Aleksander Machniak
8e543f843e
Fix check_request() bypass in places using get_uids() [CVE-2018-9846] ( #6238 )
7 years ago
Aleksander Machniak
5832eca405
RCMAIL_CHARSET -> RCUBE_CHARSET ( #6236 )
7 years ago
Aleksander Machniak
73ea8f94d0
Use htmlspecialchars() with charset argument, simplify some code
7 years ago
Aleksander Machniak
a451ad6599
Fix handling encoding of HTML tags in "inline" JSON output ( #6207 )
7 years ago
Aleksander Machniak
4f6079833a
Fix PHP 7.2 warning: count(): Parameter must be an array or an object that implements Countable
7 years ago
Aleksander Machniak
b00d5c3836
Automatically localize data-label-* attributes of a template object
7 years ago
Aleksander Machniak
83bd85677b
Remove x_frame_options env
7 years ago
Aleksander Machniak
b172fb505c
Improve trusted_host_patterns code
7 years ago
Aleksander Machniak
55a1d6ef1b
Make search form's aria label to also support plugin localization (via label-domain property)
7 years ago
Aleksander Machniak
38d275445d
Plugin API: Add 'write' argument to 'render_page' hook
7 years ago
Aleksander Machniak
8e2f6275a4
Prevent from empty 'class' attribute in generated html
7 years ago
Aleksander Machniak
00cb440a07
Inline warnings can contain HTML code (regression fix)
7 years ago
Aleksander Machniak
db382fa19c
Change remote images to remote resources warning also in html attachment preview
7 years ago
Aleksander Machniak
46e2e7e16c
CS fix
7 years ago
Aleksander Machniak
758044d69e
Add skin config options to dont_override list
...
... so e.g. options in user preferences will be hidden.
7 years ago
Aleksander Machniak
1cf72fa2b6
Allow plugins to include Less files ( #6051 )
7 years ago
PhilW
26f1b0770c
use skinned alert boxes
7 years ago
PhilW
b897fe9349
use skined confirmation boxes where possible
7 years ago
Aleksander Machniak
910c735b87
Merge branch 'master' into dev-elastic
7 years ago
Aleksander Machniak
2a32f51c91
Fix file disclosure vulnerability caused by insuficient input validation in relation with attachment plugins ( #6026 )
7 years ago
Aleksander Machniak
ef0982f1b8
Merge branch 'master' into dev-elastic
7 years ago
JohnDoh
a8f0d35ebc
Extend disabled_actions config so it accepts also button names ( #5903 )
7 years ago
Aleksander Machniak
d815525c6a
Merge branch 'master' into dev-elastic
7 years ago
Aleksander Machniak
22b30de5d9
Fix bug where assets_path wasn't added to some watermark frames
7 years ago
Aleksander Machniak
3a77c906a1
Merge branch 'master' into dev-elastic
7 years ago
Aleksander Machniak
6ecf87b5bd
Support 'class' attribute in ComposeFormHead object
7 years ago
Aleksander Machniak
b77cce8d3e
Fix sending message with "Too many public recipients" dialog buttons ( #5924 )
7 years ago
Aleksander Machniak
13d203303e
Refactored Help plugin to use frames, added Elastic skin support
7 years ago
Aleksander Machniak
5d398d4d00
Add version number to the client environment
7 years ago
Aleksander Machniak
040a71e76c
Make public class rcmail_bounce_mail (now rcmail_resend_mail) ( #5861 )
7 years ago
Aleksander Machniak
cfed954a46
Fix bug where Chrome could not upload the same file that was selected before ( #5854 )
...
... and removed the cancel hack that is not needed anymore.
7 years ago
Aleksander Machniak
1b2d3c0ac2
Email Resent (Bounce) feature ( #4985 )
7 years ago
Aleksander Machniak
4b2f2b6b3b
Use about:blank instead of blank.gif for empty iframes
8 years ago
Aleksander Machniak
84a79ee8db
Move common mail composing/sending code to new rcmail_sendmail class
...
This is needed to make simpler an implementation of e.g.
- Mail Bounce feature (#4985 ),
- Direct Draft sending (#4998 ),
- Fast reply from mail preview (#5129 ).
8 years ago
Aleksander Machniak
86a4d78369
Merge branch 'dev-elastic'
8 years ago
Aleksander Machniak
05ea5a5548
Add ignore_errors option to rcube_db, so error logging can be disabled temporarily
...
Use ignore_errors to make sure the DDL upgrade errors are printed only once.
