From: Jeremiah M. <me...@ul...> - 2005-10-20 23:07:50
|
On 2005-Oct-20, at 4:39 PM, Paul Lesneiwski wrote: >>>> Second - Clicking the "Signature" button to add your signature >>>> apparently is considered leaving the page. I notice that "Save >>>> Drafts" >>>> doesn't do this, so the exceptions list is somewhere... >>>> signature just >>>> needs to be added to it. >>>> >>>> >>> >>> No, it's not as simple as creating a "list". The text of the >>> body and >>> all the To, Cc, Bcc and Subject are compared to their last known >>> values. >>> Signatures are accounted for, but the code is clunky and works well >>> sometimes, but as you've seen, it can also be very annoyingly >>> "broken". >>> I have a plan to rewrite some of the code with regexp which should >>> help, but I'm not holding my breath that it will work wonders -- >>> this is >>> probably just what you have to live with for the added security >>> of the >>> plugin. >>> >> >> >> That's unfortunate. I guess just add it to the documentation we >> posted. >> "When adding a signature, it may...". I have until the end of >> next week >> before it goes into production. >> > > Seems like that's the thing to do, I probably won't have any fixes for > quite some time. Patches always welcome. > I'm sure they are... it just requires me to be much more of a javascript and php guru than I currently am. I'll still poke around and see if I can come up with anything useful though. >>>> I took care of the first issue by simply commenting out the >>>> option for >>>> the higher security so my users can't select it. Not a great >>>> solution, >>>> but it'll do until a real solution is found. >>>> >>>> >>> >>> Can you please post the exact error text? This ONLY happens when >>> you >>> had NO encryption, changed to moderate and went to compose a new >>> message? Can you trigger it in any other ways? >>> >> >> >> I just edited my config file by hand, switching to >> quicksave_encryption=moderate, and logged in fresh, clicked "Compose" >> and it still threw the same error: >> > > Note that logging in "fresh" doesn't mean much unless you also cleared > out any quicksave cookies in your browser. Seems like the problem is > related to incompatibilities between encryption levels and old > cookies. > I will see about wiping the cookie when these settings are changed > (other option would be to store encryption type in the cookie itself, > but cookie storage is already vastly limited, so I will not be > doing it > that way). Yes, but even after clearing all my cookies (just to make sure, I did so on my Mac) it still manifests itself. Maybe I'll look at tweaking the decrypter so that if the value is "", or size of content is < (salt key size), to just ignore it -- there is nothing to encrypt or decrypt. Would that solve this? Or is it failing to grab the "is_active" value of 0 on new message? Hmm. I did notice that I'm getting 5 errors, which is one for each of the 5 cookies that get set. Storing the encryption type would be a single character, so I don't think that will impact storage that badly. You could easily store it in the "is_active" cookie, since it's only a single value anyway... 0 = inactive, > 0 relates to which encryption was used. At the same time, I don't think that's the real problem, nor is it a particularly good solution to this problem in particular. >> QuickSave Error - A salt value could not be extracted from the >> encrypted message because it's length is too short. The message >> cannot >> be decrypted. Please contact your system administrator. >> >> After clicking the OK button 5 (!) times to get rid of the message, I >> could type. If I cancel the message (to clear the quicksave cookie), >> then attempt to compose again, I get the same error box. >> >> Same problem on Firefox-1.0.7 and IE6 for PC, and Safari 2.0.1 on my >> Mac. Don't have many other browsers to test with. >> >> The error does not show up using medium, low, or no encryption. >> >> Other, possibly useful info: >> Redhat EL3, update 6. >> Apache 2.0.46-54 >> php 4.3.2 >> squirrelmail 1.4.5 >> quicksave 2.3 >> >> If you want my installed plugin list, I can provide. Could this minor >> bits be related to the newer versions of Squirrelmail? I notice that >> quicksave itself hasn't been updated for a couple years. >> > > No, very doubtful. > Didn't think so, but it was worth a shot. :) I guess, that's why the compatibility plugin is required - to make sure that it still works, no matter what version of Squirrelmail you're running. Thanks again. --JM |