"../src/download.php?absolute_dl=true&passed_id=$id&passed_ent_id=$ent_num&mailbox=$urlmailbox\">". _("Download this as a file") ."</A></CENTER><BR></SMALL>";
    
          /** Display the ATTACHMENTS: message if there's more than one part **/
          $body .= "</TD></TR></TABLE>";
                $ent = urlencode($message->header->entity_id);
                
                $DefaultLink = 
-                  "../src/download.php?startMessage=$startMessage&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent&otp=".$GLOBALS["onetimepad"];
+                  "../src/download.php?startMessage=$startMessage&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent";
                if ($where && $what)
                   $DefaultLink .= '&where=' . urlencode($where) . '&what=' . urlencode($what);
                $Links['download link']['text'] = _('download');
                $Links['download link']['href'] = 
-                   "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent&otp=".$GLOBALS["onetimepad"];
+                   "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent";
                $ImageURL = '';
                
                $HookResults = do_hook("attachment $type0/$type1", $Links,
index 17fe7f2..03505fb 100644 (file)
@@ -9,9 +9,6 @@
     **  Also allows displaying of attachments when possible.
     **/
 
-    $download_php = true;
-    $onetimepad = $otp;
-
    if (!isset($config_php))
       include("../config/config.php");
    if (!isset($strings_php))
    if (!isset($i18n_php))
       include("../functions/i18n.php");
 
+   session_start();
+   header("Pragma: ");
+   header("Cache-Control: cache");
+
    include("../src/load_prefs.php");
 
    function viewText($color, $body, $id, $entid, $mailbox, $type1, $wrap_at) {
index 0aebefc..868d057 100644 (file)
@@ -56,7 +56,6 @@ include("../config/config.php");
       $onetimepad = OneTimePadCreate(strlen($secretkey));
       $key = OneTimePadEncrypt($secretkey, $onetimepad);
       session_register("onetimepad");
-      $onetimepad = OneTimePadEncrypt($onetimepad, $otp_pad);
       // verify that username and password are correct
       if ($force_username_lowercase)
           $login_username = strtolower($login_username);