SquirrelMail  
Donations
News
About
Support
Security
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties





Junk Email Filter






Security Notice
Phishing campain
Version 1.4.15
Security Upgrade

Microsoft, in its infinite wisdom, decided to mostly ignore the HTTP headers we send with the file, and instead looks at the file to determine the "correct" file type. Because of this, IE will not let you directly download Word documents, HTML attachments, and text attachments. Microsoft knows of their errors and has several Knowledge Base articles dealing with this problem.

First, upgrade to the latest Internet Explorer (as of this writing, it is IE 6). Then, if the problem still persists, right-click on the Download link and pick "Save Target As" to truly save the file instead of having it pop up in the browser.

There is nothing we can do to prevent IE from viewing the attachment. The problem multiplies itself when you use IE with SSL, making it truly an annoying problem.

This problem existed in IE 3, 4, and now it still exists in IE 5. There are no reports yet, but hopefully IE 6 will solve this problem.


2002-03-13 - [email protected]

Tried MS IE 6.0 SP1 with SM 1.2.11 over SSL, but still encounter problems. Specifically, a binary Word file is rendered as plain text. The issue has been discussed on php.net under "session_cache_limiter" and "header" functions. I believe the exact issue has been identified by Microsoft as well:

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B323308

However, I've tried all the suggested work arounds without success. These included:

1. various session_limiter_cache settings before the session_start().\n

session_cache_limiter('private');
session_cache_limiter('no-store');
session_cache_limiter('public');
session_cache_limiter('nocache');

2. various headers including:\n

header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header("Expires: 0");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache"); // HTTP/1.0

Trying to get a dump of the HTTP headers to see what's the difference between downloading a file and the script output, but that's difficult with SSL.


2002-09-06 - [email protected]

As of the most recent IE6 patch, attachments work well for my instance of SM 1.2.7 on W2K / IIS5. However, SSL downloads still DO NOT and most likely will not work. Currently looking for a workaround.


2002-09-27 - [email protected]

I got so fed up trying to make IE "save as" attachments from a secure site (HTTPS) that I made my own workaround. No variation of header would work properly with IE, so I just copy the attachments from Exchange to a temporary downloads directory on my web server. Than I create the download link directly to that temp file. IE can handle it however the hell it wants after that. I'm still trying to clean this method up a bit, and purging temp files sucks.


2003-04-26

IE will open a Microsoft Office attachment in place rather than in the native application unless you change the "Browse in Same Window" option in your File Type associations. For instructions, see MS Knowledge Base article 162059.


2003-07-31 - [email protected]

Try:\n

header("Pragma: ");
header("Cache-Control: ");	
header("Content-type: application/$type");
header("Content-Disposition: attachment; filename=$name");

Works for me! :)


2003-09-18 - [email protected]

Where did you put this change? I tried it in download.php after the DumpHeaders() calls and before mime_print_body_lines. Like this:\n

if (isset($absolute_dl) && $absolute_dl) {
    DumpHeaders($type0, $type1, $filename, 1);
} else {
    DumpHeaders($type0, $type1, $filename, 0);
}

header("Pragma: ");
header("Cache-Control: ");
header("Content-type: application/$type");
header("Content-Disposition: attachment; filename=$name");

mime_print_body_lines ($imapConnection, $passed_id, $ent_id, $encoding);

I should probably put it in the DumpHeaders() function, but I wanted to make sure they took affect for test purposes.


2006-03-13 - Paul

We had trouble with the export address book plugin (which sends a CSV file). Worked fine in Firefox but not IE (popped up dialog box saying that the page couldn't be loaded). This is over HTTPS. Eventually got this to work by changing header("Pragma: no-cache"); to header("Pragma: public"); in address_book_export.php.


15.01.2007

by razor

our squrrel (1.5.1) often gives bla-bla.msword files to users.

so making msword = doc :

squirrelmail/src/download.php

else if ($type1 == 'msword' && $type0 == 'application')

$suffix = 'doc';

© 1999-2016 by The SquirrelMail Project Team