Commit Graph

2394 Commits (3d4a02a3a6383220a8ef3c53dacaa7203fe06d28)

Author SHA1 Message Date
Aleksander Machniak 8e543f843e Fix check_request() bypass in places using get_uids() [CVE-2018-9846] (#6238) 7 years ago
Aleksander Machniak 5832eca405 RCMAIL_CHARSET -> RCUBE_CHARSET (#6236) 7 years ago
Aleksander Machniak 73ea8f94d0 Use htmlspecialchars() with charset argument, simplify some code 7 years ago
Aleksander Machniak a451ad6599 Fix handling encoding of HTML tags in "inline" JSON output (#6207) 7 years ago
Aleksander Machniak 4f6079833a Fix PHP 7.2 warning: count(): Parameter must be an array or an object that implements Countable 7 years ago
Aleksander Machniak b00d5c3836 Automatically localize data-label-* attributes of a template object 7 years ago
Aleksander Machniak 83bd85677b Remove x_frame_options env 7 years ago
Aleksander Machniak b172fb505c Improve trusted_host_patterns code 7 years ago
Aleksander Machniak 55a1d6ef1b Make search form's aria label to also support plugin localization (via label-domain property) 7 years ago
Aleksander Machniak 38d275445d Plugin API: Add 'write' argument to 'render_page' hook 7 years ago
Aleksander Machniak 8e2f6275a4 Prevent from empty 'class' attribute in generated html 7 years ago
Aleksander Machniak 00cb440a07 Inline warnings can contain HTML code (regression fix) 7 years ago
Aleksander Machniak db382fa19c Change remote images to remote resources warning also in html attachment preview 7 years ago
Aleksander Machniak 46e2e7e16c CS fix 7 years ago
Aleksander Machniak 758044d69e Add skin config options to dont_override list
... so e.g. options in user preferences will be hidden.
7 years ago
Aleksander Machniak 1cf72fa2b6 Allow plugins to include Less files (#6051) 7 years ago
PhilW 26f1b0770c use skinned alert boxes 7 years ago
PhilW b897fe9349 use skined confirmation boxes where possible 7 years ago
Aleksander Machniak 910c735b87 Merge branch 'master' into dev-elastic 7 years ago
Aleksander Machniak 2a32f51c91 Fix file disclosure vulnerability caused by insuficient input validation in relation with attachment plugins (#6026) 7 years ago
Aleksander Machniak ef0982f1b8 Merge branch 'master' into dev-elastic 7 years ago
JohnDoh a8f0d35ebc Extend disabled_actions config so it accepts also button names (#5903) 7 years ago
Aleksander Machniak d815525c6a Merge branch 'master' into dev-elastic 7 years ago
Aleksander Machniak 22b30de5d9 Fix bug where assets_path wasn't added to some watermark frames 7 years ago
Aleksander Machniak 3a77c906a1 Merge branch 'master' into dev-elastic 7 years ago
Aleksander Machniak 6ecf87b5bd Support 'class' attribute in ComposeFormHead object 7 years ago
Aleksander Machniak b77cce8d3e Fix sending message with "Too many public recipients" dialog buttons (#5924) 7 years ago
Aleksander Machniak 13d203303e Refactored Help plugin to use frames, added Elastic skin support 7 years ago
Aleksander Machniak 5d398d4d00 Add version number to the client environment 7 years ago
Aleksander Machniak 040a71e76c Make public class rcmail_bounce_mail (now rcmail_resend_mail) (#5861) 7 years ago
Aleksander Machniak cfed954a46 Fix bug where Chrome could not upload the same file that was selected before (#5854)
... and removed the cancel hack that is not needed anymore.
7 years ago
Aleksander Machniak 1b2d3c0ac2 Email Resent (Bounce) feature (#4985) 7 years ago
Aleksander Machniak 4b2f2b6b3b Use about:blank instead of blank.gif for empty iframes 8 years ago
Aleksander Machniak 84a79ee8db Move common mail composing/sending code to new rcmail_sendmail class
This is needed to make simpler an implementation of e.g.
- Mail Bounce feature (#4985),
- Direct Draft sending (#4998),
- Fast reply from mail preview (#5129).
8 years ago
Aleksander Machniak 86a4d78369 Merge branch 'dev-elastic' 8 years ago
Aleksander Machniak 05ea5a5548 Add ignore_errors option to rcube_db, so error logging can be disabled temporarily
Use ignore_errors to make sure the DDL upgrade errors are printed only once.
