$Cambridge: hermes/src/prayer/docs/DONE,v 1.19 2005/10/13 10:26:55 dpc22 Exp $

By 13/06/2005
=============

Release: Prayer 1.0.16

Fix silly bug when replying to multipart messages where the main message
and the text/plain subpart have different encoding (missing mail_body
call).

Add a limit_vm backstop to stop single runaway process from taking
over the system.

By 10/06/2005
=============

Release: Prayer 1.0.15 (1.0.13 and 14 internal releases only).

list screen doesn't set "current" message to middle of range. Means that
switching between various sort modes works more consistently.

Go fishing for text/plain or failing that text/html bodypart within top
level of multipart/mixed or multipart/alternate message when replying to a
message. Behaviour should now be consistent with cmd_forward and
cmd_display.

Include LDAP and local finger database lookups (latter for Cambridge use only)

Addressbook screen:
  Addressbook sort (can be set on Manage => Preferences => Display)
  Addressbook bulk removal
  Import and Export CSV (Outlook) format address screen

Spellcheck:
  Support native aspell as well as ispell, aspell in ispell compatibility mode.
  Means that Quoted text is not checked if the following is set:
      Manage => Preferences => Extra Compose =>
      Skip quoted text on spell check

By 09/08/2005
=============

Spam whitelist

Test the Referer header on login. Two independant prayer.cf options:
referer_block_invalid and referer_log_invalid

Test the Referer: header before performing a /redirect/ action in
order to protect against URL redirector abuse
  Doesn't work with "Save Target As". Remove entirely

Confirm on expunge.

Cleanup up account_message error reporting so consistent.

Fix format=flowed quoting problems.

Fix memory leak in mailbox download (2 x size of mail folder) until
next transfer or idle shutdown.

25/01/2005
==========

line_wrap_on_send preference not used by draft_init().

Fixed problems with multipart/alternate display and forwarding

06/01/2005
==========

Release: Prayer 1.0.12

Apparently "mutex" is already claimed by a system header on Solaris.

26/11/2004
==========

Release: Prayer 1.0.11

File locking on Linux (probably other operating systems) is pretty dumb
when lots of processes are trying to lock a single file for serialisation:
all of the processes are woken each time that the file is unlocked. Most of
the process will simply loop inside the kernel and attempt to lock
again. Presumably this approach makes nonblocking locks and EINTR easier to
do, but it does mean that you can get occasional load average spikes.  Add
MUTEX_SEMAPHORE to implement System V semaphore based lock, which does not
have this problem in Linux. Warning: System V semaphores are a finite
resource, and they are not released automatically. See: prayer-sem-prune.

Quotas now reported in MBytes rather than KBytes.

Add download links for text/html and text/plain attachments

Fix bug with body->type TYPEMESSAGE: c-client API very poorly documented :(

Strip out common HTML entity encodings that might be used in HREFs
with text/html attachments.

Fix mydb_db3.c to work with DB4.

Integrate into Tony's funky packaging system for Hermes and PPSW.

Add interface to automatic spam folder pruning utility that I wrote for
Cyrus (controlled through special Sieve files).

Fix uploads where mailboxes contain NUL characters (translate to space?)

Assorted minor bugfixes

22/04/2004
==========

Release: Prayer 1.0.10

Fix nasty /redirect bug that I managed to introduce by switching from
url_encode to canon_encode to work around bug in Opera. Missing a
url_encode: infinite loop from dumb UAs :(. Otherwise identical to 1.0.9.

21/04/2004
==========

Release: Prayer 1.0.9

Few minor bug fixes, covered in CVS history.

30/03/2004
==========

Prayer oddity with lots of disp_delete actions (not Cyrus specific?)
  Not reproducible.

cmd_spam:
  Invalid test on empty list for directory list when deciding whether
  spam folder exists.

Message dated 24 Sep 2003:
  I use pine with remote settings stored on hermes. If I postpone a message
  from pine and then send it subsequently from webmail it gets copied to a
  new folder: "mail/{imap.hermes.cam.ac.uk/user=jdb1003/tls}mail/sent-mail"

"Status: Browser history disabled as unsafe: use Webmail navigation icons
and links" appearing erratically?
 FIXED: typo in session sequence number encoding.

29/03/2004
==========

list_insert_sorted broken? No tail updates.
  Looks fine to me: not sure how I came to this conclusion.

Handle In-Reply-To: and Received: headers correctly when replying to a
message, for interoperability with threaded MUAs. (RFC 2822 sect. 3.6.4)

26/03/2004
==========

Opera 7.23: daft things with '/' quoting.

