Commit Graph

152 Commits (2e9a60efea2048c0a79947bd2b56d63d37b282d3)

Author SHA1 Message Date
Aleksander Machniak 2e3648b24f Fix bug where some HTML comments could have been malformed by HTML parser (#6333) 6 years ago
Aleksander Machniak d9eed3625b Fix bug where some escape sequences in html styles could bypass security checks 7 years ago
Aleksander Machniak c278b8796f Fix bug where usernames without domain part could be malformed or converted to lower-case on logon (#6224) 7 years ago
Aleksander Machniak 60902de521 Fix parsing date strings (e.g. from a Date: mail header) with comments (#6216) 7 years ago
Aleksander Machniak f55724d1e8 Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() (#6212) 7 years ago
Aleksander Machniak 24dcdb5414 Fix bug in remote content blocking on HTML image and style tags (#6178) 7 years ago
Aleksander Machniak 46faac4a6e Fix mangled non-ASCII characters in links in HTML messages (#6028) 7 years ago
Aleksander Machniak 972be07a41 Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 7 years ago
Thomas Bruederli 74e0852db2 Escape textarea contents in Washtml 7 years ago
Aleksander Machniak 39fa590bad Fix bug where HTML messages with @media styles could moddify style of page body (#5811) 7 years ago
Aleksander Machniak dade481658 Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747) 8 years ago
Aleksander Machniak ce61c8210e Added test for rcube_db::parse_dsn() 8 years ago
dfukagaw28 89a4134064 Add support for DelSp=Yes messages (#5702) 8 years ago
Thomas Bruederli 522565b400 Add tests for XSS vulnerabilities in style tags 8 years ago
Shin Kojima 0b385dc946 Skip iconv for problematic ISO-2022-JP strings (#5668)
We sometimes get broken character encodings such as:
Subject: =?iso-2022-jp?B?GyRCLWo7M3l1OSk2SBsoQgo=?=
This actually is not a strict ISO-2022-JP string, but a CP50220 string
that is a variant of ISO-2022-JP with extended characters proposed by
Microsoft. Iconv can not handle these encodings well.
8 years ago
Aleksander Machniak e08f22ef28 Fix bug where external content in src attribute of input/video tags was not secured (#5583) 8 years ago
Aleksander Machniak 7340360e79 Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 8 years ago
JohnDoh dd714b33a8 replace old trac links (#5514) 8 years ago
Aleksander Machniak 94f8ce3334 Make html::parse_attrib_string() more robust
Fixes PHP Error: Expression parse error on: ($app->config->get('preview_pane',rcube_utils::get_boolean('')) == true ? ' checked=checked' : ')
8 years ago
Aleksander Machniak dcabc1d814 Merge remote-tracking branch 'upstream/master'
Conflicts:
	tests/Framework/Washtml.php
8 years ago
Aleksander Machniak 906cf101c3 Better time handling in rcube_utils::clean_datestr() 8 years ago
Aleksander Machniak ed35267b9b Managesieve: Fix parsing of vacation date-time with non-default date_format (#5372)
Added new method rcube_utils::format_datestr() to convert date_format date
into ISO date format.
8 years ago
Aleksander Machniak d91bad5975 Fix handling of blockquote tags with mixed case on html2text conversion (#5363) 8 years ago
Aleksander Machniak bf5b3072c4 Fix MathML test on older PHP versions 8 years ago
Aleksander Machniak edfd9da42a Support MathML in HTML message preview (#5182) 8 years ago
Aleksander Machniak 6737e293bb Wash position:fixed style in HTML mail for better security (#5264) 9 years ago
Aleksander Machniak afd090672c Small performance optimization 9 years ago
Aleksander Machniak ca9ad75d96 Add some more tests for HREF attribute washing 9 years ago
Aleksander Machniak 6652367d65 Fix XSS issue in href attribute on area tag (#5240, #5241) 9 years ago
Aleksander Machniak a0f38f5fd8 Small code style improvements 9 years ago
Aleksander Machniak e8ab3d96bd Fix converting mail addresses with @www. into mailto links (#5197) 9 years ago
Aleksander Machniak ed1d212ae2 Improved SVG cleanup code 9 years ago
Aleksander Machniak cbe701ac4a Fix rcube_utils::words_match() to work with mixed/invalid/binary content (T844) 9 years ago
Aleksander Machniak 9234903287 Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583) 9 years ago
Aleksander Machniak 26086981a2 Improve randomness of security tokens (#1490529) 9 years ago
Aleksander Machniak 7a42173a16 Simplify rcube_utils::check_ip() 9 years ago
Aleksander Machniak f4c512336d Fix "washing" of style elements wrapped into many lines 9 years ago
Aleksander Machniak 1b39d9a6c7 PHP7: Fixed some E_WARNING errors that previously were E_STRICT 9 years ago
Aleksander Machniak 2d73205ec8 Skip rcube_ldap_generic test if Net_LDAP3 is not available 9 years ago
Aleksander Machniak 8447bae77c Require Mbstring and OpenSSL extensions (#1490415) - remove redundant code 10 years ago
Aleksander Machniak f7427f151e Get rid of Mail_mimeDecode package dependency (#1490416) 10 years ago
Aleksander Machniak 25c8fe4eeb Fix handling of non-break spaces in html to text conversion (#1490436) 10 years ago
Aleksander Machniak ff40683404 Fix so links with href == content aren't added to links list on html to text conversion (#1490434) 10 years ago
Thomas Bruederli 7eefdc8149 Adapt charset cleanup tests to pass with different versions of iconv propucing slightyl different output 10 years ago
Aleksander Machniak 3994b3a26c Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402) 10 years ago
Thomas Bruederli 0bfc862283 Specify test groups for inclusion/exclusion 10 years ago
Aleksander Machniak c4ad7edd53 Fix font artifacts in text2html conversion (#1490353)
Use white-space:nowrap elements instead of unicode word-joiner character
10 years ago
Aleksander Machniak 389f70996c Skip some tests on PHP 5.3.3 10 years ago
Aleksander Machniak f7565da34b Add some more tests for rcube_charset::clean() 10 years ago
Aleksander Machniak eb58b6c537 Fix failing rcube_utils::strtotime() test if system timezone was different than expected 10 years ago