8 years ago
Aleksander Machniak
7b4b36b16c
Plugin API: Added 'show_bytes' hook ( #5001 )
8 years ago
Aleksander Machniak
8fff21deb5
Fix POST parameter reflection in default_charset selector ( #5768 )
8 years ago
Aleksander Machniak
5101cfc67a
Bump version to 1.4-git
8 years ago
Aleksander Machniak
9858c2a294
Merge branch 'master' into dev-elastic
8 years ago
Aleksander Machniak
cc0defce86
Fix failing database schema check in all engines except mysql ( #5730 )
8 years ago
Aleksander Machniak
51fb3bfa58
Support including files with path relative to templates dir
8 years ago
Aleksander Machniak
559254d6ee
Use <button> instead of <input> for submit button on logon screen
8 years ago
Aleksander Machniak
b1be7fca51
Unify inline warnings in rcmail_html_page
8 years ago
Aleksander Machniak
34446e00ca
Fix bug where namespace prefix could not be truncated on folders list if show_real_foldernames=true ( #5695 )
8 years ago
Aleksander Machniak
51dffcda86
Skip <script> element if it has no content
8 years ago
Aleksander Machniak
f03839b24b
Add support for 'link' objects in templates (with conditions)
...
.. to simplify conditional <link> tags injection while nested 'if' objects do not work
8 years ago
Aleksander Machniak
71ff264b02
Support conditional include
8 years ago
ka7
9a35768c26
spelling fixes ( #5690 )
8 years ago
Aleksander Machniak
38067f61da
Get rid of data-popup-pos
8 years ago
Aleksander Machniak
adbab9d3e2
Merge branch 'master' into dev-elastic
8 years ago
Aleksander Machniak
e2d80479d6
Make possible to set (some) config options from a skin
8 years ago
Aleksander Machniak
81f67a4de2
Don't use each() deprecated in PHP 7.2
8 years ago
Aleksander Machniak
f29fd706cf
Get back to eval()
...
We used create_function() before but it's deprecated in PHP 7.2
and really it was just a wrapper on eval().
8 years ago
Aleksander Machniak
879f1dd2a0
Register some labels, add one localization label
8 years ago
Aleksander Machniak
8131629c6e
Extended unified searchform object for templates engine
8 years ago
Aleksander Machniak
cc10cbe039
Make button object to be a <button> by default
8 years ago
Aleksander Machniak
25de39d444
Merge branch 'dev-remove-js-deps'
8 years ago
Aleksander Machniak
369b44d94a
Fix unsetting template objects
...
Fixes compatibility with some plugins e.g. kolab_addressbook which
call parse() method (for sub-templates) while parsing the main template
8 years ago
Aleksander Machniak
2733258d2b
Load 'close' label for dialogs by default
8 years ago
Aleksander Machniak
5e1da48d0c
Remove external javascript code from the git repo, add jsdeps.sh script ( #5535 )
8 years ago
Aleksander Machniak
a844db6a27
Merge branch 'dev-layouts'
8 years ago
Aleksander Machniak
e17fcf1649
Support ALLOW-FROM in x_frame_options ( #5122 )
8 years ago
Aleksander Machniak
d02e6ea45e
Fix so templating system does not mess with external (e.g. email) content ( #5499 )
8 years ago
Aleksander Machniak
ecfe177173
CS fixes, use $this instead of local variable
8 years ago
Aleksander Machniak
e3b61cd487
Plugin API: Added get_compose_responses hook ( #5457 )
8 years ago
Aleksander Machniak
edea8732a6
Fix regression where UI object could be not created on some pages ( #5484 )
8 years ago
Aleksander Machniak
571a10751f
Display error when trying to upload more files than specified in max_file_uploads ( #5483 )
8 years ago
Aleksander Machniak
f43f5bf93f
Use JSON_PRETTY_PRINT in devel_mode
...
This effectively makes PHP 5.4 a real requirement
8 years ago
Aleksander Machniak
4e0532808d
Fix bug where it wasn't possible to store more that 2MB objects in memcache/apc ( #5452 )
...
Added memcache_max_allowed_packet and apc_max_allowed_packet settings
8 years ago
Aleksander Machniak
40fe66b71e
Fix reference to non-existing blank.tif file in mime_content_type check
8 years ago
Aleksander Machniak
638afafbd2
Make so rcmail.log() depends on devel_mode ( #5193 )
8 years ago
Aleksander Machniak
6886a4de3f
Widescreen layout aka three column view ( #5093 )
8 years ago
Aleksander Machniak
650ac8befb
Fix displaying size of attachments with zero size
8 years ago
Victor Benincasa
daeb66ee99
Fix login form
...
Fix a small bug introduced on commit 43f3c5f
that breaks the login form ($attrib['form'] is checked at line 1899, so it cannot be unset).
8 years ago
Aleksander Machniak
32e5a6bbcf
Fix bug where folder creation could fail if personal namespace contained more than one entry ( #5403 )
...
+ small code improvements
8 years ago
Aleksander Machniak
873e0353cf
Use smart-upload-button for messages and contact photos upload
...
