Aleksander Machniak
|
8344f07d7f
|
Fix CSRF bypass that could be used to log out an authenticated user (#7302)
|
4 years ago |
|
Aleksander Machniak
|
b8555ce4f3
|
Fix so 401 error is returned only on failed logon requests (#7010)
|
5 years ago |
|
Aleksander Machniak
|
9f1d185c44
|
Master is 1.5-git now
|
5 years ago |
|
Aleksander Machniak
|
f1a83f923d
|
Added cookie mismatch detection, display an error message informing the user to clear cookies
|
5 years ago |
|
Aleksander Machniak
|
57c67db029
|
Remove year(s) from copyright headers + some cleanup
|
5 years ago |
|
Aleksander Machniak
|
11216a1925
|
Changed 'password_charset' default to 'UTF-8' (#6522)
|
6 years ago |
|
Aleksander Machniak
|
186f21c4c1
|
Avoid Referer leaking by using Referrer-Policy:same-origin header (#6385)
Added 'common_headers' hook
|
6 years ago |
|
Aleksander Machniak
|
f1ee6d7906
|
Plugin API: Add possibility to specify HTTP return code via 'unauthenticated' hook
|
6 years ago |
|
Aleksander Machniak
|
e4ccc2bb48
|
Update copyright year in few places
|
6 years ago |
|
Aleksander Machniak
|
fb2f213d6f
|
Add id attribute to the installer warning
|
6 years ago |
|
Aleksander Machniak
|
2cb9de358b
|
Return "401 Unauthorized" status when login fails (#5663)
|
7 years ago |
|
Aleksander Machniak
|
e51fa197bb
|
Remove unused variable
|
7 years ago |
|
Aleksander Machniak
|
5101cfc67a
|
Bump version to 1.4-git
|
7 years ago |
|
Thomas Bruederli
|
f78e2a4367
|
Add 1.3-beta milestone + update copyright year
|
7 years ago |
|
Aleksander Machniak
|
ad9a55f8cb
|
Support hostname and hostname:port in force_https option (#5511)
|
8 years ago |
|
Aleksander Machniak
|
24b4ca52cf
|
Fix so "Action disabled" error uses more appropriate 404 code (#5440)
|
8 years ago |
|
Aleksander Machniak
|
b77efcd104
|
Fix typo
|
8 years ago |
|
Aleksander Machniak
|
85082c88c7
|
CS fixes
|
8 years ago |
|
Aleksander Machniak
|
9634169647
|
Bump version number to 1.3-beta
|
8 years ago |
|
Aleksander Machniak
|
a15d877ba8
|
Added brute-force attack prevention via login rate limit (#1490566)
|
9 years ago |
|
Aleksander Machniak
|
1b39d9a6c7
|
PHP7: Fixed some E_WARNING errors that previously were E_STRICT
|
9 years ago |
|
Aleksander Machniak
|
4b72a1f498
|
Fix error when using back button after sending an email (#1490009)
|
9 years ago |
|
Aleksander Machniak
|
a958748947
|
CS fixes
|
9 years ago |
|
Aleksander Machniak
|
3779b67a9c
|
Set version number to 1.2-git
|
9 years ago |
|
Thomas Bruederli
|
2f8b1036da
|
Bump version and copyright year
|
9 years ago |
|
Aleksander Machniak
|
681ba6fc3c
|
Improve system security by using optional special URL with security token
Allows to define separate server/path for image/js/css files
Fix bugs where CSRF attacks were still possible on some requests
|
10 years ago |
|
Thomas Bruederli
|
c45507e317
|
Fix login error message display broken in b51de327
|
10 years ago |
|
Thomas Bruederli
|
b51de3279f
|
Display custom error messages from plugins hooks (as documented in the API spec)
|
10 years ago |
|
Thomas Bruederli
|
a873d934f5
|
Give precedence to plugin.* actions over custom tasks registered by plugins
|
10 years ago |
|
Aleksander Machniak
|
d01f9fc7f5
|
Add option (disabled_actions) to disable UI elements/actions (#1489638)
|
10 years ago |
|
Thomas Bruederli
|
7e7e451b66
|
Warn for unsent/unsaved message when closing compose window; remove localStorage copy if page was left intentionally but not on session errors (#1489818)
|
10 years ago |
|
Aleksander Machniak
|
d19a9b35cc
|
Remove obsolete code that disables session check on 'send' action
|
10 years ago |
|
Aleksander Machniak
|
ba5c53e5c3
|
Send X-UA-Compatible as HTTP header instead of meta tag
|
10 years ago |
|
Aleksander Machniak
|
b360f707e8
|
Small code improvement
|
10 years ago |
|
Aleksander Machniak
|
65f59fa3c6
|
Bump version number to 1.1-git
|
10 years ago |
|
Aleksander Machniak
|
8d3d5b42b7
|
Prevent from "Call to undefined method rcmail_output_json::add_footer()" error
|
10 years ago |
|
Aleksander Machniak
|
0301d9347f
|
CS fixes
|
11 years ago |
|
Thomas Bruederli
|
85e60ada15
|
First version of the local storage compose data saving feature; some behavioral improvements and encrytion are still to be added
|
11 years ago |
|
Thomas Bruederli
|
b461a2d72e
|
Send last fetch time with 'refresh' requests and allow plugins to alter query parameters of http requests
|
11 years ago |
|
Aleksander Machniak
|
060467df9d
|
Log also failed logins to userlogins log
|
11 years ago |
|
Thomas Bruederli
|
deb2b8d080
|
Allow to load config files for different environments (#1487311); keep (non-default) filename in URLs throughout the webmail app
|
11 years ago |
|
Aleksander Machniak
|
a544971fe8
|
Fix error when using check_referer=true
|
11 years ago |
|
Aleksander Machniak
|
bb080af14d
|
Bump version number up to 1.0-git
|
11 years ago |
|
Thomas Bruederli
|
18e23ab763
|
Welcome to 2013
|
12 years ago |
|
Aleksander Machniak
|
a95687cfe8
|
Plugin API: Add 'refresh' hook
|
12 years ago |
|
Aleksander Machniak
|
77de23fa93
|
Added cross-task 'refresh' request for system state updates
|
12 years ago |
|
Aleksander Machniak
|
b807084a6b
|
- Fix (disable) request validation for spell and spell_html actions
Consider action whitelist also for ajax requests
|
12 years ago |
|
Aleksander Machniak
|
2bbc3da52a
|
- Check request tokens also in devel_mode
|
12 years ago |
|
Aleksander Machniak
|
1c0ce1fe52
|
Plugin API: Add 'unauthenticated' hook (#1488138)
|
12 years ago |
|
Aleksander Machniak
|
7c8fd80310
|
Show explicit error message when provided hostname is invalid (#1488550)
|
12 years ago |