Timeout on sieve screen.

Better/more consistent address checking.  Typo caused abook lookup failures
when we tried to install this in October 2003.

Preserve System abd User flags when uploading/downloading mail folders

Remove SIGCHLD handler in prayer-session: this was confusing waitpid()
on FreeBSD and Solaris.

Assorted fixes for clean compilation under SuSE.

Assorted small fixes (typos etc) which will be recorded in CVS history.

14/07/2003
==========

:days option on vacation screen for Sieve vacation.

29/05/2003
==========

Release: Prayer 1.0.8

The only really significant change from 1.0.7 is support for spam filtering
based on X-Cam-SpamScore headers and support for a sieve backend for mail
filtering, currently undocumented. This will be of limited use to anyone
who isn't us.

Small bugfix:
  Added "SSL_INCLUDE= -I/usr/kerberos/include" to work around rather
  peculiar header dependancy in Redhat 9. We don't actually link against
  any Kerboros libary.

Think that's everything significant of late. Afraid that the detailed
comments are going into our (private) CVS repository these days.

12/05/2003
==========

Switch to using SSL_CTX_use_certificate_file(): appears to give us
certificate chain support without complications?

Initial (and very rough!) Sieve support for testing purposes.

CVS
===

Fed Prayer through: indent -kr --no-tabs before checking into CVS.

16/04/2003
==========

Fixed ctype.h.

Incorporate session_banner_path patch from Clive McDowell.

Fixed 2002 --> 2003 on recent timestamps in this file (I'm just so
observant)

07/04/2003
==========

Release: Prayer 1.0.7

Additional Configuration options:
  msgs_per_page_max.  msgs_per_page_min.
  abook_per_page_max. abook_per_page_min

  Need to add to master cf file.

05/04/2003
==========

Fix session_server() ping interval logic.

28/03/2003
==========

Added message download link for Message/RFC822 sections.

27/03/2003
==========

MHT nonsense.
  Fixed: Message/822 shouldn't be encoded as BASE64 or QUOTED

Fixed abook_list boundary condition when current entry is last on page.
(Same fix that we had to apply to cmd_list long time back: sigh).

Attachment download/display esp: IE6
  - Better use of Content-Disposition: inline
  - Use '.' in filenames: quoting arrangments changed.

26/03/2003
==========

Slow process leak in iostream_getchar()
   Looks like SSL_read can block even after SELECT
   - need proper timeout here somehow.
   - need to use non blocking I/O method: will need some testing.

  - Fixed (I hope!) by putting underlying socket into non blocking mode
    and more careful use of select/retry and error testing around ssl_read.

  - Cleaned up code in process. Nee

Make sure cmd_restart robust e.g: browser buttons.
  - Seems to be reasonably robust, though hard to trap error conditions
    on every ml_ call reliably.

Delete open folder
  => close, bounce to inbox if required

IP address off by one error:
  I also tried a different IP address and it acts the same way, i.e., i
  had to specify 193.160.13.2:80 to make it use 192.160.13.2:80.
    - Looks like SCO/Unixware bug: no success duplicating this.

Additional Configuration options:
  msgs_per_page_max.  msgs_per_page_min.
  abook_per_page_max. abook_per_page_min

Missing /usr/lib/sendmail ==> mail dropped.

24/03/2003
==========

Manage with single "\n" in .forward file => splat. End up with a
    redirect
      address <nothing>

Fixed at accountd end, but also made an effort to catch invalid cases at
accountd client side.

Spelling correction should use <em> rather than <b>
  - Disagree: <b> clearer, at least when defined.

13/02/2003
==========

Typo: "MSshell :: subject" --> "MSshell :: redirect"

06/02/2003
==========

Fixed config->prayer_user expansion.

fatal() shouldn't dump core if root.

31/01/2003
==========

Release: Prayer 1.0.6

27/01/2003
==========

Add initial support for getpwnam(), getspnam() for accountd authentication.

Use c-client address parsing code to split pattern into localpart & domain
components.

24/01/2003
==========

Apply sanity checks to email dialogue on filter screen:
  either simple name which matches Hermes account name or legit email address

21/01/2003
==========

Fix mydb_db3.c to work with DB 4.1

Disable gzip for Opera attachment download.

session cookies:
  No expiry date => disappear when browser closed down.

