Thomas Bruederli
4a408843b0
Protect download urls against CSRF using unique request tokens ( #1490642 )
...
Send X-Frame-Options headers with every HTTP response
9 years ago
Aleksander Machniak
a15d877ba8
Added brute-force attack prevention via login rate limit ( #1490566 )
9 years ago
Aleksander Machniak
454b0b1ca9
Remove deprecated rcmail and rcube_imap methods
9 years ago
Aleksander Machniak
2aa9ee56fd
Fix so disabling emoticons plugin really removes emoticons button from HTML editor
9 years ago
Aleksander Machniak
a5c03db798
Security: Added options to validate username/password on logon ( #1490500 )
9 years ago
Aleksander Machniak
c1bbf0d0b6
After failed login wait a second to slow down brute-force attacks ( #1490549 )
9 years ago
Aleksander Machniak
26086981a2
Improve randomness of security tokens ( #1490529 )
9 years ago
Aleksander Machniak
e2f605d44d
Fallback to C locale
9 years ago
Aleksander Machniak
3c29c7e858
Fix various issues with Turkish (and similar) locales ( #1490519 )
9 years ago
Aleksander Machniak
c4daf3f14f
Fix regression in converting signatures to text, fixed PHP warning in html2text() call
9 years ago
Aleksander Machniak
a63f14ec40
Emoticons-related code refactoring
...
- Emoticons: All emoticons-related functionality is handled by the plugin now
- Emoticons: Added option to switch on/off emoticons in compose editor (#1485732 )
- Emoticons: Added option to switch on/off emoticons in plain text messages
- Plugin API: Added disabled_plugins an disabled_buttons options in html_editor hook
- Plugin API: Added html2text hook
9 years ago
Aleksander Machniak
1b39d9a6c7
PHP7: Fixed some E_WARNING errors that previously were E_STRICT
9 years ago
Aleksander Machniak
08bb20f261
Don't use deprecated functions/constants (from bc.inc)
9 years ago
Aleksander Machniak
9d78c68cbf
Fix so imap folder attribute comparisons are case-insensitive ( #1490466 )
...
+ make in_array_nocase() much faster for ASCII strings
9 years ago
Aleksander Machniak
a958748947
CS fixes
10 years ago
Aleksander Machniak
b782815dac
Fix XSS vulnerability in _mbox argument handling ( #1490417 )
10 years ago
Aleksander Machniak
03aa84f784
Fix bug where some files could have "executable" extension when stored in temp folder ( #1490377 )
10 years ago
Aleksander Machniak
216b31dd99
Fix so "over quota" errors are displayed also in message compose page
...
This also fixes over quota responses on cyrus imap which uses "Over quota" string and no error identifier.
10 years ago
Aleksander Machniak
3665d1e8ec
Merge pull request #259 from corbosman/plugin_preload
...
Plugin preload
10 years ago
corbosman
de89d46be2
Load plugins before sessions have started
...
Move the plugin loading phase to before sessions have started allowing plugins to add session drivers. Plugins that want to use this should define an "onload" method in their plugins. This method does not have access to variables like $task as they are not yet initialised at that time.
10 years ago
Aleksander Machniak
c6efcf5e6d
Fix blocked.gif image usage with assets_dir set
10 years ago
Aleksander Machniak
7259529fad
Get rid of requests whitelist for security check bypass
10 years ago
Aleksander Machniak
681ba6fc3c
Improve system security by using optional special URL with security token
...
Allows to define separate server/path for image/js/css files
Fix bugs where CSRF attacks were still possible on some requests
10 years ago
Aleksander Machniak
f7f4672649
Fix regression in rcmail::show_bytes() where unit was set to "[]" instead of "B"
10 years ago
Aleksander Machniak
0b36d15157
Add method to display operation (uploading) progress in UI message
10 years ago
Aleksander Machniak
2dfad0a564
Make upload progress text more compact.
...
