Aleksander Machniak
4361a95820
Fix missing localization of HTML editor when assets_dir != INSTALL_PATH
8 years ago
Aleksander Machniak
9e64dc2deb
Remove application/x-tar file extension test as it might not exist in nginx config ( #5253 )
...
Use text/css instead
9 years ago
Aleksander Machniak
9634169647
Bump version number to 1.3-beta
9 years ago
Aleksander Machniak
a0f38f5fd8
Small code style improvements
9 years ago
Aleksander Machniak
4e6f3019f5
Enigma: Handle encrypted/signed content inside message/rfc822 attachments
9 years ago
Aleksander Machniak
3a13b5dab8
CS fixes
9 years ago
Aleksander Machniak
0c9e55b0c9
Fix PHP warning when defaults.inc.php is not readable
9 years ago
Thomas Bruederli
4a408843b0
Protect download urls against CSRF using unique request tokens ( #1490642 )
...
Send X-Frame-Options headers with every HTTP response
9 years ago
Aleksander Machniak
10e5192a2b
Fix path traversal vulnerability in setting a skin ( #1490620 )
9 years ago
Aleksander Machniak
69a1e4f7b1
rcube_parse_host() -> rcube_utils::parse_host()
9 years ago
Aleksander Machniak
7476410a04
Add missing deprecation warning
9 years ago
Thomas Bruederli
458a6b26e8
Load bc.inc in script startup
9 years ago
Thomas Bruederli
32695c333c
Restore bc.inc which now logs a warning when calling deprecated functions
9 years ago
Aleksander Machniak
a15d877ba8
Added brute-force attack prevention via login rate limit ( #1490566 )
9 years ago
Aleksander Machniak
454b0b1ca9
Remove deprecated rcmail and rcube_imap methods
9 years ago
Aleksander Machniak
2aa9ee56fd
Fix so disabling emoticons plugin really removes emoticons button from HTML editor
9 years ago
dsoares
234fd19505
Replace deprecated call to Q within array_map()
9 years ago
Aleksander Machniak
74ce01efc7
Q() -> rcube::Q()
9 years ago
Aleksander Machniak
a5c03db798
Security: Added options to validate username/password on logon ( #1490500 )
9 years ago
Aleksander Machniak
c1bbf0d0b6
After failed login wait a second to slow down brute-force attacks ( #1490549 )
9 years ago
Aleksander Machniak
fddfd8e6d7
Remove backward compatibility "layer" of bc.php ( #1490534 )
9 years ago
Aleksander Machniak
df0b4f3437
Make sure an email address is valid when replacing it with mailto: link
9 years ago
Aleksander Machniak
26086981a2
Improve randomness of security tokens ( #1490529 )
9 years ago
Aleksander Machniak
e2f605d44d
Fallback to C locale
9 years ago
Aleksander Machniak
3c29c7e858
Fix various issues with Turkish (and similar) locales ( #1490519 )
9 years ago
Aleksander Machniak
c4daf3f14f
Fix regression in converting signatures to text, fixed PHP warning in html2text() call
9 years ago
Aleksander Machniak
a63f14ec40
Emoticons-related code refactoring
...
- Emoticons: All emoticons-related functionality is handled by the plugin now
- Emoticons: Added option to switch on/off emoticons in compose editor (#1485732 )
- Emoticons: Added option to switch on/off emoticons in plain text messages
- Plugin API: Added disabled_plugins an disabled_buttons options in html_editor hook
- Plugin API: Added html2text hook
9 years ago
Aleksander Machniak
1b39d9a6c7
PHP7: Fixed some E_WARNING errors that previously were E_STRICT
9 years ago
Aleksander Machniak
93e64008a6
Small code improvements
9 years ago
Aleksander Machniak
08bb20f261
Don't use deprecated functions/constants (from bc.inc)
9 years ago
Aleksander Machniak
9d78c68cbf
Fix so imap folder attribute comparisons are case-insensitive ( #1490466 )
...
+ make in_array_nocase() much faster for ASCII strings
9 years ago
Aleksander Machniak
252cc4c4ac
Password: Allow temporarily disabling the plugin functionality with a notice
9 years ago
Aleksander Machniak
8447bae77c
Require Mbstring and OpenSSL extensions ( #1490415 ) - remove redundant code
10 years ago
Aleksander Machniak
a958748947
CS fixes
10 years ago
Aleksander Machniak
b782815dac
Fix XSS vulnerability in _mbox argument handling ( #1490417 )
10 years ago
Aleksander Machniak
8042e13af6
Add --config and --type options to moduserprefs.sh script ( #1490051 )
10 years ago
Aleksander Machniak
3994b3a26c
Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key ( #1490402 )
10 years ago
Aleksander Machniak
0c08b04778
Fix issues when using moduserprefs.sh without --user argument ( #1490399 )
10 years ago
Aleksander Machniak
03aa84f784
Fix bug where some files could have "executable" extension when stored in temp folder ( #1490377 )
10 years ago
Aleksander Machniak
e7620812b0
Installer: Remove system() function use ( #1490139 )
...
Move some functionality of scripts from bin/ into rcmail_utils class
10 years ago
Thomas Bruederli
0bd99db08d
Localize common error messages; improve explanation for CSRF check failures
10 years ago
Aleksander Machniak
216b31dd99
Fix so "over quota" errors are displayed also in message compose page
...
This also fixes over quota responses on cyrus imap which uses "Over quota" string and no error identifier.
10 years ago
Aleksander Machniak
f070da7c27
Fix fatal errors on systems without mbstring extension or mb_regex_encoding() function ( #1490280 )
10 years ago
Aleksander Machniak
3665d1e8ec
Merge pull request #259 from corbosman/plugin_preload
...
Plugin preload
10 years ago
Aleksander Machniak
3779b67a9c
Set version number to 1.2-git
10 years ago
Thomas Bruederli
2f8b1036da
Bump version and copyright year
10 years ago
corbosman
de89d46be2
Load plugins before sessions have started
...
Move the plugin loading phase to before sessions have started allowing plugins to add session drivers. Plugins that want to use this should define an "onload" method in their plugins. This method does not have access to variables like $task as they are not yet initialised at that time.
10 years ago
Aleksander Machniak
09d52dbb67
Fix some typos in comments
10 years ago
Thomas Bruederli
be140e827d
Don't reset 'plugins' config option when running from update.sh script
10 years ago
Aleksander Machniak
c6efcf5e6d
Fix blocked.gif image usage with assets_dir set
10 years ago