Quote username in argv:
  Just want to stop Prayer interpretuing funny usernames e.g: fred@xxx
  Simple string_url_decode in prayer_server.c, session_exchange.c

03/12/2002
==========

Remove "Feel free to send more messages" text from vacation messages.

18/11/2002
==========

Release: Prayer 1.0.5

11/11/2002
==========

Better handling of quota errors
 (UW server may generate list of quota warnings followed by "OK" response,
  even though operation has failed. Even worse c-client quietly ignores the
  warnings and takes the final OK as definitive).

cmd_abook_list: Fix "Added 1 addresses to draft"

06/11/2002
==========

Fixed inconsistent DB_RECOVER stuff.
  - transcient nature of data means
    Best to run without recover, remove Dbase on startup

Add allow_changing_from config option.

Catch (session->upload_file == NIL) in cmd_upload_xfer
  (People playing silly buggers with browser history).


30/10/2002
==========

Small amount of juggling to get rpmbuild working correctly on Redhat 8.0a

Release: Prayer 1.0.4

28/10/2002
==========

Berkeley db libraries still leaking 12 Mbytes on DB create:
  close, reopen should fix the problem.

Add DB_RECOVER mode to mydb startup at first attempt.

Remove invalid NIL argument to log_panic() call in mm_fatal()

22/10/2002
==========

Missing argument in cmd_expunge reporting message count

socket_split_spool
  - '.' was a bad choice of character in session sequence ID:
    mkdir('.') anyone? Switch to + which should be safe.

  - DONE

15/10/2002
==========

Appear to have a good stable version

Release: Prayer 1.0.3

09/10/2002
==========

socket_split_dir as safe guard
  (64 way split on sockets directory based on first character of sessionID)
  DONE, including backwards and forwards compatibility

08/10/2002
==========

Reverse alarm(0) and os_signal_alarm_clear() in ssl.c: tiny race condition.

Refresh doesn't do "New mail" correctly.
  - msgmap_check() should have been msgmap_update() to get accurate count
    immediately.
  - Added safety check so that folder onto gets checkpointed once every
    5 seconds.


07/10/2002
==========

Nasty SSL_accept bug
  - Appears to have actually been problem with deadlock inside SSL
    session cache. Side effect of ssl_prune job hanging? 

/robots.txt
  - DONE

Links in message should use: /redirect to avoid Referrer attack.
  -DONE

http_max_servers spin: sleep(0) is NOOP. Replace with sleep(1).
 - DONE.
 
06/10/2002
==========

Added login_prefix_path and login_suffix_path.
  - DONE (still need to verify output pages)

Added support for /static/ URLS and .css files, just in case we need them
  - DONE

Spell check:
  Fixed at least one, possible two bugs in interaction between spell
  checker and browser history. Safest to bail out if we see people playing
  silly buggers with browser history there: very stateful.
  - DONE

Fix /icons - /opts lost!
  - DONE

Fix /icons and /static namespace.
  - DONE

30/09/2002
==========

msgmap_find_deleted():
  Fix zm_offset initialisation if zm changed size

23/09/2002
==========

SESSION_CACHE_ENABLE
  - managed to break this when upgrading to latest Cyrus session cache.

06/09/2002
==========

Release: 1.0.2

05/09/2002
==========

Fix off by one bug in cmd_abook_list form processing.

cmd_reply2: do stream_check_uid to stop out of range effects.

16/08/2002
==========

Release: 1.0.1

15/08/2002
==========

Fix bug handling empty prefs esp: maildir

13/08/2002
==========

Add vacation aliases list
  - DONE

Check password changing via accountd
  - Need way of skipping "Warning: " text from passwd program
     e.g: 8 character passwords.
     Added "warning" clause. Need to test quietly.
  - Test.

Remove stray upload tmp files.
  - DONE

Need to integrate latest session cache into prayer
  - DONE

Port back iostream changes...
  - DONE

Abook list is missing first entry in each range. Doh!
  - DONE
  - Added # numbers to code and documentation.

http:// links: Remove final '.' from link.
  - Fixed

Source link in RPM incorrect!
  - FIXED

06/08/2002
==========

Released code had 3 x fprintf(stderr) left installed for debugging.
Silly boy!

29/07/2002
==========

Made hash function used by assoc keys a bit better distributed.

23/07/2002
==========

Release: Prayer v1.0

Set up RPM build environment:
  "make RPM_BUILD=true" sets up build parameters using Config-RPM.
  prayer.spec file written.

Make sure that account has a default configuration file.

22/07/2002
==========

Couple of minor tidyups inspired by Tony looking at FreeBSD install

21/07/2002
==========

Check documentation briefly.

