Commit Graph

9576 Commits (45dced3b8f70bbc7b2fe76c165ff2ddce4006fb2)
 

Author SHA1 Message Date
Thomas Bruederli 45dced3b8f Bump version to 1.3.13 5 years ago
Aleksander Machniak 2bf097dcdb Installer: Fix regression in SMTP test section (#7417) 5 years ago
Aleksander Machniak 7a792f8a90 Fix changelog
[skip ci]
5 years ago
Aleksander Machniak 884eb61162 Security: Fix cross-site scripting (XSS) via malicious XML attachment 5 years ago
Thomas Bruederli fc97dc2e67 Bump version to 1.3.12 5 years ago
Aleksander Machniak db49dba3e4 Security: Better fix for CVE-2020-12641 5 years ago
Aleksander Machniak 37e2bc7457 Security: Fix XSS issue in template object 'username' (#7406) 5 years ago
Aleksander Machniak 655cfa50cc Security: Fix couple of XSS issues in Installer (#7406) 5 years ago
Thomas Bruederli fe0d97e5e0 Bump version to 1.3.11 5 years ago
Aleksander Machniak 1e7bec9cb8 Fix CSRF bypass that could be used to log out an authenticated user (#7302) 5 years ago
Aleksander Machniak c0eea755cf Fix local file inclusion (and code execution) via crafted 'plugins' option 5 years ago
Aleksander Machniak 47f431b1d6 Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings 5 years ago
Aleksander Machniak 23c06159ae Fix XSS issue in handling of CDATA in HTML messages 5 years ago
Aleksander Machniak 25c4861542 Update changelog 5 years ago
Aleksander Machniak b7f1c94b97 Enigma: Fix incorrect encrypted mail structure (boundary) with Mail_Mime >= 1.10.5 5 years ago
Aleksander Machniak c76153e752 Fix PHP warning: "array_merge(): Expected parameter 2 to be an array, null given in sendmail.inc (#7003) 5 years ago
Aleksander Machniak 3483c6407f Fix PHP Warning: Use of undefined constant LOG_EMERGE (#6991) 5 years ago
Aleksander Machniak e97837ba21 Fix bug where inline images could have been ignored if Content-Id header contained redundant spaces (#6980) 5 years ago
Aleksander Machniak e37d9a1337 Fix travis testing on PHP 5.4 and 5.5 5 years ago
Aleksander Machniak 4683204ddf Fix PHP Warning: Redis::connect() expects parameter 2 to be int, string given 5 years ago
Aleksander Machniak 5315c7507f Update changelog 5 years ago
Aleksander Machniak ff7161ddc4 Use 0775 permission, it's needed for e.g. skins/elastic/deps folder 5 years ago
Aleksander Machniak 25a97474a5 Fix array offset access syntax with curly braces 5 years ago
Aleksander Machniak 0132ff0d85 Fix PHP 7.4 warning: "Creating default object from empty value" 5 years ago
Aleksander Machniak 2348899a3f Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896) 5 years ago
Aleksander Machniak 554a20fe49 Fix security issue where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897) 5 years ago
Aleksander Machniak c0c42d1075 Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899) 5 years ago
Aleksander Machniak d0d8c1ace5 Fix security issue where it was possible to bypass the position:fixed CSS check in received messages (#6898) 5 years ago
Thomas Bruederli f2e610dbe5 Bump version to 1.3.10 5 years ago
Jack Cherng 45e099b0be Fix implode() wrong parameter order (#6866)
It has been deprecated in PHP 7.4.

Such as PHP deprecated:  implode(): Passing glue string after array is deprecated. Swap the parameters in /var/www/roundcubemail/program/lib/Roundcube/rcube_db.php on line 917

Signed-off-by: Jack Cherng <jfcherng@gmail.com>
5 years ago
Aleksander Machniak 42c473aedd Fix wrong messages order after returning to a multi-folder search result (#6836) 5 years ago
Aleksander Machniak c25a6cf09b Fix bug in miemetype name comparator
The code was removing the first matching prefix (x- or x-ms-), which
caused 'x-ms-bmp' to end up as 'ms-bmp'. It should be 'bmp'. Fixed by
reverting the order of tokens in the regexp.
5 years ago
Aleksander Machniak 22375170df Fix bug in converting multi-page Tiff images into Jpeg (#6824)
When using 'convert' binary we have to use -flatten argument (the same
as we do with thumbnails) otherwise it will produce multiple output files
with -0, -1, etc. suffix. This way we make sure to generate only one image
until we support multi-page Tiff properly.
6 years ago
Aleksander Machniak 77c2c8155a Fix bug where selection of columns on messages list wasn't working 6 years ago
Aleksander Machniak 70622c37e6 Fix bug where Next/Prev button in mail view didn't work with multi-folder search result (#6793) 6 years ago
Aleksander Machniak d6f9b79be5 Update changelog 6 years ago
Aleksander Machniak 1cd1990053 Fix PHP error when using Net_LDAP3 from master
get_entry() method signature has changed. We don't really needed
that override in rcube_ldap_generic, so it's now removed.
6 years ago
Aleksander Machniak 37f4c7df77 Update changelog, add some tests for rcube_utils::parse_host() 6 years ago
Amir Caspi 06c5a20331 Update rcube_utils::parse_host, fixes #6746
Updated regexps used in parse_host to ensure that %t, %d, %z do not cut off domain and return only tld when underlying host has no subdomain (i.e., is just domain.tld rather than mail.domain.tld).  Update fixes #6746, now returns nothing shorter than domain.tld.

Also removed backslash from character class, period does not need to be escaped within character class.
6 years ago
Aleksander Machniak 55ebae3c1e Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758) 6 years ago
Aleksander Machniak de25226d31 Enigma: Fix "decryption oracle" bug [CVE-2019-10740] (#6638)
When composing mail (on reply/forward/edit) we decrypt content only
in the first "content part" of the message.
6 years ago
Aleksander Machniak 8b649420ff Fix regexp 6 years ago
Aleksander Machniak f8afd18713 Enigma: Fix error message when trying to encrypt with a revoked private key (#6607) 6 years ago
Aleksander Machniak 0c828a254e Enigma: Fix bug where revoked users/keys were not greyed out in key info
The 'deleted' class was assigned to the wrong (next) row in a table.
It also didn't work in Elastic skin at all because of the missing style.
6 years ago
Aleksander Machniak cfd3d4ad38 Fix PHP Deprecated: idn_to_ascii(): INTL_IDNA_VARIANT_2003 is deprecated
Use rcube_utils::idn_to_ascii() instead of idn_to_ascii().
6 years ago
Aleksander Machniak 8b706775f3 Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744)
Looks like \R is not allowed in character class, but \r\n is fine.
On PHP 7.3.5 it throws warnings and empty result from preg_replace(),
though I couldn't reproduce.
6 years ago
Aleksander Machniak 9cb1912553 Fix bug where bmp images couldn't be displayed on some systems (#6728) 6 years ago
Aleksander Machniak 02631baf9e Managesieve: Fix so "Create filter" option does not show up when Filters menu is disabled (#6723) 6 years ago
Aleksander Machniak 7b8a183e9f Bump version to 1.3.9 6 years ago
Aleksander Machniak c4bc3341cb Merge branch 'release-1.3' of github.com:roundcube/roundcubemail into release-1.3 6 years ago