Re: [SM-PLUGINS] Minor Quicksave Issues

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On 2005-Oct-20, at 4:39 PM, Paul Lesneiwski wrote:

>>>> Second - Clicking the "Signature" button to add your signature
>>>> apparently is considered leaving the page. I notice that "Save    
>>>> Drafts"
>>>> doesn't do this, so the exceptions list is somewhere...   
>>>> signature  just
>>>> needs to be added to it.
>>>>
>>>>
>>>
>>> No, it's not as simple as creating a "list".  The text of the  
>>> body and
>>> all the To, Cc, Bcc and Subject are compared to their last known   
>>> values.
>>>  Signatures are accounted for, but the code is clunky and works well
>>> sometimes, but as you've seen, it can also be very annoyingly   
>>> "broken".
>>>  I have a plan to rewrite some of the code with regexp which should
>>> help, but I'm not holding my breath that it will work wonders --   
>>> this is
>>> probably just what you have to live with for the added security  
>>> of the
>>> plugin.
>>>
>>
>>
>> That's unfortunate. I guess just add it to the documentation we   
>> posted.
>> "When adding a signature, it may...". I have until the end of   
>> next week
>> before it goes into production.
>>
>
> Seems like that's the thing to do, I probably won't have any fixes for
> quite some time.  Patches always welcome.
>

I'm sure they are... it just requires me to be much more of a  
javascript and php guru than I currently am. I'll still poke around  
and see if I can come up with anything useful though.

>>>> I took care of the first issue by simply commenting out the   
>>>> option  for
>>>> the higher security so my users can't select it. Not a great    
>>>> solution,
>>>> but it'll do until a real solution is found.
>>>>
>>>>
>>>
>>> Can you please post the exact error text?  This ONLY happens when  
>>> you
>>> had NO encryption, changed to moderate and went to compose a new
>>> message?  Can you trigger it in any other ways?
>>>
>>
>>
>> I just edited my config file by hand, switching to
>> quicksave_encryption=moderate, and logged in fresh, clicked "Compose"
>> and it still threw the same error:
>>
>
> Note that logging in "fresh" doesn't mean much unless you also cleared
> out any quicksave cookies in your browser.  Seems like the problem is
> related to incompatibilities between encryption levels and old  
> cookies.
>  I will see about wiping the cookie when these settings are changed
> (other option would be to store encryption type in the cookie itself,
> but cookie storage is already vastly limited, so I will not be  
> doing it
> that way).

Yes, but even after clearing all my cookies (just to make sure, I did  
so on my Mac) it still manifests itself. Maybe I'll look at tweaking  
the decrypter so that if the value is "", or size of content is <  
(salt key size), to just ignore it -- there is nothing to encrypt or  
decrypt. Would that solve this? Or is it failing to grab the  
"is_active" value of 0 on new message? Hmm.

I did notice that I'm getting 5 errors, which is one for each of the  
5 cookies that get set.

Storing the encryption type would be a single character, so I don't  
think that will impact storage that badly. You could easily store it  
in the "is_active" cookie, since it's only a single value anyway... 0  
= inactive, > 0 relates to which encryption was used. At the same  
time, I don't think that's the real problem, nor is it a particularly  
good solution to this problem in particular.

>> QuickSave Error - A salt value could not be extracted from the
>> encrypted message because it's length is too short. The message   
>> cannot
>> be decrypted. Please contact your system administrator.
>>
>> After clicking the OK button 5 (!) times to get rid of the message, I
>> could type. If I cancel the message (to clear the quicksave cookie),
>> then attempt to compose again, I get the same error box.
>>
>> Same problem on Firefox-1.0.7 and IE6 for PC, and Safari 2.0.1 on my
>> Mac. Don't have many other browsers to test with.
>>
>> The error does not show up using medium, low, or no encryption.
>>
>> Other, possibly useful info:
>> Redhat EL3, update 6.
>> Apache 2.0.46-54
>> php 4.3.2
>> squirrelmail 1.4.5
>> quicksave 2.3
>>
>> If you want my installed plugin list, I can provide. Could this minor
>> bits be related to the newer versions of Squirrelmail? I notice that
>> quicksave itself hasn't been updated for a couple years.
>>
>
> No, very doubtful.
>

Didn't think so, but it was worth a shot. :) I guess, that's why the  
compatibility plugin is required - to make sure that it still works,  
no matter what version of Squirrelmail you're running.

Thanks again.

--JM