Finally fixed the IE/SSL download problem.

ChangeLog

@@ -1,5 +1,6 @@
 Version 1.0pre3 -- DEVELOPMENT
 ------------------------------
+- Finally fixed the IE/SSL download problem!!
 - Updated Polish translation
 
 

config/config_default.php

@@ -276,4 +276,8 @@
  // This is typically people in the US that are running Solaris 7.
  
  $invert_time = false;
+
+ // This should be a unique string, unique to your server.  Something
+ // that nobody would guess, and nobody can find out. 
+ $otp_pad = "SecretKey$domain";
 ?>

functions/imap_general.php

@@ -59,14 +59,15 @@
     **  will be displayed.  This function returns the imap connection handle.
     ******************************************************************************/
    function sqimap_login ($username, $password, $imap_server_address, $imap_port, $hide) {
-      global $color, $squirrelmail_language, $HTTP_ACCEPT_LANGUAGE, $onetimepad;
+      global $color, $squirrelmail_language, $HTTP_ACCEPT_LANGUAGE, $onetimepad, $otp_pad;
 
       $imap_stream = fsockopen ($imap_server_address, $imap_port,
          &$error_number, &$error_string, 15);
       $server_info = fgets ($imap_stream, 1024);
       
       // Decrypt the password
-      $password = OneTimePadDecrypt($password, $onetimepad);
+      $onetpad = OneTimePadDecrypt($onetimepad, $otp_pad);
+      $password = OneTimePadDecrypt($password, $onetpad);
 
       /** Do some error correction **/
       if (!$imap_stream) {

functions/mime.php

@@ -503,7 +503,7 @@
             translateText($body, $wrap_at, $body_message->header->charset);
          }   
    
-         $body .= "<SMALL><CENTER><A HREF=\"../src/download.php?absolute_dl=true&passed_id=$id&passed_ent_id=$ent_num&mailbox=$urlmailbox\">". _("Download this as a file") ."</A></CENTER><BR></SMALL>";
+         $body .= "<SMALL><CENTER><A HREF=\"../src/download.php?absolute_dl=true&passed_id=$id&passed_ent_id=$ent_num&mailbox=$urlmailbox&otp=".$GLOBALS["onetimepad"]."\">". _("Download this as a file") ."</A></CENTER><BR></SMALL>";
    
          /** Display the ATTACHMENTS: message if there's more than one part **/
          $body .= "</TD></TR></TABLE>";
@@ -558,12 +558,12 @@
                $ent = urlencode($message->header->entity_id);
                
                $DefaultLink = 
-                  "../src/download.php?startMessage=$startMessage&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent";
+                  "../src/download.php?startMessage=$startMessage&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent&otp=".$GLOBALS["onetimepad"];
                if ($where && $what)
                   $DefaultLink .= '&where=' . urlencode($where) . '&what=' . urlencode($what);
                $Links['download link']['text'] = _('download');
                $Links['download link']['href'] = 
-                   "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent";
+                   "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent&otp=".$GLOBALS["onetimepad"];
                $ImageURL = '';
                
                $HookResults = do_hook("attachment $type0/$type1", $Links,

src/download.php

@@ -9,6 +9,9 @@
     **  Also allows displaying of attachments when possible.
     **/
 
+    $download_php = true;
+    $onetimepad = $otp;
+
    if (!isset($config_php))
       include("../config/config.php");
    if (!isset($strings_php))
@@ -22,12 +25,12 @@
    if (!isset($i18n_php))
       include("../functions/i18n.php");
 
-   include("../src/load_prefs.php");
 
    function viewText($color, $body, $id, $entid, $mailbox, $type1, $wrap_at) {
       global $where, $what, $charset;
       global $startMessage;
       
+      include("../src/load_prefs.php");
       displayPageHeader($color, "None");
 
       echo "<BR><TABLE WIDTH=100% BORDER=0 CELLSPACING=0 CELLPADDING=2 ALIGN=CENTER><TR><TD BGCOLOR=\"$color[0]\">";
@@ -109,8 +112,8 @@
          case "text":
             $body = mime_fetch_body($imapConnection, $passed_id, $passed_ent_id);
             $body = decodeBody($body, $header->encoding);
-            header("Content-Disposition: filename=\"$filename\"");
-            header("Content-type: application/octet-stream; name=\"$filename\"");
+            header("Content-Disposition: attachment; filename=$filename");
+            header("Content-type: application/octet-stream; name=$filename");
             set_up_language(getPref($data_dir, $username, "language"));
             if ($type1 == "plain") {
                echo _("Subject") . ": " . decodeHeader(sqStripSlashes($top_header->subject)) . "\n";
@@ -121,8 +124,8 @@
             echo trim($body);
             break;
          default:
-            header("Content-Disposition: filename=$filename");
-            header("Content-type: application/octet-stream; name=\"$filename\"");
+            header("Content-Disposition: attachment; filename=$filename");
+            header("Content-type: application/octet-stream; name=$filename");
             mime_print_body_lines ($imapConnection, $passed_id, $passed_ent_id, $header->encoding);
             break;
       }
@@ -137,8 +140,8 @@
             } else {
                 $body = mime_fetch_body($imapConnection, $passed_id, $passed_ent_id);
                 $body = decodeBody($body, $header->encoding);
-                header("Content-type: $type0/$type1; name=\"$filename\"");
-                header("Content-Disposition: filename=\"$filename\"");
+                header("Content-type: $type0/$type1; name=$filename");
+                header("Content-Disposition: attachment; filename=$filename");
                 echo $body;
             }
             break;
@@ -150,7 +153,7 @@
             break;
          default:
             header("Content-type: $type0/$type1; name=\"$filename\"");
-            header("Content-Disposition: filename=\"$filename\"");
+            header("Content-Disposition: attachment; filename=\"$filename\"");
             mime_print_body_lines ($imapConnection, $passed_id, $passed_ent_id, $header->encoding);
             break;
       }

src/load_prefs.php

@@ -59,7 +59,7 @@
       }
    }
 
-	session_register("theme_css");
+    if (!$download_php) session_register("theme_css");
 
    $use_javascript_addr_book = getPref($data_dir, $username, "use_javascript_addr_book");
    if ($use_javascript_addr_book == "")

src/redirect.php

@@ -14,6 +14,7 @@
 
    if (!isset($strings_php))
       include ("../functions/strings.php");
+include("../config/config.php");
 
    // Before starting the session, the base URI must be known.
    // Assuming that this file is in the src/ subdirectory (or
@@ -55,6 +56,7 @@
       $onetimepad = OneTimePadCreate(strlen($secretkey));
       $key = OneTimePadEncrypt($secretkey, $onetimepad);
       session_register("onetimepad");
+      $onetimepad = OneTimePadEncrypt($onetimepad, $otp_pad);
       // verify that username and password are correct
       if ($force_username_lowercase)
           $login_username = strtolower($login_username);