Extend protection against plaintext syncs
* src/mail.cpp (Mail::decryptVerify_o): Invoke the save independet of message class and extend it to MAPI. * src/mailitem-events.cpp (WriteCancelIgnored): New event handler.
This fix is for an issue that we do not really have a tracker
ID for because it is unreliable to reproduce and as such
hard to describe. In a specific configuration which we do
not know exactly why but were able to reproduce it could
happen that after reading a mail the write back was not
properly cancled and wrote the plaintext back to the server.
In those instances we always saw the Event 0xFC99 see my comment
/* This event ID is completely undocumented, neither in Outlook Spy
nor in MSDN. I just observed that this ID was sent when we cancelled a write event but the write was still done and we would have come into the after write event. So we handle this like a close which then loses the changes and we see no AfterWrite afterwards. This is a safeguard against plaintext leak. But this event could mean something different altogether. */
But if we just prevented that then even the change to the unread
status was not synced on the server. This seems to be so baked
into MAPI and only read from the OOM Model that a save in OOM which
we previously did in decryptVerify was not enough, we needed to
change it in MAPI directly.
This has the nice side effect that changing categories and flags
on unopened mails now works reliably as we trigger a sync back of
thsese changes before we modify the mail. That way there is no
chance that these changes are discarded by our usual closing
So this at least lowers the priority again of:
- GnuPG-Bug-Id: T4127