E.g. "500 KB of 10 MB" becomes "0.5 of 10 MB"
10 years ago
Aleksander Machniak
71dbeeee10
Skip unnecessary session updates on task switch - switch session task less often ( #1490116 )
10 years ago
andryyy
383724eb97
Update rcmail.php
...
Typo
10 years ago
Aleksander Machniak
dcc4469844
Don't init output in CLI mode
...
Fixes infinite recurssion on raise_error() call when executing scripts
out of the INSTALL_PATH. Also use 'rcube' if 'rcmail' is not needed.
10 years ago
Aleksander Machniak
5f58127eae
Added rcube_utils::resolve_url()
10 years ago
Aleksander Machniak
75bbada03b
Remove code for PHP<5.3, use PHP_VERSION_ID instead of version_compare() for version checks
10 years ago
Aleksander Machniak
e35eab5f94
Fix comm_path update on task switch ( #1490041 )
10 years ago
Thomas Bruederli
06fdaf88cb
Extend rcmail::url() to produce absolute and fully qualified URLs
10 years ago
Thomas Bruederli
d4783319a0
Set 'compose_extwin' env property on every step; accept a list of URL parameters for the 'compose' command
10 years ago
Aleksander Machniak
5312b71126
Allways return current folder from quota_content()
11 years ago
Aleksander Machniak
b8bcca7033
Display quota information for current folder not INBOX only ( #1487993 )
11 years ago
Aleksander Machniak
3cc1afa1c2
Support images in HTML signatures ( #1488676 )
...
This enables image button and file browser in html editor for signatures
11 years ago
Aleksander Machniak
6d5a1b9e8f
Get rid of some rcube_config::all() calls
11 years ago
Aleksander Machniak
c5f06896d4
Display full quota information in popup ( #1485769 , #1486604 )
11 years ago
Aleksander Machniak
6fa1a0da1f
Extend get_quota() so it's possible to specify GETQUOTAROOT folder and return full quota info (including all roots and types, e.g. MESSAGE) - for future use
11 years ago
David Carter
4a9a0e1f0f
The following:
...
program/steps/mail/compose.inc :: rcmail_store_target_selection()
program/steps/settings/edit_folder.inc :: rcmail_folder_form()
both try to localise mailbox names.
Push the logic down into the folder_selector() method which can use:
$this->config->get('show_real_foldernames')
to decide the correct default behaviour.
Clients functions and methods can still override by adding 'realnames'
named parameter to the folder_selector() call. The obvious example is
the Settings -> Preferences -> Special Folders screen.
11 years ago
Thomas Bruederli
99cdca46b7
Merge branch 'dev-accessibility'
...
Conflicts:
program/include/rcmail_output_html.php
program/js/app.js
program/js/treelist.js
program/lib/Roundcube/html.php
skins/larry/styles.css
skins/larry/templates/compose.html
11 years ago
Aleksander Machniak
c5bfe69e21
Improved video support, all tinymce related resources moved to program/js/tinymce/roundcube dir
11 years ago
Thomas Bruederli
77043f8469
Apply accessibility improvements to the settings section
11 years ago
Thomas Bruederli
d58c39126f
Some more improvemements on content structure, text representation and keyboard navigation within the mail view
11 years ago
Aleksander Machniak
b408e0bc53
Display a warning if popup window was blocked ( #1489618 )
11 years ago
Aleksander Machniak
646b64107a
Implemented Text Editor widget that integrates all operations on
...
textareas including HTML editor and spellchecking
11 years ago
Aleksander Machniak
731d190fec
Merge branch 'tinymce4'
...
Conflicts:
program/js/app.js
program/js/editor.js
program/js/tiny_mce/tiny_mce.js
program/steps/utils/spell_html.inc
11 years ago
Aleksander Machniak
b21f8bd3ef
Implemented image selector dialog for TinyMCE, css fixes in classic skin for TinyMCE4
11 years ago
Aleksander Machniak
48e92fcbba
Add 'performance_stats' option, so perf. stats can be logged with disabled devel_mode
11 years ago