4e00237cc4
Allow opening application/octet-stream attachments according to filename extension ( #6821 )
5 years ago
46d3cae2ff
Security: Fix cross-site scripting (XSS) via malicious XML attachment
5 years ago
bda02002de
Security: Better fix for CVE-2020-12641
5 years ago
da2bb8af6d
Fix error when user-configured skin does not exist anymore ( #7271 )
...
We fallback to the system skin not the default one.
5 years ago
f6586c7cf7
Fix PHP warning: count(): Parameter must be an array or an object... in ID command handler ( #7392 )
5 years ago
34a0af8964
Allow array in smtp_host config ( #7296 )
5 years ago
35c29be9b2
Remove use of ext-iconv
5 years ago
c39081b6a1
Fix bug in extracting required plugins from composer.json that led to spurious error in log ( #7364 )
5 years ago
219e353ac1
Fix local file inclusion (and code execution) via crafted 'plugins' option
5 years ago
4951d6603a
Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings
5 years ago
87e4cd0cf2
Fix XSS issue in handling of CDATA in HTML messages
5 years ago
b35b5a1a26
Fix typo
5 years ago
bf34e8cf9c
Fix performance issue of parsing big HTML messages by disabling HTML5 parser for these ( #7331 )
5 years ago
15ee34a438
Revert "Fix bug where session was destoryed with window close ( #7251 )"
...
This reverts commit 32fac136db
5 years ago
4a5efe09f9
Fix bug where a special folder couldn't be created if a special-use flag is not supported ( #7147 )
5 years ago
32fac136db
Fix bug where session was destoryed with window close ( #7251 )
5 years ago
e84dc4c385
Fix literals handling again
5 years ago
e66ffae856
Fix handling keyservers configured with protocol prefix ( #7295 )
...
`|^[a-z]://|` matches only single-character protocol shortnames, to correctly exclude e.g. `hkps://` the expression should be `|^[a-z]+://|` instead.
5 years ago
2965e60c1f
Support many string literals in a "line response", deduplicate code
5 years ago
f9c84e2646
Fix string literals handling in IMAP STATUS (and various other) responses ( #7290 )
5 years ago
7df358d64e
Fix internal cache use in rcube_imap::get_message()
...
Two folders, personal and shared, can contain the same UIDs, so
we should check UID and folder name when dealing with internally
cached message.
5 years ago
d194b238c7
Support RFC8438: IMAP STATUS=SIZE - for faster folder size calculation ( #7269 )
5 years ago
b7410ffe89
Use mySQL charset in connection string instead of SET NAMES ( #7232 )
...
And switch to utf8mb4 as it is what we're using right now in db schema.
5 years ago
770d818dd9
Fix undefined variable
5 years ago
305c9355ee
Fix using unix:///path/to/socket.file in memcached driver ( #7210 )
...
off by one when stripping the memcache (sans d) compatible AF_UNIX prefix
5 years ago
60c8dd2e23
Fix regression where using an absolute path to SQLite database file on Windows didn't work ( #7196 )
5 years ago
0b02e87afe
Fix some strict mode warnings
5 years ago
fe796d4040
Remove useless pass-by-reference
5 years ago
d340f18295
Fix display issues with mail subject that contains line-breaks ( #7191 )
5 years ago
bdf0a6539e
Relaxed domain name validation for extended TLDs support ( #5588 )
5 years ago
97e6065897
Extract RFC2231 attachment name from message headers ( #6729 ) ( #6783 )
...
* Extract RFC2231 attachment name from message headers (#6729 )
* Workaround for attachments with invalid content type (e.g. PDF) (#6816 )
5 years ago
1613f3ab4c
INSERT OR REPLACE implementation ( #6771 )
...
For now with support in postgres and mysql databases.
For now used in rcube_cache, rcube_imap_cache and enigma plugin
5 years ago
1376b5a647
Fix bug where message parts with no Content-Disposition header and no name were not listed on attachments list ( #7117 )
5 years ago
c138567ab5
Support 'greenmail' as an imap vendor label, don't call ID when not supported
5 years ago
9311c49cf4
Fix unexpected error message when mail refresh involves folder auto-unsubscribe ( #6923 )
5 years ago
fded360d84
Fix so messages in threads with no root aren't displayed separately ( #4999 )
5 years ago
51a9dd631f
Add support for SameSite cookie attribute (req PHP >= 7.3.0) ( #6772 )
5 years ago
e8e8c31eb3
Improve namespace roots presentation ( #5012 ) ( #6789 )
...
- Display a special icon for other users and shared namespace roots (Elastic)
- Change folders sorting so shared/other users namespaces are listed last
Fixes #5012 .
5 years ago
31b33c0f39
Don't require config.inc.php when only config-<env>.inc.php exists
5 years ago
cf90c69ad7
Fix bug where 'text' attribute on body tag was ignored when displaying HTML message ( #7109 )
5 years ago
545ea62dfc
Fix bug where listing tables in PostgreSQL database with db_prefix didn't work ( #7093 )
5 years ago
0aa5eca1fd
Fix bug where 'skins_allowed' option didn't enforce user skin preference ( #7080 )
5 years ago
0b45c3c6b0
Fix matching multiple X-Forwarded-For addresses with 'proxy_whitelist' ( #7107 )
5 years ago
8471930652
Add 'filter' to required extensions
5 years ago
e3c6989494
Log X-Real-IP only when it's different than REMOTE_ADDR
5 years ago
2f928a516d
Fix DB Write test on SQLite database ("database is locked" error) ( #7064 )
...
Also fix so SQLite DSN with a relative path to the database file works in Installer
5 years ago
ffeebff3f9
Fix bug where Ctype extension wasn't required in Installer and INSTALL file ( #7049 )
5 years ago
8a25ddbf53
Update changelog, CS improvements
5 years ago
0113ea9602
Fix tables listing routine when DSN contained a database with unsupported suffix ( #7034 )
5 years ago
110eebdd1b
Fix db_prefix handling in queries with `TRUNCATE TABLE <name>` and `UNIQUE <name>` ( #7013 )
5 years ago
Aleksander Machniak