8 years ago
Aleksander Machniak 7b4b36b16c Plugin API: Added 'show_bytes' hook (#5001) 8 years ago
Aleksander Machniak 8fff21deb5 Fix POST parameter reflection in default_charset selector (#5768) 8 years ago
Aleksander Machniak 5101cfc67a Bump version to 1.4-git 8 years ago
Aleksander Machniak 9858c2a294 Merge branch 'master' into dev-elastic 8 years ago
Aleksander Machniak cc0defce86 Fix failing database schema check in all engines except mysql (#5730) 8 years ago
Aleksander Machniak 51fb3bfa58 Support including files with path relative to templates dir 8 years ago
Aleksander Machniak 559254d6ee Use <button> instead of <input> for submit button on logon screen 8 years ago
Aleksander Machniak b1be7fca51 Unify inline warnings in rcmail_html_page 8 years ago
Aleksander Machniak 34446e00ca Fix bug where namespace prefix could not be truncated on folders list if show_real_foldernames=true (#5695) 8 years ago
Aleksander Machniak 51dffcda86 Skip <script> element if it has no content 8 years ago
Aleksander Machniak f03839b24b Add support for 'link' objects in templates (with conditions)
.. to simplify conditional <link> tags injection while nested 'if' objects do not work
8 years ago
Aleksander Machniak 71ff264b02 Support conditional include 8 years ago
ka7 9a35768c26 spelling fixes (#5690) 8 years ago
Aleksander Machniak 38067f61da Get rid of data-popup-pos 8 years ago
Aleksander Machniak adbab9d3e2 Merge branch 'master' into dev-elastic 8 years ago
Aleksander Machniak e2d80479d6 Make possible to set (some) config options from a skin 8 years ago
Aleksander Machniak 81f67a4de2 Don't use each() deprecated in PHP 7.2 8 years ago
Aleksander Machniak f29fd706cf Get back to eval()
We used create_function() before but it's deprecated in PHP 7.2
and really it was just a wrapper on eval().
8 years ago
Aleksander Machniak 879f1dd2a0 Register some labels, add one localization label 8 years ago
Aleksander Machniak 8131629c6e Extended unified searchform object for templates engine 8 years ago
Aleksander Machniak cc10cbe039 Make button object to be a <button> by default 8 years ago
Aleksander Machniak 25de39d444 Merge branch 'dev-remove-js-deps' 8 years ago
Aleksander Machniak 369b44d94a Fix unsetting template objects
Fixes compatibility with some plugins e.g. kolab_addressbook which
call parse() method (for sub-templates) while parsing the main template
8 years ago
Aleksander Machniak 2733258d2b Load 'close' label for dialogs by default 8 years ago
Aleksander Machniak 5e1da48d0c Remove external javascript code from the git repo, add jsdeps.sh script (#5535) 8 years ago
Aleksander Machniak a844db6a27 Merge branch 'dev-layouts' 8 years ago
Aleksander Machniak e17fcf1649 Support ALLOW-FROM in x_frame_options (#5122) 8 years ago
Aleksander Machniak d02e6ea45e Fix so templating system does not mess with external (e.g. email) content (#5499) 8 years ago
Aleksander Machniak ecfe177173 CS fixes, use $this instead of local variable 8 years ago
Aleksander Machniak e3b61cd487 Plugin API: Added get_compose_responses hook (#5457) 8 years ago
Aleksander Machniak edea8732a6 Fix regression where UI object could be not created on some pages (#5484) 8 years ago
Aleksander Machniak 571a10751f Display error when trying to upload more files than specified in max_file_uploads (#5483) 8 years ago
Aleksander Machniak f43f5bf93f Use JSON_PRETTY_PRINT in devel_mode
This effectively makes PHP 5.4 a real requirement
8 years ago
Aleksander Machniak 4e0532808d Fix bug where it wasn't possible to store more that 2MB objects in memcache/apc (#5452)
Added memcache_max_allowed_packet and apc_max_allowed_packet settings
8 years ago
Aleksander Machniak 40fe66b71e Fix reference to non-existing blank.tif file in mime_content_type check 8 years ago
Aleksander Machniak 638afafbd2 Make so rcmail.log() depends on devel_mode (#5193) 8 years ago
Aleksander Machniak 6886a4de3f Widescreen layout aka three column view (#5093) 8 years ago
Aleksander Machniak 650ac8befb Fix displaying size of attachments with zero size 8 years ago
Victor Benincasa daeb66ee99 Fix login form
Fix a small bug introduced on commit 43f3c5f that breaks the login form ($attrib['form'] is checked at line 1899, so it cannot be unset).
8 years ago
Aleksander Machniak 32e5a6bbcf Fix bug where folder creation could fail if personal namespace contained more than one entry (#5403)
+ small code improvements
8 years ago
Aleksander Machniak 873e0353cf Use smart-upload-button for messages and contact photos upload
Unified interface with rcmail::upload_form().
