Commit Graph

9260 Commits (522565b400e623ad190b57f56c1d21ff63418e33)
 

Author SHA1 Message Date
Thomas Bruederli 522565b400 Add tests for XSS vulnerabilities in style tags 8 years ago
Thomas Bruederli bf21557873 Better fix for XSS in style tags (b59ff5ca) 8 years ago
Aleksander Machniak 05aae4711c Replace xss_entity_decode_callback() method with lambda function 8 years ago
Aleksander Machniak b59ff5cafb Fix XSS issue in handling of a style tag inside of an svg element 8 years ago
Aleksander Machniak 8953c7a257 Fix possible defect in handling \r\n in scripts (#5685) 8 years ago
Aleksander Machniak 69fb773fac Move pear/net_ldap2 back to 'suggests" section
It requires php-ldap extension which might be problematic when
someone does not need to use LDAP.
8 years ago
Aleksander Machniak 91e36f2ffe Use packagist instead of pear 8 years ago
Aleksander Machniak fa32c2c471 Plugin API: Call message_part_structure hook for sub-parts of multipart/alternative message (#5678) 8 years ago
Aleksander Machniak 51dbc2e438 Merge branch 'master' of github.com:roundcube/roundcubemail 8 years ago
Aleksander Machniak 9028e77290 Enigma: Set micalg parameter to real hash algorithm used for signing 8 years ago
Shin Kojima 0b385dc946 Skip iconv for problematic ISO-2022-JP strings (#5668)
We sometimes get broken character encodings such as:
Subject: =?iso-2022-jp?B?GyRCLWo7M3l1OSk2SBsoQgo=?=
This actually is not a strict ISO-2022-JP string, but a CP50220 string
that is a variant of ISO-2022-JP with extended characters proposed by
Microsoft. Iconv can not handle these encodings well.
8 years ago
Aleksander Machniak f2ab7ec929 Lock phpunit to version 5.7.x 8 years ago
Aleksander Machniak 821d449d86 Fix/rephrase "unsaved changes" warning when cancelling a draft (#5610) 8 years ago
Aleksander Machniak dd8637350b Use stable release of Crypt_GPG 1.6 8 years ago
Aleksander Machniak 3dd24bce75 Merge pull request #5658 from JohnDoh/group-rename
small amendment to #5652
8 years ago
JohnDoh d379dc897a small fix for current group detection and add similar rules for group-delete 8 years ago
Aleksander Machniak 13b98199ed Managesieve: Fix parser issue with empty lines between comments (#5657) 8 years ago
Aleksander Machniak 4d663c477c Merge pull request #5635 from joebordes/patch-1
Pass full message object on message_sent event
8 years ago
Aleksander Machniak ec98aa5b52 Merge pull request #5652 from JohnDoh/group-rename
don't use env for group-rename action
8 years ago
Aleksander Machniak cd61d7ebd0 Minimize unwanted message loading in preview frame on drag (#5616)
also remove dummy_select flag which is not needed anymore.
8 years ago
Aleksander Machniak 3294a41b3b Small code simplification 8 years ago
Aleksander Machniak dae5ffd07a Fix bug where it was too easy accidentally move a folder when using the subscription checkbox (#5655) 8 years ago
JohnDoh 336e937946 also fix source in group create function 8 years ago
JohnDoh 82d049f1a2 check group id matches current one before changing the title 8 years ago
PhilW e6f18ba6a6 Merge branch 'master' 8 years ago
Aleksander Machniak 364e887b32 Add rewrite rule to disable access to /vendor/bin folder in .htaccess (#5630) 8 years ago
Aleksander Machniak 95a7ece543 Fix update of group name in the contacts list header on group rename (#5648) 8 years ago
JohnDoh f40e515cb2 don't use env for group-rename action 8 years ago
Aleksander Machniak e2a8fb799e Add note about PinEntry issues with SELinux (#5620) 8 years ago
Aleksander Machniak dd53a3d486 Enigma: Fix handling of messages with nested PGP encrypted parts (#5634) 8 years ago
Aleksander Machniak b7e4c94972 Bring back lists buttons in TinyMCE toolbar 8 years ago
Aleksander Machniak 3e427b4a42 Fix double http request regression (#5633)
Removed 'click' event handler on messages list which was used only
to allow message re-selection. As this feature was broken since 0.9
it looks like we don't really need it. When you're in ctrl-selection
state you can easily ctrl-unselect the message.
8 years ago
Aleksander Machniak 8efd2003aa Add note about install-jsdeps.sh to upgrade procedure 8 years ago
Aleksander Machniak ad83610a5e Rename $sql_arr variable to $record as it's not about sql only 8 years ago
Aleksander Machniak 61bec3efa4 Fix regression where groups with email address were resolved to its members' addresses 8 years ago
Joe Bordes 3c1d951d84 feat(Hook) full message object on message_sent event 8 years ago
Aleksander Machniak 81f67a4de2 Don't use each() deprecated in PHP 7.2 8 years ago
Aleksander Machniak f29fd706cf Get back to eval()
We used create_function() before but it's deprecated in PHP 7.2
and really it was just a wrapper on eval().
8 years ago
Aleksander Machniak dfd19206a4 sizeof() -> count() 8 years ago
Aleksander Machniak d04cc14018 Enigma: Always use detached signatures (#5624) 8 years ago
Aleksander Machniak a426f66785 Fix fatal error when accessing PGP keys list using classic skin 8 years ago
Aleksander Machniak 46e3b94826 Fix bug where signature couldn't be added above the quote in Firefox 51 (#5628) 8 years ago
Aleksander Machniak bae3b2ac9b Update changelog 8 years ago
Aleksander Machniak 9cf1e83d7a Fix autocomplete popup closing (#5606)
1. Tab key does not work as Enter. Now it works as Escape and jumps to another input.
2. Click on document (outside of the autocomplete input and popup) closes the popup.
8 years ago
Aleksander Machniak 79950630fa Increase limit of group members when expanding a group from autocomplete (#5604) 8 years ago
Aleksander Machniak b4d7b41a6f Update changelog 8 years ago
Aleksander Machniak 20da7f1539 Copy jsdeps.json file on update (#5598) 8 years ago
Aleksander Machniak 15d0c55b20 Throw error if one of required programs is not installed (#5598) 8 years ago
Aleksander Machniak 73d53051cd Fix bug where some classic skin images were not displayed in IE/Edge (#5614)
Converted from png to gif according to file extension.
8 years ago
Aleksander Machniak 7323f633f7 Fix bug where re-selection of messages list record didn't work
A regression in old commit 24fa5d3154
8 years ago