Felix Eckhofer
30e6b980a6
Remove usage of $RCMAIL global variable
11 years ago
Felix Eckhofer
ef721fc430
Add config variable 'proxy_whitelist'
...
HTTP headers X_FORWARDED_* and X_REAL_IP are only evaluated when
received from an IP listed in proxy_whitelist. Furthermore, only the
last non-trusted IP from X-Forwarded-For is used in place of the real
ip.
Without this, an attacker can easily spoof the headers and control the
result of the ip or ssl check.
This fixes several problems with [3a4c9f42
], [4d480b36
] and [a520f331
] as
mentioned in #1489729 .
11 years ago
Aleksander Machniak
517c9f9a8d
Fix directories check in Installer on Windows ( #1489576 )
...
Added rcube_utils::is_absolute_path() method
11 years ago
Aleksander Machniak
f6d23a8dce
Fix PHP warning when 1st argument of parse_host() is not a string ( #1489486 )
11 years ago
Aleksander Machniak
a520f331c1
Fix handling of X-Forwarded-For header with multiple addresses ( #1489481 )
11 years ago
Aleksander Machniak
d19c0f9f30
In normalize_string() replace 4-byte unicode characters with '?' character.
...
These are not supported in default utf-8 charset on mysql,
the chance we'd need them in searching is very low.
11 years ago
Aleksander Machniak
b1f3c3bee8
Fixed saving contact birthday/anniversary dates before 01-01-1970
11 years ago
Thomas Bruederli
fdb30f3279
Fix CSS selector modifications when nested in @media blocks
11 years ago
Aleksander Machniak
ff6de99ae4
Some micro-optimizations
11 years ago
Aleksander Machniak
d1abd8e339
Fix infinite loop in rcube_utils::mod_css_styles() after recent changes in rcube_string_replacer
11 years ago
Aleksander Machniak
af79a7b837
Fixed issues where HTML comments inside style tag would hang Internet Explorer
11 years ago
Aleksander Machniak
eafd5b1aa4
Improved mailto: link arguments handling ( #1489363 )
11 years ago
Thomas Bruederli
52830ea605
Improve handling of date strings and DateTime values in contacts
11 years ago
Aleksander Machniak
b32fab16ef
Fix handling of non-default date formats ( #1489294 )
...
- remove ambiguous m/d/Y format from default config
11 years ago
Thomas Bruederli
4d480b36ea
Respect HTTP_X_FORWARDED_FOR and HTTP_X_REAL_IP variables for session IP check
11 years ago
Aleksander Machniak
39b905b7a8
Canonize boolean ini_get() results ( #1489189 )
12 years ago
Aleksander Machniak
896e2b4e51
Add more rcube_utils tests
12 years ago
Aleksander Machniak
fe0f1d589b
Improve rcube_utils::file2class() to not return duplicates
12 years ago
Aleksander Machniak
3725cfb245
Avoid uninitialized/unused variables
12 years ago
Aleksander Machniak
b7570fb564
Fix parsing invalid date string ( #1489035 )
12 years ago
Thomas Bruederli
293a5798af
Use the right variable for IPv6 check
12 years ago
Aleksander Machniak
d2534c63f2
Cleanup, remove file paths from doc
12 years ago
Thomas Bruederli
60226a75d8
Separate the very application-specific output classes from the Roundcube framework; add autoloader for rmail* classes
12 years ago
Aleksander Machniak
ba6f21caeb
Framework files moved to lib/Roundcube
12 years ago