Commit Graph

236 Commits (master)

Author SHA1 Message Date
Aleksander Machniak 8344f07d7f Fix CSRF bypass that could be used to log out an authenticated user (#7302) 5 years ago
Aleksander Machniak b8555ce4f3 Fix so 401 error is returned only on failed logon requests (#7010) 5 years ago
Aleksander Machniak 9f1d185c44 Master is 1.5-git now 5 years ago
Aleksander Machniak f1a83f923d Added cookie mismatch detection, display an error message informing the user to clear cookies 6 years ago
Aleksander Machniak 57c67db029 Remove year(s) from copyright headers + some cleanup 6 years ago
Aleksander Machniak 11216a1925 Changed 'password_charset' default to 'UTF-8' (#6522) 6 years ago
Aleksander Machniak 186f21c4c1 Avoid Referer leaking by using Referrer-Policy:same-origin header (#6385)
Added 'common_headers' hook
6 years ago
Aleksander Machniak f1ee6d7906 Plugin API: Add possibility to specify HTTP return code via 'unauthenticated' hook 6 years ago
Aleksander Machniak e4ccc2bb48 Update copyright year in few places 7 years ago
Aleksander Machniak fb2f213d6f Add id attribute to the installer warning 7 years ago
Aleksander Machniak 2cb9de358b Return "401 Unauthorized" status when login fails (#5663) 8 years ago
Aleksander Machniak e51fa197bb Remove unused variable 8 years ago
Aleksander Machniak 5101cfc67a Bump version to 1.4-git 8 years ago
Thomas Bruederli f78e2a4367 Add 1.3-beta milestone + update copyright year 8 years ago
Aleksander Machniak ad9a55f8cb Support hostname and hostname:port in force_https option (#5511) 8 years ago
Aleksander Machniak 24b4ca52cf Fix so "Action disabled" error uses more appropriate 404 code (#5440) 8 years ago
Aleksander Machniak b77efcd104 Fix typo 9 years ago
Aleksander Machniak 85082c88c7 CS fixes 9 years ago
Aleksander Machniak 9634169647 Bump version number to 1.3-beta 9 years ago
Aleksander Machniak a15d877ba8 Added brute-force attack prevention via login rate limit (#1490566) 9 years ago
Aleksander Machniak 1b39d9a6c7 PHP7: Fixed some E_WARNING errors that previously were E_STRICT 9 years ago
Aleksander Machniak 4b72a1f498 Fix error when using back button after sending an email (#1490009) 9 years ago
Aleksander Machniak a958748947 CS fixes 10 years ago
Aleksander Machniak 3779b67a9c Set version number to 1.2-git 10 years ago
Thomas Bruederli 2f8b1036da Bump version and copyright year 10 years ago
Aleksander Machniak 681ba6fc3c Improve system security by using optional special URL with security token
Allows to define separate server/path for image/js/css files
Fix bugs where CSRF attacks were still possible on some requests
10 years ago
Thomas Bruederli c45507e317 Fix login error message display broken in b51de327 10 years ago
Thomas Bruederli b51de3279f Display custom error messages from plugins hooks (as documented in the API spec) 10 years ago
Thomas Bruederli a873d934f5 Give precedence to plugin.* actions over custom tasks registered by plugins 10 years ago
Aleksander Machniak d01f9fc7f5 Add option (disabled_actions) to disable UI elements/actions (#1489638) 10 years ago
Thomas Bruederli 7e7e451b66 Warn for unsent/unsaved message when closing compose window; remove localStorage copy if page was left intentionally but not on session errors (#1489818) 11 years ago
Aleksander Machniak d19a9b35cc Remove obsolete code that disables session check on 'send' action 11 years ago
Aleksander Machniak ba5c53e5c3 Send X-UA-Compatible as HTTP header instead of meta tag 11 years ago
Aleksander Machniak b360f707e8 Small code improvement 11 years ago
Aleksander Machniak 65f59fa3c6 Bump version number to 1.1-git 11 years ago
Aleksander Machniak 8d3d5b42b7 Prevent from "Call to undefined method rcmail_output_json::add_footer()" error 11 years ago
Aleksander Machniak 0301d9347f CS fixes 11 years ago
Thomas Bruederli 85e60ada15 First version of the local storage compose data saving feature; some behavioral improvements and encrytion are still to be added 11 years ago
Thomas Bruederli b461a2d72e Send last fetch time with 'refresh' requests and allow plugins to alter query parameters of http requests 11 years ago
Aleksander Machniak 060467df9d Log also failed logins to userlogins log 11 years ago
Thomas Bruederli deb2b8d080 Allow to load config files for different environments (#1487311); keep (non-default) filename in URLs throughout the webmail app 12 years ago
Aleksander Machniak a544971fe8 Fix error when using check_referer=true 12 years ago
Aleksander Machniak bb080af14d Bump version number up to 1.0-git 12 years ago
Thomas Bruederli 18e23ab763 Welcome to 2013 12 years ago
Aleksander Machniak a95687cfe8 Plugin API: Add 'refresh' hook 12 years ago
Aleksander Machniak 77de23fa93 Added cross-task 'refresh' request for system state updates 12 years ago
Aleksander Machniak b807084a6b - Fix (disable) request validation for spell and spell_html actions
Consider action whitelist also for ajax requests
12 years ago
Aleksander Machniak 2bbc3da52a - Check request tokens also in devel_mode 12 years ago
Aleksander Machniak 1c0ce1fe52 Plugin API: Add 'unauthenticated' hook (#1488138) 13 years ago
Aleksander Machniak 7c8fd80310 Show explicit error message when provided hostname is invalid (#1488550) 13 years ago