Only initialise SSL subsystem if HTTPS ports defined

Add Copyright line/disclaimer to all source files ready for source release.
  (making sure that the session cache stuff is correctly attributed).

local_domain_list problems when prayer_session running --foreground for
debugging purposes: Problem was that session_free() was calling
config_free() when it didn't own the config => config go bye-bye
  - FIXED

Catch message number out of range on postponed message list screen
(combination of browser history + Outlook silly caching behaviour meant
that it is possible to end up on invalid postponed msg list).
  - DONE

19/07/2002
==========

Bug:
  Select unseen, read/delete, then expunge when still in the subset 
  returned from the search.
    Mailbox access error: mail/IN/incidents
    Status: Lost connection to IMAP server (possible concurrent access?)

  FIXED: Needed to integrate msgmap_recalculate() into msgmap_update()
  as expunge events can change number of marked messages
    => must force full recalculation of sorted and subset ranges.

Make http://... in body of mail a 'clickable' link:
  Should be possible to subvert line wrap system

Download <-> Show full headers.

Fixed "<html>" markup bug in cmd_prefs.

prefs->html_inline_auto set
  => Display docs starting <DOCTYPE inline

Apply "Back to Options Screen" consistently.
  - DONE

17/07/2002
==========

Fixed markup bugs on transfer, favourite and upload_select screens.
  - DONE

Reverse sort:
  cmd_display(): delete --> move to "previous" message rather than "next".
    DONE

cmd_display(): 'Copy' should move to "next" message like delete
  - DONE

24/06/2002
==========

Remove trailing \012 from request->request. These started to appear when I
fixed a bug parsing the method lines (it was translating CRLF to LF on the
quiet). Bug fix was causing CR characters to turn up in log files.

No longer log invalid requests in accesslog
  - silly idea as unparsed requests were already reported in prayer log
    and parsed request contains little useful content.
  
22/06/2002
==========

Added bounds check to chunked transfer encoding. (Prayer isn't vulnerable
to the buffer overrun exploits seen in Apache < 1.3.26, but it wasn't
counting bytes correctly, which could lead to a denial of service attack)

Removed a few redundant config parameters from request_* methods.

Fixed (safe but slightly confusing) overloaded use of request->body_size
by introducing request->chunked_body_size and friends.

21/06/2002
==========

Verify install works okay on Redhat Linux (using Redhat RPMs + own install
for c-client), FreeBSD and Solaris.

20/06/2002
==========

Tidied up include files for clean install. Make sure that accountd compiles
cleanly on Redhat Linux, FreeBSD and Solaris. (Interaction with the Linux
/usr/bin/passwd is still proving temperamental).

19/06/2002
==========

Added is_netscape4 clause into user_agent (+prefs +config)
  - enables broken HTML to keep Netscape 4 happy.
    (border=0 in image submit clauses, wrap="virtual" in <TEXTAREA>s)

18/06/2002
==========

Accountd:
  Added simple scripting language to try and make it more general.
  Added (currently optional) second argument to fullname command
    - fullname NewName          OR
    - fullname password NewName

  So that we can quitely migrate to the second form.

16/06/2002
==========

Replaced atoi(assoc_lookup(request->form, "page")) in:
  cmd_abook_list(), cmd_aggregate.c() cmd_aggregate_tmp()
  - possible to end up with atoi(NIL) --> bang with invalid form input

15/06/2002
==========

Fixed silly HTML markup bugs on cmd_dictinary and cmd_roles_list screens.

Check whether speller checker actually active in cmd_spell. Also check for
active draft message => can spot people playing silly buggers with the
browser back button.

Added line wrap on spell:
  config->line_wrap_on_spell
  prefs->line_wrap_on_spell
  + option on preferences screen (page revalidated at w3c).

Move manual line wrap preference down a bit for Stella.

Check line_wrap_on_reply + line_wrap_on_send defaults: was bug in the code.
Looks okay: may have a few redundant "line_wrap_on_reply: true" and
"line_wrap_on_send: true" lines appears in user .prayer files, but not
the end of the world.

Flush preferences on the cmd_abook_list() screen

Need to add line_wrap_on_spell to all cf files.

12/06/2002
==========

Fixed silly "No messages to expunge" counting bug which followed from
zm changes yesterday.

Added a couple of msgmap_update() calls to make sure that cmd_expunge()
has correct msgmap before and after ml_expunge.

