Commit Graph

48 Commits (1a10074b85008bd8166bc1e979d07bcbbbd45611)

Author SHA1 Message Date
Aleksander Machniak 63730cf842 Fix security issue where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897) 5 years ago
Aleksander Machniak 057fb69bb9 Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899) 5 years ago
Aleksander Machniak 7bf868767e Fix security issue where it was possible to bypass the position:fixed CSS check in received messages (#6898) 5 years ago
Aleksander Machniak 0a0ad2c9b7 Switch to IDNA2008 variant (#6806)
After switching IDNA_NONTRANSITIONAL_TO_ASCII on, switch to
IDNA2008 variant in Net_LDAP2. Add test, update changelog.
5 years ago
Aleksander Machniak ce52b04051 Update changelog, add some tests for rcube_utils::parse_host() 6 years ago
Aleksander Machniak 0716d499bc Fix bug where some escape sequences in html styles could bypass security checks 7 years ago
Aleksander Machniak b2bebe531a Fix bug where usernames without domain part could be malformed or converted to lower-case on logon (#6224) 7 years ago
Aleksander Machniak f36e23b778 Fix parsing date strings (e.g. from a Date: mail header) with comments (#6216) 7 years ago
Aleksander Machniak 0f3ad342f7 Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() (#6212) 7 years ago
Aleksander Machniak 9d2b303b51 Fix bug in remote content blocking on HTML image and style tags (#6178) 7 years ago
Daniel Kesselberg a8d5547163 Update idn convertion methods (#6115)
* Add more test cases
* Update phpdoc
7 years ago
Aleksander Machniak 63a7d2313f Improve SMTPUTF8 support and fix relaxed email validation issues 7 years ago
Daniel Kesselberg a3504cb3b8 Add unit test for IDN (#6114) 7 years ago
Aleksander Machniak 3196d656db Fix css conflicts in user interface and e-mail content (#5891)
... by adding prefix to element/class identifiers
Also cleaned up some code and removed global variable use.
7 years ago
Aleksander Machniak 5d16751ed8 Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 7 years ago
Aleksander Machniak 1fcf7bfab3 Fix bug where HTML messages with @media styles could moddify style of page body (#5811) 7 years ago
Aleksander Machniak 8f22c3287d Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747) 8 years ago
Thomas Bruederli 522565b400 Add tests for XSS vulnerabilities in style tags 8 years ago
Aleksander Machniak 7340360e79 Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 8 years ago
Aleksander Machniak dcabc1d814 Merge remote-tracking branch 'upstream/master'
Conflicts:
	tests/Framework/Washtml.php
8 years ago
Aleksander Machniak 906cf101c3 Better time handling in rcube_utils::clean_datestr() 8 years ago
Aleksander Machniak ed35267b9b Managesieve: Fix parsing of vacation date-time with non-default date_format (#5372)
Added new method rcube_utils::format_datestr() to convert date_format date
into ISO date format.
8 years ago
Aleksander Machniak 6737e293bb Wash position:fixed style in HTML mail for better security (#5264) 9 years ago
Aleksander Machniak cbe701ac4a Fix rcube_utils::words_match() to work with mixed/invalid/binary content (T844) 9 years ago
Aleksander Machniak 26086981a2 Improve randomness of security tokens (#1490529) 9 years ago
Aleksander Machniak 7a42173a16 Simplify rcube_utils::check_ip() 9 years ago
Aleksander Machniak 8447bae77c Require Mbstring and OpenSSL extensions (#1490415) - remove redundant code 10 years ago
Aleksander Machniak 3994b3a26c Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402) 10 years ago
Aleksander Machniak 389f70996c Skip some tests on PHP 5.3.3 10 years ago
Aleksander Machniak eb58b6c537 Fix failing rcube_utils::strtotime() test if system timezone was different than expected 10 years ago
Thomas Bruederli e8b82c2e7b Fix rcube_utils::normalize_string() to support unicode characters + add argument for minimum token length 10 years ago
Thomas Bruederli 09c58d1add Make rcube_utils::strtotime() timezone aware (#1490163) 10 years ago
Aleksander Machniak 11eb072f80 Fix rcube_utils::get_boolean() test to not use deprecated function alias 10 years ago
Aleksander Machniak 848e204ef9 Fix validation of email addresses with IDNA domains (#1490067) 10 years ago
Aleksander Machniak 49dad5f669 Fix broken normalize_string(), add support for ISO-8859-2 11 years ago
Aleksander Machniak d921587f29 Add more tests for normalize_string() - some failing 11 years ago
Aleksander Machniak 517c9f9a8d Fix directories check in Installer on Windows (#1489576)
Added rcube_utils::is_absolute_path() method
11 years ago
Aleksander Machniak b1f3c3bee8 Fixed saving contact birthday/anniversary dates before 01-01-1970 11 years ago
Thomas Bruederli fdb30f3279 Fix CSS selector modifications when nested in @media blocks 11 years ago
Aleksander Machniak b32fab16ef Fix handling of non-default date formats (#1489294)
- remove ambiguous m/d/Y format from default config
11 years ago
Aleksander Machniak 896e2b4e51 Add more rcube_utils tests 12 years ago
Aleksander Machniak 5383ad72db Add more tests for rcube_utils::explode_quoted_string() 12 years ago
Aleksander Machniak fe0f1d589b Improve rcube_utils::file2class() to not return duplicates 12 years ago
Aleksander Machniak 0c82e95c59 Apply rcube_shared.inc -> bootstrap.php change in tests 12 years ago
Aleksander Machniak 3a54cc5013 Fix rcube_utils::explode_quoted_string() with explode(), added tests 12 years ago
Aleksander Machniak 5f8097b9eb Added tests for specialchars quoting 12 years ago
Aleksander Machniak a65ce5d3b0 Rename ip_check to check_ip, add IP checking tests 12 years ago
Aleksander Machniak 9b05f19338 Restructured tests 12 years ago