Added a much better fix for the IE/SSL problem. No security hazards

were introduced.  I put the onetimepad code back to what it originally
was, and everything should work great now.

functions/imap_general.php

@@ -90,15 +90,14 @@
     **  will be displayed.  This function returns the imap connection handle.
     ******************************************************************************/
    function sqimap_login ($username, $password, $imap_server_address, $imap_port, $hide) {
-      global $color, $squirrelmail_language, $HTTP_ACCEPT_LANGUAGE, $onetimepad, $otp_pad;
+      global $color, $squirrelmail_language, $HTTP_ACCEPT_LANGUAGE, $onetimepad;
 
       $imap_stream = fsockopen ($imap_server_address, $imap_port,
          &$error_number, &$error_string, 15);
       $server_info = fgets ($imap_stream, 1024);
       
       // Decrypt the password
-      $onetpad = OneTimePadDecrypt($onetimepad, $otp_pad);
-      $password = OneTimePadDecrypt($password, $onetpad);
+      $password = OneTimePadDecrypt($password, $onetimepad);
 
       /** Do some error correction **/
       if (!$imap_stream) {

functions/mime.php

@@ -503,7 +503,7 @@
             translateText($body, $wrap_at, $body_message->header->charset);
          }   
    
-         $body .= "<SMALL><CENTER><A HREF=\"../src/download.php?absolute_dl=true&passed_id=$id&passed_ent_id=$ent_num&mailbox=$urlmailbox&otp=".$GLOBALS["onetimepad"]."\">". _("Download this as a file") ."</A></CENTER><BR></SMALL>";
+         $body .= "<SMALL><CENTER><A HREF=\"../src/download.php?absolute_dl=true&passed_id=$id&passed_ent_id=$ent_num&mailbox=$urlmailbox\">". _("Download this as a file") ."</A></CENTER><BR></SMALL>";
    
          /** Display the ATTACHMENTS: message if there's more than one part **/
          $body .= "</TD></TR></TABLE>";
@@ -558,12 +558,12 @@
                $ent = urlencode($message->header->entity_id);
                
                $DefaultLink = 
-                  "../src/download.php?startMessage=$startMessage&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent&otp=".$GLOBALS["onetimepad"];
+                  "../src/download.php?startMessage=$startMessage&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent";
                if ($where && $what)
                   $DefaultLink .= '&where=' . urlencode($where) . '&what=' . urlencode($what);
                $Links['download link']['text'] = _('download');
                $Links['download link']['href'] = 
-                   "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent&otp=".$GLOBALS["onetimepad"];
+                   "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent";
                $ImageURL = '';
                
                $HookResults = do_hook("attachment $type0/$type1", $Links,

src/download.php

@@ -9,9 +9,6 @@
     **  Also allows displaying of attachments when possible.
     **/
 
-    $download_php = true;
-    $onetimepad = $otp;
-
    if (!isset($config_php))
       include("../config/config.php");
    if (!isset($strings_php))
@@ -25,6 +22,10 @@
    if (!isset($i18n_php))
       include("../functions/i18n.php");
 
+   session_start();
+   header("Pragma: ");
+   header("Cache-Control: cache");
+
    include("../src/load_prefs.php");
 
    function viewText($color, $body, $id, $entid, $mailbox, $type1, $wrap_at) {

src/redirect.php

@@ -56,7 +56,6 @@ include("../config/config.php");
       $onetimepad = OneTimePadCreate(strlen($secretkey));
       $key = OneTimePadEncrypt($secretkey, $onetimepad);
       session_register("onetimepad");
-      $onetimepad = OneTimePadEncrypt($onetimepad, $otp_pad);
       // verify that username and password are correct
       if ($force_username_lowercase)
           $login_username = strtolower($login_username);