11/06/2002
==========

Fixed silly crash bug caused by async notification of new mail by mail_sort
  - fixed all instances of stream->nmsgs which should be zm->nmsgs

09/06/2002
==========

Testing against proxy server:
  Translate silly error message from imap_login() back into English inside
  ml_open(). Rationalised session_server() and session_login() a little bit
  to remove duplicate error reporting.

Select last message in msgmap as session->current when changing folder:
  This way things work properly with sort orders != ARRIVAL

08/06/2002
==========

Expunge on empty folder => bang.
  - Silly bug caused by new msgmap_find_undeleted() stuff

cmd_copy_msg: didn't check session->other_stream live before ping
  - Factor out code to session_streams.c, rationalise + checked all.

Move session_save_options and session_close_streams to session_streams
for consistency & to put all stream unpleasantness in single place.

cmd_compose():
  Failed to check that session->draft_stream still valid when postponed
  message selected (concievable that it had timed out).

04/06/2002
==========

Fixed silly If-Modified-Since crash bug.
  (Amazed nothing triggered this up to now)

Put Delete links back onto list pages
  (removes need for nested tables => Lynx works better)

02/06/2002
==========

Cleaned up build process and documentation of build process a bit.

Updated default prayer.cf to match prayer-debug.cf

Cleaned out some of the old icons.

prayer_main:
  Close STDIN, STDOUT and STDERR if we are running in the background
  Means that we can shut down controlling terminal without any messing around

01/06/2002
==========

Check new expunge <-> sort interaction.
  - Think that its right, need to clean up in harsh light of day.

Sorting => bang?
  - msgmap out of sync with stream somehow
  - next page calculation wasn't correct in cmd_list: contrib factor?

ml_elt vs mail_elt?
  Both should generate core dumps!
  macro: ml_elt --> mail_elt for time being

29/05/2002
==========

Catch msgno out of range in cmd_reply

Bugs:
  If you forward an email to an invalid address (e.g. 'mark victory') you get 
  the expected error message. If you then go to Mailbox, open the message and 
  try to forward it again then the error reappears *before* the usual compose 
  window (i.e. before you can enter a valid address)

  FIXED (give sensible error message and bounce back to compose screen)

28/05/2002
=========

Sorting => bang?
  - Not repeatable
     => either uninitialised variable or off by one error

  - _believed_ fixed:

      if ((stream->nmsgs != z->nmsgs) || (stream->uid_last == z->uid_last))
        z->valid = NIL;

    changed to be:

      if ((stream->nmsgs != z->nmsgs) || (stream->uid_last != z->uid_last))
        z->valid = NIL;

Puzzled why this wasn't caught up to now...

27/05/2002
=========

Filter bug:
  Need to test fix, retrofit space into MSshell filter expansion.
  Use foranyaddress in recip stuff?
     - DONE

Fixed free on unassigned "value" in filter_test_addr()

session_streams_change()
  --> bang if other_stream timed out.

cmd_change():
  badly nested parenthasise --> logic bug

Delete Marked messages with no marked messages
  => silly uncaught exception

Character sets.
  - Have a brief think about just what is involved.

accountd hangs occasionally when changing password?
  - add alarm timeout into code. DONE: Test.
  - Try to work out why its hanging!

23/05/2002
=========

Possible bug with attachments and MSIE
  need to disable HTTP/1.1 and persist again
  Actual problem was with gzip encoding in response_raw
    - silly mistake involving headers.

Reverted to using lower case in MIME multipart headers
  - upper case just looked ghastly.

22/05/2002
==========

Fixed session_message format bug in cmd_forward1.c

20/05/2002
==========

prayer-ssl-prune
  - Shouldn't need to worry about hostname stuff.

18/05/2002
==========

Removed indentation for threading modes: appears to be broken.

Fixed help text macros. Added __STATUS_NONE__.

Strange attachment bugs?
  - Display top level message/RFC822 fails
      - Fixed: need to rationalise, test structure
  - Forward MIME torture test breaks loses a few parts of msg.
  - Mulberry doesn't always interpret messages sent by Prayer correctly?
      - Check RFCs, follow PINE MIME structure precisely?
  - Believe that all of these are fixed now. Need to check.
      - Appeared to do the trick!

Check html_secure stuff: code is close, but not quite there: DONE
  - thought: replace illegal targets with <cleaned_tag> like IMP: DONE
  - Need Referrer trap: DONE

15/05/2002
==========

Postponed folder doesn't appear, disappear correctly any more?
  - FIXED

Download message ==> display.