8 years ago
Aleksander Machniak 43f3c5fb2a Implement "one click" attachment upload (#5024) 8 years ago
Aleksander Machniak 9debc38724 Drop mail_header_delimiter option, since we don't use mail() we don't need it 8 years ago
Aleksander Machniak 184de7735c CS fixes (mostly phpdoc) 8 years ago
Aleksander Machniak ebc2f5dc7d Add possibility to rename attachments in mail compose (#4996)
... and fix some small issues related to the new compose attachment menu feature
8 years ago
Aleksander Machniak 8a13615e9e Add possibility to preview and download attachments in mail compose (#5053) 8 years ago
Aleksander Machniak e1165fed89 Remove backward compatibility "layer" of bc.php (#4902) - now for real 8 years ago
Aleksander Machniak 4361a95820 Fix missing localization of HTML editor when assets_dir != INSTALL_PATH 8 years ago
Aleksander Machniak 9e64dc2deb Remove application/x-tar file extension test as it might not exist in nginx config (#5253)
Use text/css instead
9 years ago
Aleksander Machniak 9634169647 Bump version number to 1.3-beta 9 years ago
Aleksander Machniak a0f38f5fd8 Small code style improvements 9 years ago
Aleksander Machniak 4e6f3019f5 Enigma: Handle encrypted/signed content inside message/rfc822 attachments 9 years ago
Aleksander Machniak 3a13b5dab8 CS fixes 9 years ago
Aleksander Machniak 0c9e55b0c9 Fix PHP warning when defaults.inc.php is not readable 9 years ago
Thomas Bruederli 4a408843b0 Protect download urls against CSRF using unique request tokens (#1490642)
Send X-Frame-Options headers with every HTTP response
9 years ago
Aleksander Machniak 10e5192a2b Fix path traversal vulnerability in setting a skin (#1490620) 9 years ago
Aleksander Machniak 69a1e4f7b1 rcube_parse_host() -> rcube_utils::parse_host() 9 years ago
Aleksander Machniak 7476410a04 Add missing deprecation warning 9 years ago
Thomas Bruederli 458a6b26e8 Load bc.inc in script startup 9 years ago
Thomas Bruederli 32695c333c Restore bc.inc which now logs a warning when calling deprecated functions 9 years ago
Aleksander Machniak a15d877ba8 Added brute-force attack prevention via login rate limit (#1490566) 9 years ago
Aleksander Machniak 454b0b1ca9 Remove deprecated rcmail and rcube_imap methods 9 years ago
Aleksander Machniak 2aa9ee56fd Fix so disabling emoticons plugin really removes emoticons button from HTML editor 9 years ago
dsoares 234fd19505 Replace deprecated call to Q within array_map() 9 years ago
Aleksander Machniak 74ce01efc7 Q() -> rcube::Q() 9 years ago
Aleksander Machniak a5c03db798 Security: Added options to validate username/password on logon (#1490500) 9 years ago
Aleksander Machniak c1bbf0d0b6 After failed login wait a second to slow down brute-force attacks (#1490549) 9 years ago
Aleksander Machniak fddfd8e6d7 Remove backward compatibility "layer" of bc.php (#1490534) 9 years ago
Aleksander Machniak df0b4f3437 Make sure an email address is valid when replacing it with mailto: link 9 years ago
Aleksander Machniak 26086981a2 Improve randomness of security tokens (#1490529) 9 years ago
Aleksander Machniak e2f605d44d Fallback to C locale 9 years ago
Aleksander Machniak 3c29c7e858 Fix various issues with Turkish (and similar) locales (#1490519) 9 years ago
Aleksander Machniak c4daf3f14f Fix regression in converting signatures to text, fixed PHP warning in html2text() call 9 years ago
Aleksander Machniak a63f14ec40 Emoticons-related code refactoring
- Emoticons: All emoticons-related functionality is handled by the plugin now
- Emoticons: Added option to switch on/off emoticons in compose editor (#1485732)
- Emoticons: Added option to switch on/off emoticons in plain text messages
- Plugin API: Added disabled_plugins an disabled_buttons options in html_editor hook
- Plugin API: Added html2text hook
9 years ago
Aleksander Machniak 1b39d9a6c7 PHP7: Fixed some E_WARNING errors that previously were E_STRICT 9 years ago
Aleksander Machniak 93e64008a6 Small code improvements 9 years ago
Aleksander Machniak 08bb20f261 Don't use deprecated functions/constants (from bc.inc) 9 years ago
Aleksander Machniak 9d78c68cbf Fix so imap folder attribute comparisons are case-insensitive (#1490466)
+ make in_array_nocase() much faster for ASCII strings
9 years ago
Aleksander Machniak 252cc4c4ac Password: Allow temporarily disabling the plugin functionality with a notice 9 years ago
