@ -1,6 +1,7 @@
CHANGELOG RoundCube Webmail
===========================
- Fix CVE-2010-0464: Disable DNS prefetching (#1486449)
- Fix Received headers to behave better with SpamAssassin (#1486513)
- Password: Make passwords encoding consistent with core, add 'password_charset' global option (#1486473)
- Fix adding contacts SQL error on mysql (#1486459)
@ -39,6 +39,8 @@ function send_nocacheing_headers()
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: private, must-revalidate, post-check=0, pre-check=0");
header("Pragma: no-cache");
// Request browser to disable DNS prefetching (CVE-2010-0464)
header("X-DNS-Prefetch-Control: off");
// We need to set the following headers to make downloads work using IE in HTTPS mode.
if (rcube_https_check()) {
@ -41,6 +41,7 @@ if (!empty($_GET['_uid'])) {
$MESSAGE = new rcube_message(get_input_value('_uid', RCUBE_INPUT_GET));
}
send_nocacheing_headers();
// show part page
if (!empty($_GET['_frame'])) {
@ -66,8 +67,6 @@ else if ($pid = get_input_value('_part', RCUBE_INPUT_GET)) {
$browser = new rcube_browser;
// send download headers
if ($_GET['_download']) {
header("Content-Type: application/octet-stream");