11/05/2002
==========

Fixed page offsets in abook listing

05/05/2002
==========

gzip compression: flush buffer in pages...
  - DONE

Implement ETag (could be reason that some UserAgents refetch)
  - What does Apache do?
  - Answer: combines mtime, size and file inode
  - we now to same (using decimal rather than hex because I'm lazy).


03/05/2002
==========

Allow folded lines in config file:
  Use string_get_lws_line, then check for CRLF sequences, escaped by \

Fixed abook_list/role_list bugs
  - & should be &amp; in prefiled GET form

hmtl_quote was converting ' ' to '&nbsp;'. Yuck!

Some browsers sending character 0xa0 instead of ASCII space 
  - &nbsp; in ISO-8859-1
  - draft_update_body quitely translates back now...

Need abook_entries per page preference.

01/05/2002
==========

Addressbook:
  Split into pages
  Abook search <--> Compose link

21/04/2002
==========

Added HTML checkboxes as option on list screen:
  Added use_mark_persist option to control this behaviour.

Rename outdated procedures: global search and replace.
  zoommap                --> msgmap 
  buffer_puts_quote_html --> html_quote_string

Push all ->spare and ->spare2 references into msgmap.c

Checkboxes on abook screen?

20/04/2002
==========

Enable gzip encoding selectively:
  Check for Accept-Context-Encoding: gzip or x-gzip header headers.
  Add user-agent field for gzip
  gzip_write in blocks (need block access mechanism)
  Enable gzip for certain IP ranges only, sepcifically

  gzip_enable  = "131.111.99.0/24"
  gzip_disable = "131.111.0.0/16 : + friends "

Reverse lookup on client IP address (for local IP ranges only?)

Need some routines to compare ipaddr to strings.

Fix themes/colours.

Added interface to use_http[s]_port

19/04/2002
==========

Line wrap:
  Discard short lines stuff
  "  " at start of line ==> new paragraph.

Warn if _non-empty_ draft active on exit

15/04/2002
==========

Content-Encoding: gzip.

14/04/2002
==========

Cleanup up zoommap code.
  - propose: sort/thread all messages, _then_ apply zoom.
     => intermediate step not invalidated by search/mark operations
         - should be more efficient.

Zoomap:
  SORT/THREAD all, _then_ subset marked surely more efficient + simpler

Address Book Take:
  find existing alias.

Delete postponed_folder on exit if empty, active.

Reply, Postpone, Resume doesn't record which message we are replying
to => answered flag set incorrectly.

Related:
  If we reply to a message and then change session->folder, answered flag
  will be set on wrong message
    - need to record current folder, open special stream if != current

accesslog: session record frontend process involved
  - done. A little involved because of log structure

Accountd:
  Partition out SSL better!

13/04/2002
==========

Add thread mode
  DONE.

12/04/2002
==========

Filters broken a little: need to remove '^.*', '.*$' and or add '(?s)' as
appropriate.

07/04/2002
==========

Have a brief go at history mechanism for back button
  - don't think that its actually all that involved.
  - need to record active mail folder. What else?

Move postponed stuff to draft.c

Check for postponed_name which should be draft_foldername...

Move session stream manipulation stuff to own file (session_streams.o?)

06/04/2002
==========

Add From address to role (matches IMP).
  - easy little task.

Better handling of postponed-msgs STREAM:
  - need to be first class object rather than have
    other_stream fight for possesion of stream

Add "Resume draft" link on msg display for postponed-msgs
  (+ link from postponed list to show folder as full list)

05/04/2002
==========

BUG: Empty cdb lookup not handled correctly in abook_substitute_recuse
  - Fixed

04/04/2002
==========

Send messages as format=flowed. Not handling incoming messages as
format=flowed yet: fixed width seems better for our purposes.

Analysise login procedure: why so long?
  - Save options bugs certainly wasn't helping us...
  - Some work with Netscape indicates that login time actually not
    very long. Most likely problem is people hitting login button twice.
  
29/03/2002
==========

Make prefs->sent_mail_folder and prefs->postponed_folder relative to
prefs->maildir (motivation: want Fcc: line in postponed messages to be
compatible with Pine which appears to do this).

Roles state lost if you move back and forwards 
  webmail1 <--> webmail2?
  Yes: quite likely give 4 file vs 5 field stuff.
  Switched so that first four columns match => compatible
  (though Fcc information will be lost if we have to backtrack).

Need to spot
  mail/postponed-msgs
  mail/sent-mail
  in prefs file and cmd_prefs. 

