Bug 246955

Version:           2.0-git (using KDE 4.4.5) 
OS:                Linux

If a basket contains Link-type notes and then it is password-protected, only part of the contents of that basket is encrypted. All notes that come after the Link-type note silently fail to be encrypted. The user still believes that the basket is protected, when in fact part of it is exposed and readable in plain-text in their home in ~/.kde/share/apps/basket/baskets/.

I'm setting this bug severity to major because users may store sensitive information in password-protected baskets while Basket fails to encrypt such information, and no proper feedback is given to the user.

This bug is observed and confirmed in the 2.0beta package that comes with current Ubuntu LTS 10.04 (Lucid). I cannot test if this bug is present in the current git version due to lack of some cmake files for gpgme. Please check the steps below and confirm if it is still present.

Reproducible: Always

Steps to Reproduce:
1. Create a new basket.
2. Create two text notes in that basket.
3. Create a link note below the previous two notes.
4. Create two more text notes below the link note.
5. Password-protect this basket.
6. Go to ~/.kde/share/apps/basket/baskets, find the directory of the newly-created basket and inspect the contents.

Actual Results:  
There are 4 .html files in the directory, only the first two are encrypted.

Expected Results:  
All files in the basket directory should be encrypted.

Basic security principle: If the application is unable to properly perform to some security-sensitive procedure, it is better to fail hard and loudly than to ignore the error and let the user believe that the procedure was successful.