darkness

I had a client mail me with a problem with their SquirrelMail installation. For the record, I think their SquirrelMail has some “view as HTML” plug-in installed, and HTML messages seem to get viewed as HTML by default; but I’ve never really confirmed that.

Anyway, the problem was in one particular message. Whenever the user clicked anything after reading the message, they were told they needed to be logged in. They’d have to go back to the login page and login again to continue using SquirrelMail. I tried to duplicate this on Mozilla, but failed. Turned out you had to use IE (IE 6 on W2K here, specifically) to recreate this. I did a few tcpdumps, and found out that somehow the key cookie was getting lost. Presumably this is necessary for SquirrelMail to consider you still in your logged-in session. A little more inspection of the tcpdump output and I saw it was requesting /squirrelmail/src/login.php, which was clearing out the cookies apparently. Further, it was redirected there because of an earlier request for /squirrelmail/src/.

I’ll go ahead and say that the message in question had a lot of broken images in it, and it generally looked like shit. It kept requesting things like /squirrelmail/src/Documents/foo.jpg for images embedded in the HTML. It turns out a few of the <img> tags had src="" in them. In IE, this requests /squirrelmail/src/ as the base URL at that time is /squirrelmail/src/some-php-file.php?.... In Mozilla, I’m guessing this requests (a) nothing, or (b) something that doesn’t end up redirecting back to login.php. As near as I can tell, src="" is legal, and should be resolved as IE was doing it. This from a reading of the HTML 4.01 DTD and RFC1808 section 4. So I’m not sure IE is really to blame here. I never took the time to find out what Mozilla was doing. (I’ll note that Mozilla 1.8 in Linux and Firefox 1.0 in W2K both failed to exhibit this SquirrelMail problem.)