Need a final decision on Line Wrap nonsense: get it over with!
  - DONE (I hope!)

Simpler abook format please!
  - Use tab separator and linear whitespace? (encode TAB, nothing else)
  - Provide backwards compatibility with existing format.
  - Already in place!

Draft management
  Store attachments in files rather than memory?
  - DON'T bother!

28/07/2002
==========

Disable MSIE compatibity for Opera in response_raw()

Attach 0 length file --> boom!
  - consequence of string_url_decode for Macs...

27/03/2002
==========

Put up on webmail2.hermes and test w, without optimisations.
  - Whats going on with these erratic SSL errors!
    Self signed certificates or something more sinister going on?
    Possible uninitased variable in iostream/SSL stuff
  - looks like Netscape 4.X (X > 0) has problems with session cache stuff?

  - Appears to have been following:
    SSL_CTX_set_options(server_ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);

25/03/2002
==========

tjc34 reports:
  I don't get any error messages at all - it just appears switched back
  on again if you go back and look after switching it off.
  Ask her to check: DONE, has been fixed.

Help text macro bugs
  - FIXED

Need sanity check on Fcc field in Roles, Compose Fcc.
  - DONE

Personal Dictionary:
  Back to Options screen
   - Fixed (need to append help text)


24/03/2002
==========

Filter bug
  - FIXED (missing QMETA).
  - Check MSshell stuff: appears to be different.

Glorious memory leak in prayer frontend server (leaks into shared)
  SSL session cache: CREATE leaks 12 MBytes, first time only!
   - FIXED (close reopen dbenv after create...)


23/03/2002
==========

Added Fcc header + Fcc element to role.

Add Fcc header and case insensitive sort for dirlist
  - DONE

22/03/2002
==========

Catch attempts to import invalid abook formats.

Check Ports: Solaris. FreeBSD.

21/03/2002
==========

Core dumps from SSL_write
  - SIGPIPE: IGNORE ==> write() will fail.

Windows Netscape <-> SSL problems.

string_url_decode() attachment names

Colourise messages: different quoting levels.
  - DONE (4 levels defined in theme)

Line wrap options
  - DONE

Clean up abook lookup stuff?
  - Not quite as bad as first look
  - Actually duplication is simply so that error reporting correct:
    reports correct address causing loop. Leave it be!


19/03/2002
==========

Help text:
  Replace toolbar with link back to parent screen : DONE
  Need common link to explain master toolbar

IE6 downloads all the icons on each page refresh event.
  - why? Thought: memory cache disabled on shared workstation?

Redirect screen broken?
  Empty email address => 
    Redirection Address must be single, simple and fully qualified
    email address

  tjc34 reports:
    I don't get any error messages at all - it just appears switched back
    on again if you go back and look after switching it off.

Need theme selection on Prefs screen.

Need some more themes
  - Expand list.

14/03/2002
==========

Need ssl_prune routine.

11/03/2002
==========

download <-> back button broken:
  switch to download to local disk.

Preserve MIME type on file upload?
  - Happens already.

Upper bound on total memory use: DONE

Check for file descriptor/memory leaks

Factor out common code into library
 => easier to replace prayer-session without replacing prayer.
 - INSTEAD: separate version numbers for prayer and prayer-session
    => bumping version numbers doesn't change code.
       can run diff on Prayer to see if needs changing
       Still need separate prayer-session init script!

Rationalise config files:
  Make sure everything enabled properly.

07/03/2002
==========

Catch SIGPIPE ==> core dump  (+ other signals?)
  ==> should help us in tracking.

Download bug: (Netscape specific?)
  Redisplay --> display screen
  Propose: Download should download to local harddisk
  Fixed

Some kind of crash bug which does not cause core dumps involving
attachments? Gives no data in document error (probably just a consequence
of crash).
  - May be Netscape 4.7 on Windows
  - May relate to strange attachment names?

 Problem was sendmail/exim considering single '.' on line to be EOF:
 dropping connections before attachment sent => EPIPE
 (and this rather more common with attahments present because of QP
  encoding of text segment).

Attachments:
  Some crash problem specific to Mac

Assorted restart bugs?
  - believe existing bugs fixed

Crash bug involving attachment upload (lost core dumps? Silly bugger).
  - may be related to above?

05/03/2002
==========

SSL certificate cache.
  Need some way of sharing state between processes? Have a look at just
  what Apache mod_ssl does. Conceivable that we need a multithreaded prayer
  frontend process which works a bit like stunnel.

