Commit Graph

2211 Commits (437aca39e06fbaae705b009846563dd36ee8aa55)

Author SHA1 Message Date
Aleksander Machniak 4361a95820 Fix missing localization of HTML editor when assets_dir != INSTALL_PATH 8 years ago
Aleksander Machniak 9e64dc2deb Remove application/x-tar file extension test as it might not exist in nginx config (#5253)
Use text/css instead
9 years ago
Aleksander Machniak 9634169647 Bump version number to 1.3-beta 9 years ago
Aleksander Machniak a0f38f5fd8 Small code style improvements 9 years ago
Aleksander Machniak 4e6f3019f5 Enigma: Handle encrypted/signed content inside message/rfc822 attachments 9 years ago
Aleksander Machniak 3a13b5dab8 CS fixes 9 years ago
Aleksander Machniak 0c9e55b0c9 Fix PHP warning when defaults.inc.php is not readable 9 years ago
Thomas Bruederli 4a408843b0 Protect download urls against CSRF using unique request tokens (#1490642)
Send X-Frame-Options headers with every HTTP response
9 years ago
Aleksander Machniak 10e5192a2b Fix path traversal vulnerability in setting a skin (#1490620) 9 years ago
Aleksander Machniak 69a1e4f7b1 rcube_parse_host() -> rcube_utils::parse_host() 9 years ago
Aleksander Machniak 7476410a04 Add missing deprecation warning 9 years ago
Thomas Bruederli 458a6b26e8 Load bc.inc in script startup 9 years ago
Thomas Bruederli 32695c333c Restore bc.inc which now logs a warning when calling deprecated functions 9 years ago
Aleksander Machniak a15d877ba8 Added brute-force attack prevention via login rate limit (#1490566) 9 years ago
Aleksander Machniak 454b0b1ca9 Remove deprecated rcmail and rcube_imap methods 9 years ago
Aleksander Machniak 2aa9ee56fd Fix so disabling emoticons plugin really removes emoticons button from HTML editor 9 years ago
dsoares 234fd19505 Replace deprecated call to Q within array_map() 9 years ago
Aleksander Machniak 74ce01efc7 Q() -> rcube::Q() 9 years ago
Aleksander Machniak a5c03db798 Security: Added options to validate username/password on logon (#1490500) 9 years ago
Aleksander Machniak c1bbf0d0b6 After failed login wait a second to slow down brute-force attacks (#1490549) 9 years ago
Aleksander Machniak fddfd8e6d7 Remove backward compatibility "layer" of bc.php (#1490534) 9 years ago
Aleksander Machniak df0b4f3437 Make sure an email address is valid when replacing it with mailto: link 9 years ago
Aleksander Machniak 26086981a2 Improve randomness of security tokens (#1490529) 9 years ago
Aleksander Machniak e2f605d44d Fallback to C locale 9 years ago
Aleksander Machniak 3c29c7e858 Fix various issues with Turkish (and similar) locales (#1490519) 9 years ago
Aleksander Machniak c4daf3f14f Fix regression in converting signatures to text, fixed PHP warning in html2text() call 9 years ago
Aleksander Machniak a63f14ec40 Emoticons-related code refactoring
- Emoticons: All emoticons-related functionality is handled by the plugin now
- Emoticons: Added option to switch on/off emoticons in compose editor (#1485732)
- Emoticons: Added option to switch on/off emoticons in plain text messages
- Plugin API: Added disabled_plugins an disabled_buttons options in html_editor hook
- Plugin API: Added html2text hook
9 years ago
Aleksander Machniak 1b39d9a6c7 PHP7: Fixed some E_WARNING errors that previously were E_STRICT 9 years ago
Aleksander Machniak 93e64008a6 Small code improvements 9 years ago
Aleksander Machniak 08bb20f261 Don't use deprecated functions/constants (from bc.inc) 9 years ago
Aleksander Machniak 9d78c68cbf Fix so imap folder attribute comparisons are case-insensitive (#1490466)
+ make in_array_nocase() much faster for ASCII strings
9 years ago
Aleksander Machniak 252cc4c4ac Password: Allow temporarily disabling the plugin functionality with a notice 9 years ago
Aleksander Machniak 8447bae77c Require Mbstring and OpenSSL extensions (#1490415) - remove redundant code 10 years ago
Aleksander Machniak a958748947 CS fixes 10 years ago
Aleksander Machniak b782815dac Fix XSS vulnerability in _mbox argument handling (#1490417) 10 years ago
Aleksander Machniak 8042e13af6 Add --config and --type options to moduserprefs.sh script (#1490051) 10 years ago
Aleksander Machniak 3994b3a26c Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402) 10 years ago
Aleksander Machniak 0c08b04778 Fix issues when using moduserprefs.sh without --user argument (#1490399) 10 years ago
Aleksander Machniak 03aa84f784 Fix bug where some files could have "executable" extension when stored in temp folder (#1490377) 10 years ago
Aleksander Machniak e7620812b0 Installer: Remove system() function use (#1490139)
Move some functionality of scripts from bin/ into rcmail_utils class
10 years ago
Thomas Bruederli 0bd99db08d Localize common error messages; improve explanation for CSRF check failures 10 years ago
Aleksander Machniak 216b31dd99 Fix so "over quota" errors are displayed also in message compose page
This also fixes over quota responses on cyrus imap which uses "Over quota" string and no error identifier.
10 years ago
Aleksander Machniak f070da7c27 Fix fatal errors on systems without mbstring extension or mb_regex_encoding() function (#1490280) 10 years ago
Aleksander Machniak 3665d1e8ec Merge pull request #259 from corbosman/plugin_preload
Plugin preload
10 years ago
Aleksander Machniak 3779b67a9c Set version number to 1.2-git 10 years ago
Thomas Bruederli 2f8b1036da Bump version and copyright year 10 years ago
corbosman de89d46be2 Load plugins before sessions have started
Move the plugin loading phase to before sessions have started allowing plugins to add session drivers.  Plugins that want to use this should define an "onload" method in their plugins. This method does not have access to variables like $task as they are not yet initialised at that time.
10 years ago
Aleksander Machniak 09d52dbb67 Fix some typos in comments 10 years ago
Thomas Bruederli be140e827d Don't reset 'plugins' config option when running from update.sh script 10 years ago
Aleksander Machniak c6efcf5e6d Fix blocked.gif image usage with assets_dir set 10 years ago