36043cb7bc
Bump version to 1.2.9 and copyright to 2018
7 years ago
8d6d4a5de5
Fix regression where IMAP commands with '*' uidset argument wasn't working
7 years ago
c69b851b8a
Fix regression in compressMessageSet()
7 years ago
9f91018a16
Bump version to 1.2.8
7 years ago
cdeb6234a2
Fix possible IMAP command injection vulnerability ( #6229 )
...
[CVE-2018-9846]
7 years ago
8e7c2f61a3
Fix bug in remote content blocking on HTML image and style tags ( #6178 )
7 years ago
987856eee2
Bump version + add CVE ID
7 years ago
1fd9ad242e
Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview ( #5580 )
7 years ago
ead587ad59
Fix bug where HTML messages could have been rendered empty on some systems ( #5957 )
...
Consistently use $nodeName instead of $tagName property.
7 years ago
5f0f579766
Ignore rewind() warnings ( #5950 )
7 years ago
3644b02d0b
Bump version to 1.2.6
7 years ago
fb43d2e608
Escape textarea contents in Washtml
7 years ago
507a1e9935
Don't ignore (global) userlogins/sendmail logs in per_user_logging mode
7 years ago
183f68f387
Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length ( #5788 )
8 years ago
3d498cd632
Fix bug where it wasn't possible to set timezone to auto-detected value ( #5782 )
8 years ago
913ffcfbbe
Fix SQL syntax error on MariaDB 10.2 ( #5774 )
8 years ago
58d7cdc3fc
Fix addressbook searching by gender ( #5757 )
8 years ago
9bfacb4d3c
Fix bug where comment notation within style tag would cause the whole style to be ignored ( #5747 )
8 years ago
e62a7d0dfa
Bump version to 1.2.5
8 years ago
22b34fc44b
Fix bug where base_dn setting was ignored inside group_filters ( #5720 )
8 years ago
0fffea28c1
Fix regression in LDAP fuzzy search where it always used prefix search instead ( #5713 )
8 years ago
6a178b3a7f
Remove redundant spaces from generated contact names
8 years ago
cbd35626f7
Better fix for XSS in style tags ( fa2824fdc)
8 years ago
fa2824fdcd
Fix XSS issue in handling of a style tag inside of an svg element
8 years ago
85a750a068
Bump version to 1.2.4
8 years ago
1568bd9e04
Fix bug where external content in src attribute of input/video tags was not secured ( #5583 )
8 years ago
f90f22ffb8
Fix bug where image data URIs in css style were treated as evil/remote in mail preview ( #5580 )
8 years ago
79613c1e4f
Fix variable substitution in ldap host for some use-cases, e.g. new_user_identity ( #5544 )
8 years ago
f04fc506b0
Bump version to 1.2.3
8 years ago
e8fc8888a6
Remove leftower code from last few backports
8 years ago
31df33d4e0
Fix regression where LDAP results could be counted incorrectly when using VLV
...
... broken by d08bd0a51f
8 years ago
53ede465e3
Avoid PHP fatal error
...
After last change to file `rcube_ldap.php`, my roundcube instance was getting this error:
```
PHP Fatal error: Cannot use object of type Net_LDAP3_Result as array in ...
```
In
```php
protected function extended_search($count = false)
```
`$result = $this->ldap->search()` returns a LDAP object (whatever package we use).
If the search returns no results (and if `$is_extended_search` is false), then it gets to line 971 trying to do a `usort()` and then a `count()` on an object, instead of an array.
8 years ago
6ccfcab17a
Searching in both contacts and groups when LDAP addressbook with group_filters option is used
...
Conflicts:
CHANGELOG
program/steps/addressbook/search.inc
8 years ago
f84233785d
Fix vulnerability in handling of mail()'s 5th argument
8 years ago
5dfacede3f
Make sure $prefs property is an array ( #5523 )
8 years ago
7f04df9ec0
Fix storing "empty" values in rcube_cache/rcube_cache_shared ( #5519 )
8 years ago
c633e605dd
Support contact+group searches in all relevant places (T1360)
...
Before the search worked only in Addressbook, not also in Compose.
The point of the change is also to align group searches with contact searches
in that it now uses the same set of attributes. Previously groups
in Compose were searched by name only.
8 years ago
115d575421
Add convenient method to create new session records
8 years ago
7983a7d63f
Fix "Illegal string offset" warning in rcube::log_bug() on PHP 7.1 ( #5508 )
8 years ago
9eac1dd513
Fix bug where it wasn't possible to store more that 2MB objects in memcache/apc ( #5452 )
...
Added memcache_max_allowed_packet and apc_max_allowed_packet settings
8 years ago
d867ea98ed
Fix bug where IMAP password could be exposed via error message ( #5472 )
8 years ago
4013e8fd41
Fix To: header encoding in mail sent with mail() method ( #5475 )
8 years ago
4480b2615f
Fix bug where deleting folders with subfolders could fail in some cases ( #5466 )
8 years ago
41d72ca7da
Fix regression where creation of default folders wasn't functioning without prefix ( #5460 )
8 years ago
0c8419e31c
Simplify mbstring code path in rcube_charset::convert()
8 years ago
444fdb6161
Bump version to 1.2.2
8 years ago
4378699663
Implemented rcube::sleep() method for disconnecting all external connection in long-running/sleeping scripts
...
Conflicts:
program/lib/Roundcube/rcube_db.php
8 years ago
d6f87f81c1
Fix so when moving to Trash we make sure the folder exists ( #5192 )
8 years ago
bcf576c662
Fix bug where folder creation could fail if personal namespace contained more than one entry ( #5403 )
...
+ small code improvements
8 years ago
2fdb9c43eb
Fix E_DEPRECATED warning when using Auth_SASL::factory() ( #5401 )
8 years ago
Thomas Bruederli