Thomas Bruederli
522565b400
Add tests for XSS vulnerabilities in style tags
8 years ago
Thomas Bruederli
bf21557873
Better fix for XSS in style tags ( b59ff5ca
)
8 years ago
Aleksander Machniak
05aae4711c
Replace xss_entity_decode_callback() method with lambda function
8 years ago
Aleksander Machniak
b59ff5cafb
Fix XSS issue in handling of a style tag inside of an svg element
8 years ago
Aleksander Machniak
8953c7a257
Fix possible defect in handling \r\n in scripts ( #5685 )
8 years ago
Aleksander Machniak
69fb773fac
Move pear/net_ldap2 back to 'suggests" section
...
It requires php-ldap extension which might be problematic when
someone does not need to use LDAP.
8 years ago
Aleksander Machniak
91e36f2ffe
Use packagist instead of pear
8 years ago
Aleksander Machniak
fa32c2c471
Plugin API: Call message_part_structure hook for sub-parts of multipart/alternative message ( #5678 )
8 years ago
Aleksander Machniak
51dbc2e438
Merge branch 'master' of github.com:roundcube/roundcubemail
8 years ago
Aleksander Machniak
9028e77290
Enigma: Set micalg parameter to real hash algorithm used for signing
8 years ago
Shin Kojima
0b385dc946
Skip iconv for problematic ISO-2022-JP strings ( #5668 )
...
We sometimes get broken character encodings such as:
Subject: =?iso-2022-jp?B?GyRCLWo7M3l1OSk2SBsoQgo=?=
This actually is not a strict ISO-2022-JP string, but a CP50220 string
that is a variant of ISO-2022-JP with extended characters proposed by
Microsoft. Iconv can not handle these encodings well.
8 years ago
Aleksander Machniak
f2ab7ec929
Lock phpunit to version 5.7.x
8 years ago
Aleksander Machniak
821d449d86
Fix/rephrase "unsaved changes" warning when cancelling a draft ( #5610 )
8 years ago
Aleksander Machniak
dd8637350b
Use stable release of Crypt_GPG 1.6
8 years ago
Aleksander Machniak
3dd24bce75
Merge pull request #5658 from JohnDoh/group-rename
...
small amendment to #5652
8 years ago
JohnDoh
d379dc897a
small fix for current group detection and add similar rules for group-delete
8 years ago
Aleksander Machniak
13b98199ed
Managesieve: Fix parser issue with empty lines between comments ( #5657 )
8 years ago
Aleksander Machniak
4d663c477c
Merge pull request #5635 from joebordes/patch-1
...
Pass full message object on message_sent event
8 years ago
Aleksander Machniak
ec98aa5b52
Merge pull request #5652 from JohnDoh/group-rename
...
don't use env for group-rename action
8 years ago
Aleksander Machniak
cd61d7ebd0
Minimize unwanted message loading in preview frame on drag ( #5616 )
...
also remove dummy_select flag which is not needed anymore.
8 years ago
Aleksander Machniak
3294a41b3b
Small code simplification
8 years ago
Aleksander Machniak
dae5ffd07a
Fix bug where it was too easy accidentally move a folder when using the subscription checkbox ( #5655 )
8 years ago
JohnDoh
336e937946
also fix source in group create function
8 years ago
JohnDoh
82d049f1a2
check group id matches current one before changing the title
8 years ago
PhilW
e6f18ba6a6
Merge branch 'master'
8 years ago
Aleksander Machniak
364e887b32
Add rewrite rule to disable access to /vendor/bin folder in .htaccess ( #5630 )
8 years ago
Aleksander Machniak
95a7ece543
Fix update of group name in the contacts list header on group rename ( #5648 )
8 years ago
JohnDoh
f40e515cb2
don't use env for group-rename action
8 years ago
Aleksander Machniak
e2a8fb799e
Add note about PinEntry issues with SELinux ( #5620 )
8 years ago
Aleksander Machniak
dd53a3d486
Enigma: Fix handling of messages with nested PGP encrypted parts ( #5634 )
8 years ago
Aleksander Machniak
b7e4c94972
Bring back lists buttons in TinyMCE toolbar
8 years ago
Aleksander Machniak
3e427b4a42
Fix double http request regression ( #5633 )
...
Removed 'click' event handler on messages list which was used only
to allow message re-selection. As this feature was broken since 0.9
it looks like we don't really need it. When you're in ctrl-selection
state you can easily ctrl-unselect the message.
8 years ago
Aleksander Machniak
8efd2003aa
Add note about install-jsdeps.sh to upgrade procedure
8 years ago
Aleksander Machniak
ad83610a5e
Rename $sql_arr variable to $record as it's not about sql only
8 years ago
Aleksander Machniak
61bec3efa4
Fix regression where groups with email address were resolved to its members' addresses
8 years ago
Joe Bordes
3c1d951d84
feat(Hook) full message object on message_sent event
8 years ago
Aleksander Machniak
81f67a4de2
Don't use each() deprecated in PHP 7.2
8 years ago
Aleksander Machniak
f29fd706cf
Get back to eval()
...
We used create_function() before but it's deprecated in PHP 7.2
and really it was just a wrapper on eval().
8 years ago
Aleksander Machniak
dfd19206a4
sizeof() -> count()
8 years ago
Aleksander Machniak
d04cc14018
Enigma: Always use detached signatures ( #5624 )
8 years ago
Aleksander Machniak
a426f66785
Fix fatal error when accessing PGP keys list using classic skin
8 years ago
Aleksander Machniak
46e3b94826
Fix bug where signature couldn't be added above the quote in Firefox 51 ( #5628 )
8 years ago
Aleksander Machniak
bae3b2ac9b
Update changelog
8 years ago
Aleksander Machniak
9cf1e83d7a
Fix autocomplete popup closing ( #5606 )
...
1. Tab key does not work as Enter. Now it works as Escape and jumps to another input.
2. Click on document (outside of the autocomplete input and popup) closes the popup.
8 years ago
Aleksander Machniak
79950630fa
Increase limit of group members when expanding a group from autocomplete ( #5604 )
8 years ago
Aleksander Machniak
b4d7b41a6f
Update changelog
8 years ago
Aleksander Machniak
20da7f1539
Copy jsdeps.json file on update ( #5598 )
8 years ago
Aleksander Machniak
15d0c55b20
Throw error if one of required programs is not installed ( #5598 )
8 years ago
Aleksander Machniak
73d53051cd
Fix bug where some classic skin images were not displayed in IE/Edge ( #5614 )
...
Converted from png to gif according to file extension.
8 years ago
Aleksander Machniak
7323f633f7
Fix bug where re-selection of messages list record didn't work
...
A regression in old commit 24fa5d3154
8 years ago