Fedor A. Fetisov
|
4f683c26e1
|
Fix support for "allow-from X" in "x_frame_options" config option (#6449)
|
6 years ago |
Aleksander Machniak
|
f9c590621b
|
Remove x_frame_options env
|
7 years ago |
Aleksander Machniak
|
0ad7e4c903
|
Fix bug where assets_path wasn't added to some watermark frames
|
7 years ago |
Aleksander Machniak
|
bf6440c3dc
|
Fix POST parameter reflection in default_charset selector (#5768)
|
8 years ago |
ka7
|
9a35768c26
|
spelling fixes (#5690)
|
8 years ago |
Aleksander Machniak
|
f29fd706cf
|
Get back to eval()
We used create_function() before but it's deprecated in PHP 7.2
and really it was just a wrapper on eval().
|
8 years ago |
Aleksander Machniak
|
369b44d94a
|
Fix unsetting template objects
Fixes compatibility with some plugins e.g. kolab_addressbook which
call parse() method (for sub-templates) while parsing the main template
|
8 years ago |
Aleksander Machniak
|
e17fcf1649
|
Support ALLOW-FROM in x_frame_options (#5122)
|
8 years ago |
Aleksander Machniak
|
d02e6ea45e
|
Fix so templating system does not mess with external (e.g. email) content (#5499)
|
8 years ago |
Aleksander Machniak
|
edea8732a6
|
Fix regression where UI object could be not created on some pages (#5484)
|
8 years ago |
Aleksander Machniak
|
f43f5bf93f
|
Use JSON_PRETTY_PRINT in devel_mode
This effectively makes PHP 5.4 a real requirement
|
8 years ago |
Aleksander Machniak
|
638afafbd2
|
Make so rcmail.log() depends on devel_mode (#5193)
|
8 years ago |
Victor Benincasa
|
daeb66ee99
|
Fix login form
Fix a small bug introduced on commit 43f3c5f that breaks the login form ($attrib['form'] is checked at line 1899, so it cannot be unset).
|
8 years ago |
Aleksander Machniak
|
43f3c5fb2a
|
Implement "one click" attachment upload (#5024)
|
8 years ago |
Aleksander Machniak
|
184de7735c
|
CS fixes (mostly phpdoc)
|
8 years ago |
Thomas Bruederli
|
4a408843b0
|
Protect download urls against CSRF using unique request tokens (#1490642)
Send X-Frame-Options headers with every HTTP response
|
9 years ago |
Aleksander Machniak
|
10e5192a2b
|
Fix path traversal vulnerability in setting a skin (#1490620)
|
9 years ago |
dsoares
|
234fd19505
|
Replace deprecated call to Q within array_map()
|
9 years ago |
Aleksander Machniak
|
93e64008a6
|
Small code improvements
|
9 years ago |
Aleksander Machniak
|
252cc4c4ac
|
Password: Allow temporarily disabling the plugin functionality with a notice
|
9 years ago |
Aleksander Machniak
|
a958748947
|
CS fixes
|
10 years ago |
Thomas Bruederli
|
0bd99db08d
|
Localize common error messages; improve explanation for CSRF check failures
|
10 years ago |
Aleksander Machniak
|
681ba6fc3c
|
Improve system security by using optional special URL with security token
Allows to define separate server/path for image/js/css files
Fix bugs where CSRF attacks were still possible on some requests
|
10 years ago |
Thomas Bruederli
|
8d526c4938
|
Fix skin path handling in plugin context (#1488967):
The plugin skin directories are removed again from the search path after parsing of a plugin template has finished.
|
10 years ago |
Aleksander Machniak
|
1ffab0ad4a
|
Fix possible issues in skin/skin_path config handling (#1490125)
|
10 years ago |
Thomas Bruederli
|
8ef203827f
|
Make noshow attribute for roundcube:label tags actually work as supposed
|
10 years ago |
Aleksander Machniak
|
d01f9fc7f5
|
Add option (disabled_actions) to disable UI elements/actions (#1489638)
|
10 years ago |
Aleksander Machniak
|
ef51ae6d19
|
Reset also page header/footer on "dummy frames" - to prevent js error e.g. if some script depends on jQuery
|
11 years ago |
Aleksander Machniak
|
19138ef7a9
|
Make sure set_env and add_label commands are always sent first - other commands might depend on them.
Fixes loading message in managesieve filters frame.
|
11 years ago |
Thomas Bruederli
|
99cdca46b7
|
Merge branch 'dev-accessibility'
Conflicts:
program/include/rcmail_output_html.php
program/js/app.js
program/js/treelist.js
program/lib/Roundcube/html.php
skins/larry/styles.css
skins/larry/templates/compose.html
|
11 years ago |
Thomas Bruederli
|
d58c39126f
|
Some more improvemements on content structure, text representation and keyboard navigation within the mail view
|
11 years ago |
Thomas Bruederli
|
22a2c5e0ee
|
Localize title and summary attributes; make message count display box a live area
|
11 years ago |
Aleksander Machniak
|
2441264d00
|
Improved folders sorting by name - use Intl.Collator if supported
|
11 years ago |
Aleksander Machniak
|
ffc74814c1
|
Optimize "empty" framed pages size (#1489792)
|
11 years ago |
Aleksander Machniak
|
8f57ce136b
|
Code improvements
|
11 years ago |
Aleksander Machniak
|
7079110c61
|
Allow data-* attributes (#1489860)
|
11 years ago |
Thomas Bruederli
|
ea0866a1ad
|
Improve keyboard navigation on compose screen: define tabindex groups + enable keyboard controls of contacts list widget
|
11 years ago |
Thomas Bruederli
|
184ed2efe2
|
Declare content language for proper text-to-speech support
|
11 years ago |
Thomas Bruederli
|
b0ce5c62af
|
Make skin meta/hierarchy information accessible for plugins (#1488831)
|
11 years ago |
Thomas Bruederli
|
e8bcf08c72
|
1. Prepare core and Larry skin for improved accessibility
2. Implement full keyboard navigation in main mail view
|
11 years ago |
Thomas Bruederli
|
b34d679075
|
Specify licenses in all javascript files and blocks to please LibreJS
|
11 years ago |
Aleksander Machniak
|
5be6dcf0e2
|
Remove useless debug_level=8 and javascripts's rcube_console
|
11 years ago |
Aleksander Machniak
|
904fec7505
|
Add id for login submit button (#1489676) - make it skin independent
|
11 years ago |
Aleksander Machniak
|
5e8da2b5c9
|
Added toolbar button to move message in message view
|
11 years ago |
Thomas Bruederli
|
9ba4967a73
|
Create class documentation with latest phpdoc utility
|
11 years ago |
Aleksander Machniak
|
0301d9347f
|
CS fixes
|
11 years ago |
Aleksander Machniak
|
c562a31681
|
Improved minified files handling, added css minification (#1486988)
|
11 years ago |
Aleksander Machniak
|
538e64c572
|
Fix Closure-compiler warnings, small code improvements
|
11 years ago |
Thomas Bruederli
|
e46d060a4a
|
Fix errors in error page :-)
|
11 years ago |
Thomas Bruederli
|
59cdb433a6
|
Avoid duplicate elements with the same id in HTML. Fixes broken icons in classic skin.
|
11 years ago |