projects / squirrelmail.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: f358f09)
Added a much better fix for the IE/SSL problem. No security hazards
authorlkehresman <lkehresman@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Thu, 18 Jan 2001 00:50:38 +0000 (00:50 +0000)
committerlkehresman <lkehresman@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Thu, 18 Jan 2001 00:50:38 +0000 (00:50 +0000)
were introduced.  I put the onetimepad code back to what it originally
was, and everything should work great now.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@962 7612ce4b-ef26-0410-bec9-ea0150e637f0

functions/imap_general.php patch | blob | blame | history
functions/mime.php patch | blob | blame | history
src/download.php patch | blob | blame | history
src/redirect.php patch | blob | blame | history

diff --git a/functions/imap_general.php b/functions/imap_general.php
index 1debd618b7dc3ee211c7b286419d69ba286ef126..7222eed933ae1f16fe911f4acfa5a09939c6e7db 100755 (executable)
--- a/functions/imap_general.php
+++ b/functions/imap_general.php
@@ -90,15 +90,14 @@
     **  will be displayed.  This function returns the imap connection handle.
     ******************************************************************************/
    function sqimap_login ($username, $password, $imap_server_address, $imap_port, $hide) {
     **  will be displayed.  This function returns the imap connection handle.
     ******************************************************************************/
    function sqimap_login ($username, $password, $imap_server_address, $imap_port, $hide) {
-      global $color, $squirrelmail_language, $HTTP_ACCEPT_LANGUAGE, $onetimepad, $otp_pad;
+      global $color, $squirrelmail_language, $HTTP_ACCEPT_LANGUAGE, $onetimepad;
 
       $imap_stream = fsockopen ($imap_server_address, $imap_port,
          &$error_number, &$error_string, 15);
       $server_info = fgets ($imap_stream, 1024);
       
       // Decrypt the password
 
       $imap_stream = fsockopen ($imap_server_address, $imap_port,
          &$error_number, &$error_string, 15);
       $server_info = fgets ($imap_stream, 1024);
       
       // Decrypt the password
-      $onetpad = OneTimePadDecrypt($onetimepad, $otp_pad);
-      $password = OneTimePadDecrypt($password, $onetpad);
+      $password = OneTimePadDecrypt($password, $onetimepad);
 
       /** Do some error correction **/
       if (!$imap_stream) {
 
       /** Do some error correction **/
       if (!$imap_stream) {
diff --git a/functions/mime.php b/functions/mime.php
index 6c4df0f728dcae791b4fd90dabcdf33c4094f4d1..4ed4435af077628e1115cbc08e2c889baa7edfa0 100644 (file)
--- a/functions/mime.php
+++ b/functions/mime.php
@@ -503,7 +503,7 @@
             translateText($body, $wrap_at, $body_message->header->charset);
          }   
    
             translateText($body, $wrap_at, $body_message->header->charset);
          }   
    
-         $body .= "<SMALL><CENTER><A HREF=\"../src/download.php?absolute_dl=true&passed_id=$id&passed_ent_id=$ent_num&mailbox=$urlmailbox&otp=".$GLOBALS["onetimepad"]."\">". _("Download this as a file") ."</A></CENTER><BR></SMALL>";
+         $body .= "<SMALL><CENTER><A HREF=\"../src/download.php?absolute_dl=true&passed_id=$id&passed_ent_id=$ent_num&mailbox=$urlmailbox\">". _("Download this as a file") ."</A></CENTER><BR></SMALL>";
    
          /** Display the ATTACHMENTS: message if there's more than one part **/
          $body .= "</TD></TR></TABLE>";
    
          /** Display the ATTACHMENTS: message if there's more than one part **/
          $body .= "</TD></TR></TABLE>";
@@ -558,12 +558,12 @@
                $ent = urlencode($message->header->entity_id);
                
                $DefaultLink = 
                $ent = urlencode($message->header->entity_id);
                
                $DefaultLink = 
-                  "../src/download.php?startMessage=$startMessage&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent&otp=".$GLOBALS["onetimepad"];
+                  "../src/download.php?startMessage=$startMessage&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent";
                if ($where && $what)
                   $DefaultLink .= '&where=' . urlencode($where) . '&what=' . urlencode($what);
                $Links['download link']['text'] = _('download');
                $Links['download link']['href'] = 
                if ($where && $what)
                   $DefaultLink .= '&where=' . urlencode($where) . '&what=' . urlencode($what);
                $Links['download link']['text'] = _('download');
                $Links['download link']['href'] = 
-                   "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent&otp=".$GLOBALS["onetimepad"];
+                   "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent";
                $ImageURL = '';
                
                $HookResults = do_hook("attachment $type0/$type1", $Links,
                $ImageURL = '';
                
                $HookResults = do_hook("attachment $type0/$type1", $Links,
diff --git a/src/download.php b/src/download.php
index 17fe7f2b0f3fb93615934ce5ed162d57a841ba58..03505fb3c7c28a35c9d7450e771c8a85fdbcb1f9 100644 (file)
--- a/src/download.php
+++ b/src/download.php
@@ -9,9 +9,6 @@
     **  Also allows displaying of attachments when possible.
     **/
 
     **  Also allows displaying of attachments when possible.
     **/
 
-    $download_php = true;
-    $onetimepad = $otp;
-
    if (!isset($config_php))
       include("../config/config.php");
    if (!isset($strings_php))
    if (!isset($config_php))
       include("../config/config.php");
    if (!isset($strings_php))
@@ -25,6 +22,10 @@
    if (!isset($i18n_php))
       include("../functions/i18n.php");
 
    if (!isset($i18n_php))
       include("../functions/i18n.php");
 
+   session_start();
+   header("Pragma: ");
+   header("Cache-Control: cache");
+
    include("../src/load_prefs.php");
 
    function viewText($color, $body, $id, $entid, $mailbox, $type1, $wrap_at) {
    include("../src/load_prefs.php");
 
    function viewText($color, $body, $id, $entid, $mailbox, $type1, $wrap_at) {
diff --git a/src/redirect.php b/src/redirect.php
index 0aebefc641bc6c3b9e57b1cffd8c2e612638c01b..868d05759578f42a8740e47c685ce4cd6caeda50 100644 (file)
--- a/src/redirect.php
+++ b/src/redirect.php
@@ -56,7 +56,6 @@ include("../config/config.php");
       $onetimepad = OneTimePadCreate(strlen($secretkey));
       $key = OneTimePadEncrypt($secretkey, $onetimepad);
       session_register("onetimepad");
       $onetimepad = OneTimePadCreate(strlen($secretkey));
       $key = OneTimePadEncrypt($secretkey, $onetimepad);
       session_register("onetimepad");
-      $onetimepad = OneTimePadEncrypt($onetimepad, $otp_pad);
       // verify that username and password are correct
       if ($force_username_lowercase)
           $login_username = strtolower($login_username);
       // verify that username and password are correct
       if ($force_username_lowercase)
           $login_username = strtolower($login_username);
Unnamed repository; edit this file 'description' to name the repository.