Aleksander Machniak 8447bae77c Require Mbstring and OpenSSL extensions (#1490415) - remove redundant code 10 years ago
Aleksander Machniak a958748947 CS fixes 10 years ago
Aleksander Machniak b782815dac Fix XSS vulnerability in _mbox argument handling (#1490417) 10 years ago
Aleksander Machniak 8042e13af6 Add --config and --type options to moduserprefs.sh script (#1490051) 10 years ago
Aleksander Machniak 3994b3a26c Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402) 10 years ago
Aleksander Machniak 0c08b04778 Fix issues when using moduserprefs.sh without --user argument (#1490399) 10 years ago
Aleksander Machniak 03aa84f784 Fix bug where some files could have "executable" extension when stored in temp folder (#1490377) 10 years ago
Aleksander Machniak e7620812b0 Installer: Remove system() function use (#1490139)
Move some functionality of scripts from bin/ into rcmail_utils class
10 years ago
Thomas Bruederli 0bd99db08d Localize common error messages; improve explanation for CSRF check failures 10 years ago
Aleksander Machniak 216b31dd99 Fix so "over quota" errors are displayed also in message compose page
This also fixes over quota responses on cyrus imap which uses "Over quota" string and no error identifier.
10 years ago
Aleksander Machniak f070da7c27 Fix fatal errors on systems without mbstring extension or mb_regex_encoding() function (#1490280) 10 years ago
Aleksander Machniak 3665d1e8ec Merge pull request #259 from corbosman/plugin_preload
Plugin preload
10 years ago
Aleksander Machniak 3779b67a9c Set version number to 1.2-git 10 years ago
Thomas Bruederli 2f8b1036da Bump version and copyright year 10 years ago
corbosman de89d46be2 Load plugins before sessions have started
Move the plugin loading phase to before sessions have started allowing plugins to add session drivers.  Plugins that want to use this should define an "onload" method in their plugins. This method does not have access to variables like $task as they are not yet initialised at that time.
10 years ago
Aleksander Machniak 09d52dbb67 Fix some typos in comments 10 years ago
Thomas Bruederli be140e827d Don't reset 'plugins' config option when running from update.sh script 10 years ago
Aleksander Machniak c6efcf5e6d Fix blocked.gif image usage with assets_dir set 10 years ago
Thomas Bruederli b737021a90 Improve plugin selection in installer; check already selected plugins 10 years ago
Thomas B. 8e7ed506c4 Merge pull request #248 from flanpy/master
#1489096 : Ability to select plugins to enable in the installer
10 years ago
Aleksander Machniak 7259529fad Get rid of requests whitelist for security check bypass 10 years ago
Aleksander Machniak 681ba6fc3c Improve system security by using optional special URL with security token
Allows to define separate server/path for image/js/css files
Fix bugs where CSRF attacks were still possible on some requests
10 years ago
Aleksander Machniak f7f4672649 Fix regression in rcmail::show_bytes() where unit was set to "[]" instead of "B" 10 years ago
Aleksander Machniak 0b36d15157 Add method to display operation (uploading) progress in UI message 10 years ago
Aleksander Machniak 2dfad0a564 Make upload progress text more compact.
E.g. "500 KB of 10 MB" becomes "0.5 of 10 MB"
10 years ago
Aleksander Machniak 9e4246d957 Code improvements and fixes (mostly unused variables and methods) 10 years ago
Flanpy 8f576d87d2 Add the ability to select plugins in the installer 10 years ago
Flanpy b8837e3f43 Add the ability to enable plugins in the installer 10 years ago
Thomas Bruederli 8d526c4938 Fix skin path handling in plugin context (#1488967):
The plugin skin directories are removed again from the search path after parsing of a plugin template has finished.
10 years ago
Aleksander Machniak 1ffab0ad4a Fix possible issues in skin/skin_path config handling (#1490125) 10 years ago
Aleksander Machniak 71dbeeee10 Skip unnecessary session updates on task switch - switch session task less often (#1490116) 10 years ago
andryyy 383724eb97 Update rcmail.php
Typo
10 years ago
Thomas Bruederli 91a449138e Add output class for commandline scripts 10 years ago
Aleksander Machniak 000f6ee304 Merge branch 'oracle' 10 years ago
Aleksander Machniak c2345747ac Add Oracle driver check in Installer 10 years ago