roundcubemail

Commit Graph

Author	SHA1	Message	Date
Aleksander Machniak	1d7b488841	Fix so ANY record is not used for email domain validation, use A, MX, CNAME, AAAA instead (#6581 )	6 years ago
Aleksander Machniak	d9eed3625b	Fix bug where some escape sequences in html styles could bypass security checks	7 years ago
Aleksander Machniak	8477b881e5	Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244 )	7 years ago
Aleksander Machniak	c278b8796f	Fix bug where usernames without domain part could be malformed or converted to lower-case on logon (#6224 )	7 years ago
Aleksander Machniak	60902de521	Fix parsing date strings (e.g. from a Date: mail header) with comments (#6216 )	7 years ago
Aleksander Machniak	f55724d1e8	Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() (#6212 )	7 years ago
Aleksander Machniak	b8e51b9d2f	Remove redundant trim()	7 years ago
Aleksander Machniak	24dcdb5414	Fix bug in remote content blocking on HTML image and style tags (#6178 )	7 years ago
Aleksander Machniak	472e48ff0d	Fix possible performance issue when parsing malformed and long Date header (#6087 )	7 years ago
Aleksander Machniak	cdf7a88b3e	Fix PHP Warning: Use of undefined constant INTL_IDNA_VARIANT_UTS46 on servers without php-intl extension	7 years ago
Aleksander Machniak	a315f2b16d	Fix PHP warning "idn_to_utf8(): INTL_IDNA_VARIANT_2003 is deprecated" with PHP 7.2 (#6075 )	7 years ago
Thomas Bruederli	3762dba408	Fix rcube_utils::random_bytes() to not throw exception for length=0	7 years ago
Aleksander Machniak	972be07a41	Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580 )	7 years ago
Aleksander Machniak	39fa590bad	Fix bug where HTML messages with @media styles could moddify style of page body (#5811 )	8 years ago
Aleksander Machniak	2c6cc41c8f	Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length (#5788 )	8 years ago
Aleksander Machniak	dade481658	Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747 )	8 years ago
Aleksander Machniak	41c70e162b	Fix conflict with _gid cookie of Google Analytics (#5748 ) TODO: Review the whole code base and don't use INPUT_GPC when it's not really needed, in most cases we should not read $_COOKIE.	8 years ago
Thomas Bruederli	bf21557873	Better fix for XSS in style tags (`b59ff5ca`)	8 years ago
Aleksander Machniak	05aae4711c	Replace xss_entity_decode_callback() method with lambda function	8 years ago
Aleksander Machniak	b59ff5cafb	Fix XSS issue in handling of a style tag inside of an svg element	8 years ago
Aleksander Machniak	81f67a4de2	Don't use each() deprecated in PHP 7.2	8 years ago
Aleksander Machniak	dfd19206a4	sizeof() -> count()	8 years ago
Aleksander Machniak	7340360e79	Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580 )	8 years ago
Aleksander Machniak	4e0532808d	Fix bug where it wasn't possible to store more that 2MB objects in memcache/apc (#5452 ) Added memcache_max_allowed_packet and apc_max_allowed_packet settings	8 years ago
Aleksander Machniak	195dc11855	Support host-specific imap_conn_options/smtp_conn_options/managesieve_conn_options (#5136 )	8 years ago
Aleksander Machniak	dcabc1d814	Merge remote-tracking branch 'upstream/master' Conflicts: tests/Framework/Washtml.php	8 years ago
Aleksander Machniak	c3fc072d97	Remove code related to magic_quotes_* and register_globals ...they do not exist in PHP 5.4 which we now require.	8 years ago
Aleksander Machniak	906cf101c3	Better time handling in rcube_utils::clean_datestr()	8 years ago
Aleksander Machniak	ec1525a1e6	Remove debug code	8 years ago
Aleksander Machniak	ed35267b9b	Managesieve: Fix parsing of vacation date-time with non-default date_format (#5372 ) Added new method rcube_utils::format_datestr() to convert date_format date into ISO date format.	8 years ago
Aleksander Machniak	f2eafda539	Fix bug where microsecond format in logged date didn't work in some cases	9 years ago
Aleksander Machniak	d61d33a12a	Fix handling of --delete argument in moduserprefs.sh script (#5296 )	9 years ago
Aleksander Machniak	6737e293bb	Wash position:fixed style in HTML mail for better security (#5264 )	9 years ago
Aleksander Machniak	cbe701ac4a	Fix rcube_utils::words_match() to work with mixed/invalid/binary content (T844)	9 years ago
Aleksander Machniak	7e3298753a	Use ternary operator where aplicable	9 years ago
Aleksander Machniak	a03233ceba	CS fixes	9 years ago
Aleksander Machniak	b2b9b591ce	Fix handling random_bytes() errors in PHP 7.0.0RC3	9 years ago
Aleksander Machniak	e85bbc9e9c	random_bytes() can throw an exception in some cases, since PHP 7.0.0rc3	9 years ago
Aleksander Machniak	26086981a2	Improve randomness of security tokens (#1490529 )	9 years ago
Aleksander Machniak	f00e1f5333	CS fixes	9 years ago
Aleksander Machniak	7a42173a16	Simplify rcube_utils::check_ip()	9 years ago
Aleksander Machniak	6b31846c43	Fix IPv6 address validation on PHP with disabled IPv6 support	9 years ago
Aleksander Machniak	93e64008a6	Small code improvements	9 years ago
Aleksander Machniak	8447bae77c	Require Mbstring and OpenSSL extensions (#1490415 ) - remove redundant code	10 years ago
Aleksander Machniak	9aae1b7fc3	Fix so microseconds macro (u) in log_date_format works (#1490446 )	10 years ago
Aleksander Machniak	a958748947	CS fixes	10 years ago
Aleksander Machniak	3994b3a26c	Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402 )	10 years ago
Thomas Bruederli	c32998084d	Add untility function to match strings ignoring word order	10 years ago
Thomas Bruederli	e8b82c2e7b	Fix rcube_utils::normalize_string() to support unicode characters + add argument for minimum token length	10 years ago
Thomas Bruederli	09c58d1add	Make rcube_utils::strtotime() timezone aware (#1490163 )	10 years ago

1 2

81 Commits (55ebae3c1e9665d8c7f6086769cba035a1afd0a0)