Aleksander Machniak
|
681ba6fc3c
|
Improve system security by using optional special URL with security token
Allows to define separate server/path for image/js/css files
Fix bugs where CSRF attacks were still possible on some requests
|
10 years ago |
Thomas Bruederli
|
c45507e317
|
Fix login error message display broken in b51de327
|
10 years ago |
Thomas Bruederli
|
b51de3279f
|
Display custom error messages from plugins hooks (as documented in the API spec)
|
10 years ago |
Thomas Bruederli
|
a873d934f5
|
Give precedence to plugin.* actions over custom tasks registered by plugins
|
10 years ago |
Aleksander Machniak
|
d01f9fc7f5
|
Add option (disabled_actions) to disable UI elements/actions (#1489638)
|
10 years ago |
Thomas Bruederli
|
7e7e451b66
|
Warn for unsent/unsaved message when closing compose window; remove localStorage copy if page was left intentionally but not on session errors (#1489818)
|
11 years ago |
Aleksander Machniak
|
d19a9b35cc
|
Remove obsolete code that disables session check on 'send' action
|
11 years ago |
Aleksander Machniak
|
ba5c53e5c3
|
Send X-UA-Compatible as HTTP header instead of meta tag
|
11 years ago |
Aleksander Machniak
|
b360f707e8
|
Small code improvement
|
11 years ago |
Aleksander Machniak
|
65f59fa3c6
|
Bump version number to 1.1-git
|
11 years ago |
Aleksander Machniak
|
8d3d5b42b7
|
Prevent from "Call to undefined method rcmail_output_json::add_footer()" error
|
11 years ago |
Aleksander Machniak
|
0301d9347f
|
CS fixes
|
11 years ago |
Thomas Bruederli
|
85e60ada15
|
First version of the local storage compose data saving feature; some behavioral improvements and encrytion are still to be added
|
11 years ago |
Thomas Bruederli
|
b461a2d72e
|
Send last fetch time with 'refresh' requests and allow plugins to alter query parameters of http requests
|
11 years ago |
Aleksander Machniak
|
060467df9d
|
Log also failed logins to userlogins log
|
11 years ago |
Thomas Bruederli
|
deb2b8d080
|
Allow to load config files for different environments (#1487311); keep (non-default) filename in URLs throughout the webmail app
|
12 years ago |
Aleksander Machniak
|
a544971fe8
|
Fix error when using check_referer=true
|
12 years ago |
Aleksander Machniak
|
bb080af14d
|
Bump version number up to 1.0-git
|
12 years ago |
Thomas Bruederli
|
18e23ab763
|
Welcome to 2013
|
12 years ago |
Aleksander Machniak
|
a95687cfe8
|
Plugin API: Add 'refresh' hook
|
12 years ago |
Aleksander Machniak
|
77de23fa93
|
Added cross-task 'refresh' request for system state updates
|
12 years ago |
Aleksander Machniak
|
b807084a6b
|
- Fix (disable) request validation for spell and spell_html actions
Consider action whitelist also for ajax requests
|
12 years ago |
Aleksander Machniak
|
2bbc3da52a
|
- Check request tokens also in devel_mode
|
12 years ago |
Aleksander Machniak
|
1c0ce1fe52
|
Plugin API: Add 'unauthenticated' hook (#1488138)
|
13 years ago |
Aleksander Machniak
|
7c8fd80310
|
Show explicit error message when provided hostname is invalid (#1488550)
|
13 years ago |
Aleksander Machniak
|
041c93ce0b
|
Removed $Id$
|
13 years ago |
Brian Ronald
|
b546b0dcfd
|
Also, the license comments
|
13 years ago |
alecpl
|
d2191c619f
|
- Fix redirect to mail/compose on re-login (1488226)
|
13 years ago |
alecpl
|
1aceb9cec8
|
- Framework refactoring (I hope it's the last one):
rcube,rcmail,rcube_ui -> rcube,rcmail,rcube_utils
renamed main.inc into rcube_bc.inc
|
13 years ago |
alecpl
|
0c259682f6
|
- Merge devel-framework branch, resolved conflicts
|
13 years ago |
thomascube
|
7fe3811c65
|
Changed license to GNU GPLv3+ with exceptions for skins and plugins
|
13 years ago |
thomascube
|
c321a955a7
|
Merged devel-framework branch (r5746:5779) back into trunk
|
13 years ago |
alecpl
|
fdff34093d
|
- Move some checks into login() method
|
13 years ago |
alecpl
|
b6da0b76af
|
- Remove deprecated global $IMAP variable usage (#1488148)
|
13 years ago |
alecpl
|
80216d0b79
|
- Change version number to 0.8-svn
|
13 years ago |
thomascube
|
abdf31486a
|
Allow cross-task ajax requests
|
13 years ago |
alecpl
|
3703021713
|
- Plugin API: added 'ready' hook (#1488073)
|
13 years ago |
thomascube
|
502436dad0
|
We're on the road towards 0.7 now
|
13 years ago |
alecpl
|
9e54e6fd45
|
- Make the whole PHP output non-cacheable (#1487797)
|
13 years ago |
thomascube
|
6354da5b8c
|
Fix r5117: don't show error on default login page
|
13 years ago |
thomascube
|
886aafe167
|
Don't rely on rcmail->task for session error check; use _REQUEST data instead
|
13 years ago |
thomascube
|
94c0743cba
|
Don't show session error message on logout
|
14 years ago |
thomascube
|
fcc7f861b1
|
Log session validation errors; keep error message when redirecting to login after session error
|
14 years ago |
thomascube
|
28ac5cada2
|
Let plugins hook into keep-alive requests
|
14 years ago |
thomascube
|
87e58c7a92
|
Default action for plugin tasks is 'index'
|
14 years ago |
alecpl
|
4351f7cd66
|
- Improve performance by including files with absolute path (#1487849)
|
14 years ago |
thomascube
|
ec045b0a24
|
Revert r4609 and use stateless request tokens; no need to save them in session and thus no keep-alive necessary; fixes #1487829
|
14 years ago |
thomascube
|
32b11d325e
|
Keep session alive while showing login page (request token is stored in session data)
|
14 years ago |
alecpl
|
4cfe66f42f
|
- small code cleanup
|
14 years ago |
alecpl
|
c294eaa3f2
|
- Performance improvement: Remove redundant DELETE query (for old session deletion) on login
|
14 years ago |