Unified interface with rcmail::upload_form().
8 years ago
Aleksander Machniak
43f3c5fb2a
Implement "one click" attachment upload ( #5024 )
8 years ago
Aleksander Machniak
9debc38724
Drop mail_header_delimiter option, since we don't use mail() we don't need it
8 years ago
Aleksander Machniak
184de7735c
CS fixes (mostly phpdoc)
8 years ago
Aleksander Machniak
ebc2f5dc7d
Add possibility to rename attachments in mail compose ( #4996 )
...
... and fix some small issues related to the new compose attachment menu feature
8 years ago
Aleksander Machniak
8a13615e9e
Add possibility to preview and download attachments in mail compose ( #5053 )
8 years ago
Aleksander Machniak
e1165fed89
Remove backward compatibility "layer" of bc.php ( #4902 ) - now for real
8 years ago
Aleksander Machniak
4361a95820
Fix missing localization of HTML editor when assets_dir != INSTALL_PATH
8 years ago
Aleksander Machniak
9e64dc2deb
Remove application/x-tar file extension test as it might not exist in nginx config ( #5253 )
...
Use text/css instead
9 years ago
Aleksander Machniak
9634169647
Bump version number to 1.3-beta
9 years ago
Aleksander Machniak
a0f38f5fd8
Small code style improvements
9 years ago
Aleksander Machniak
4e6f3019f5
Enigma: Handle encrypted/signed content inside message/rfc822 attachments
9 years ago
Aleksander Machniak
3a13b5dab8
CS fixes
9 years ago
Aleksander Machniak
0c9e55b0c9
Fix PHP warning when defaults.inc.php is not readable
9 years ago
Thomas Bruederli
4a408843b0
Protect download urls against CSRF using unique request tokens ( #1490642 )
...
Send X-Frame-Options headers with every HTTP response
9 years ago
Aleksander Machniak
10e5192a2b
Fix path traversal vulnerability in setting a skin ( #1490620 )
9 years ago
Aleksander Machniak
69a1e4f7b1
rcube_parse_host() -> rcube_utils::parse_host()
9 years ago
Aleksander Machniak
7476410a04
Add missing deprecation warning
9 years ago
Thomas Bruederli
458a6b26e8
Load bc.inc in script startup
9 years ago
Thomas Bruederli
32695c333c
Restore bc.inc which now logs a warning when calling deprecated functions
9 years ago
Aleksander Machniak
a15d877ba8
Added brute-force attack prevention via login rate limit ( #1490566 )
9 years ago
Aleksander Machniak
454b0b1ca9
Remove deprecated rcmail and rcube_imap methods
9 years ago
Aleksander Machniak
2aa9ee56fd
Fix so disabling emoticons plugin really removes emoticons button from HTML editor
9 years ago
dsoares
234fd19505
Replace deprecated call to Q within array_map()
9 years ago
Aleksander Machniak
74ce01efc7
Q() -> rcube::Q()
9 years ago
Aleksander Machniak
a5c03db798
Security: Added options to validate username/password on logon ( #1490500 )
9 years ago
Aleksander Machniak
c1bbf0d0b6
After failed login wait a second to slow down brute-force attacks ( #1490549 )
9 years ago
Aleksander Machniak
fddfd8e6d7
Remove backward compatibility "layer" of bc.php ( #1490534 )
9 years ago
Aleksander Machniak
df0b4f3437
Make sure an email address is valid when replacing it with mailto: link
9 years ago
Aleksander Machniak
26086981a2
Improve randomness of security tokens ( #1490529 )
9 years ago
Aleksander Machniak
e2f605d44d
Fallback to C locale
9 years ago
Aleksander Machniak
3c29c7e858
Fix various issues with Turkish (and similar) locales ( #1490519 )
9 years ago
Aleksander Machniak
c4daf3f14f
Fix regression in converting signatures to text, fixed PHP warning in html2text() call
9 years ago
Aleksander Machniak
a63f14ec40
Emoticons-related code refactoring
...
- Emoticons: All emoticons-related functionality is handled by the plugin now
- Emoticons: Added option to switch on/off emoticons in compose editor (#1485732 )
- Emoticons: Added option to switch on/off emoticons in plain text messages
- Plugin API: Added disabled_plugins an disabled_buttons options in html_editor hook
- Plugin API: Added html2text hook
9 years ago
Aleksander Machniak
1b39d9a6c7
PHP7: Fixed some E_WARNING errors that previously were E_STRICT
9 years ago
Aleksander Machniak
93e64008a6
Small code improvements
9 years ago
Aleksander Machniak
08bb20f261
Don't use deprecated functions/constants (from bc.inc)
9 years ago
Aleksander Machniak
9d78c68cbf
Fix so imap folder attribute comparisons are case-insensitive ( #1490466 )
...