Themes.
  - Try white/gray (#FFFFFF, #EEEEEE) mix if nothing else!
  - Add to add option.

Jon noticed:
  I've just noticed that, when I'm looking at the last message in a folder,
  the text toolbar reads (for me at least):

  Previous | Previous | Copy | Delete | Mark | Reply | Forward


"Error: Checksum mismatch: manually manually .forward file?

list: limit of 42 messages

quota problems on Send ==> leave on compose screen.
  DONE: !!!TEST!!!

Timeout on compose screen should be two hours.

iostream:
  Need to protect read/write clause against EINTR better: DONE in prayer
  Need alarm() based signal for write path?
    Does write() ever block on output?
       - timeout in OS?

31/01/2002
==========

Force user name to lower case (possible this should be config option?)

Check whether Apache optimises socket layer.
  - Borrowed obvious options, need some side by side comparisons.

Sanity check preferences file to catch malicious users.

29/01/2002
==========

Reply to all doesn't handle To and Cc list properly!
  Also stray comma on display...

cmd_reply from zoomed list, then cancel => return to wrong message
  - Problem was incorrect range test in cmd_display, now fixed.

Working on correct display for single part msg != TEXTTEXT

25/01/2002
==========

Fixed a number of small bugs:
  . Reply to All where To addr contained a Hidden; group bombed because
    of strcmp on addr->mailbox && addr->host without validity test

  . Core dump if session_idle() after cmd_restart()

  . Core dump if browser back button used when session idle
     (was failing to call session_check_streams() in time).

21/01/2002
==========

Check MSIE: caching for downloads required?
  (As part of put up on plum, then maroon tomorrow)
  - Answer, yes it does (dopey program!)

Tested with MSIE: _appears_ to be working fine now...

Fixed up various session_messages and session_logs
  - run diffs carefully, then install as 0.9.3!

Folders screens cleaned up:
  Fixed width of various fields to stop things wandering around
  Added &nbsp; as placeholders where needed.

20/01/2002
==========

Catch /etc and ~/ escape sequences in maildir, sent-mail and postponed-msgs
  - Dialogues, preferences and prefs files.

Added session parameter to options_parse and subsiduaries for logging

Record target IMAP machine in User login line (optional), useful for
debugging?

Need to catch delete failures.
  - was doing this correctly in 1/2 cases.

prayer.rpt:
  Couple of minor markup/comment bugs

Pound signs.
  - Missing ';' from '&#xxx;". Sigh!

MSIE "application/octet-stream" downloads.
  - Fixed by looking at what SquirrelMail does
  - Short answer is to use Content-Disposition; inline; filename=whatever
  - Still unsure whether IE needs caching switched on

Strip leading path from attachment uploads and downloads:
  present last part only (whether "/" or "\" characters used).

Clear session->dircache if supress_dotfiles triggered!

Move HTML for welcome page out to welcome_path
  - Provided __TIMEOUT__ and __CONTACT__ macros

Report correct message count for mark/aggregate and unmark/aggregate

Fixed supress_dotfiles in master toolbar change dialogue

Use config->login_service_name when generating cmd_abook_xfer screen. 

15/01/2002
==========

Cleanup up release version.

Empty list screen => Still need refresh button
  - have simple version!

Change to inbox => select first unread message.

14/01/2002
==========

Test import/export: Need functional accountd.

Record user_interface level in prefs => can transfer back and forth.
  - just steal code back from 0.8.6!

13/01/2002
==========

Address Book Take: suggest subscreen off message display.
  - DONE

Import/Export Addressbook <-> Hermes .addressbook file.
  - DONE: Still need to test this!

Check XXX comments.
  - DONE. Small number still to be dealt with.

11/01/2002
==========

Prefs etc no longer saved properly.
  - Add save call to start of cmd_list, cmd_display, cmd_compose?
    Should be able to reuse existing code.

Possible to factor our common code from various folder list displays?
  - Looks like it will involve more work than it saves.

Clean up cmd_list and cmd_compose:
  Split out functionalilty into subsiduary modules.

10/01/2002
==========

Remove user_level stuff. Disable help screens. Check cmd_welcome.

Clean up empty screens.

Rename:
  cmd_save      --> cmd_copy
  cmd_save_msg  --> cmd_copy_msg

Clear out redundant icons.

Split html_banner_toolbar into component functions rather than overloading
single function with hacks.

Front page:
  Discourage non-SSL logins.
  Put text only vs text and icons links dialogue on front page?