+ make in_array_nocase() much faster for ASCII strings
9 years ago
Aleksander Machniak
252cc4c4ac
Password: Allow temporarily disabling the plugin functionality with a notice
9 years ago
Aleksander Machniak
8447bae77c
Require Mbstring and OpenSSL extensions ( #1490415 ) - remove redundant code
10 years ago
Aleksander Machniak
a958748947
CS fixes
10 years ago
Aleksander Machniak
b782815dac
Fix XSS vulnerability in _mbox argument handling ( #1490417 )
10 years ago
Aleksander Machniak
8042e13af6
Add --config and --type options to moduserprefs.sh script ( #1490051 )
10 years ago
Aleksander Machniak
3994b3a26c
Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key ( #1490402 )
10 years ago
Aleksander Machniak
0c08b04778
Fix issues when using moduserprefs.sh without --user argument ( #1490399 )
10 years ago
Aleksander Machniak
03aa84f784
Fix bug where some files could have "executable" extension when stored in temp folder ( #1490377 )
10 years ago
Aleksander Machniak
e7620812b0
Installer: Remove system() function use ( #1490139 )
...
Move some functionality of scripts from bin/ into rcmail_utils class
10 years ago
Thomas Bruederli
0bd99db08d
Localize common error messages; improve explanation for CSRF check failures
10 years ago
Aleksander Machniak
216b31dd99
Fix so "over quota" errors are displayed also in message compose page
...
This also fixes over quota responses on cyrus imap which uses "Over quota" string and no error identifier.
10 years ago
Aleksander Machniak
f070da7c27
Fix fatal errors on systems without mbstring extension or mb_regex_encoding() function ( #1490280 )
10 years ago
Aleksander Machniak
3665d1e8ec
Merge pull request #259 from corbosman/plugin_preload
...
Plugin preload
10 years ago
Aleksander Machniak
3779b67a9c
Set version number to 1.2-git
10 years ago
Thomas Bruederli
2f8b1036da
Bump version and copyright year
10 years ago
corbosman
de89d46be2
Load plugins before sessions have started
...
Move the plugin loading phase to before sessions have started allowing plugins to add session drivers. Plugins that want to use this should define an "onload" method in their plugins. This method does not have access to variables like $task as they are not yet initialised at that time.
10 years ago
Aleksander Machniak
09d52dbb67
Fix some typos in comments
10 years ago
Thomas Bruederli
be140e827d
Don't reset 'plugins' config option when running from update.sh script
10 years ago
Aleksander Machniak
c6efcf5e6d
Fix blocked.gif image usage with assets_dir set
10 years ago
Thomas Bruederli
b737021a90
Improve plugin selection in installer; check already selected plugins
10 years ago
Thomas B.
8e7ed506c4
Merge pull request #248 from flanpy/master
...
#1489096 : Ability to select plugins to enable in the installer
10 years ago
Aleksander Machniak
7259529fad
Get rid of requests whitelist for security check bypass
10 years ago
Aleksander Machniak
681ba6fc3c
Improve system security by using optional special URL with security token
...
Allows to define separate server/path for image/js/css files
Fix bugs where CSRF attacks were still possible on some requests
10 years ago
Aleksander Machniak
f7f4672649
Fix regression in rcmail::show_bytes() where unit was set to "[]" instead of "B"
10 years ago
Aleksander Machniak
0b36d15157
Add method to display operation (uploading) progress in UI message
10 years ago
Aleksander Machniak
2dfad0a564
Make upload progress text more compact.
...
E.g. "500 KB of 10 MB" becomes "0.5 of 10 MB"
10 years ago
Aleksander Machniak
9e4246d957
Code improvements and fixes (mostly unused variables and methods)
10 years ago
Flanpy
8f576d87d2
Add the ability to select plugins in the installer
10 years ago
Flanpy
b8837e3f43
Add the ability to enable plugins in the installer
10 years ago
Thomas Bruederli
8d526c4938
Fix skin path handling in plugin context ( #1488967 ):
...
The plugin skin directories are removed again from the search path after parsing of a plugin template has finished.
10 years ago
Aleksander Machniak
1ffab0ad4a
Fix possible issues in skin/skin_path config handling ( #1490125 )
10 years ago
Aleksander Machniak
71dbeeee10
Skip unnecessary session updates on task switch - switch session task less often ( #1490116 )
10 years ago
andryyy
383724eb97
Update rcmail.php
...
Typo
10 years ago
Thomas Bruederli
91a449138e
Add output class for commandline scripts
10 years ago
Aleksander Machniak
000f6ee304
Merge branch 'oracle'
10 years ago
Aleksander Machniak
c2345747ac
Add Oracle driver check in Installer
10 years ago