Commit Graph

367 Commits (5ce5f9a8bcd760774a6d270d033849db30edbc40)

Author SHA1 Message Date
Aleksander Machniak b2bebe531a Fix bug where usernames without domain part could be malformed or converted to lower-case on logon (#6224) 7 years ago
Aleksander Machniak 8e543f843e Fix check_request() bypass in places using get_uids() [CVE-2018-9846] (#6238) 7 years ago
PhilW 26f1b0770c use skinned alert boxes 7 years ago
PhilW b897fe9349 use skined confirmation boxes where possible 7 years ago
Aleksander Machniak 2a32f51c91 Fix file disclosure vulnerability caused by insuficient input validation in relation with attachment plugins (#6026) 7 years ago
Aleksander Machniak cfed954a46 Fix bug where Chrome could not upload the same file that was selected before (#5854)
... and removed the cancel hack that is not needed anymore.
7 years ago
Aleksander Machniak 86a4d78369 Merge branch 'dev-elastic' 8 years ago
Aleksander Machniak 7b4b36b16c Plugin API: Added 'show_bytes' hook (#5001) 8 years ago
Aleksander Machniak 9858c2a294 Merge branch 'master' into dev-elastic 8 years ago
Aleksander Machniak 34446e00ca Fix bug where namespace prefix could not be truncated on folders list if show_real_foldernames=true (#5695) 8 years ago
ka7 9a35768c26 spelling fixes (#5690) 8 years ago
Aleksander Machniak adbab9d3e2 Merge branch 'master' into dev-elastic 8 years ago
Aleksander Machniak 81f67a4de2 Don't use each() deprecated in PHP 7.2 8 years ago
Aleksander Machniak 879f1dd2a0 Register some labels, add one localization label 8 years ago
Aleksander Machniak 25de39d444 Merge branch 'dev-remove-js-deps' 8 years ago
Aleksander Machniak 2733258d2b Load 'close' label for dialogs by default 8 years ago
Aleksander Machniak 5e1da48d0c Remove external javascript code from the git repo, add jsdeps.sh script (#5535) 8 years ago
Aleksander Machniak ecfe177173 CS fixes, use $this instead of local variable 8 years ago
Aleksander Machniak e3b61cd487 Plugin API: Added get_compose_responses hook (#5457) 8 years ago
Aleksander Machniak 571a10751f Display error when trying to upload more files than specified in max_file_uploads (#5483) 8 years ago
Aleksander Machniak 4e0532808d Fix bug where it wasn't possible to store more that 2MB objects in memcache/apc (#5452)
Added memcache_max_allowed_packet and apc_max_allowed_packet settings
8 years ago
Aleksander Machniak 650ac8befb Fix displaying size of attachments with zero size 8 years ago
Aleksander Machniak 32e5a6bbcf Fix bug where folder creation could fail if personal namespace contained more than one entry (#5403)
+ small code improvements
8 years ago
Aleksander Machniak 873e0353cf Use smart-upload-button for messages and contact photos upload
Unified interface with rcmail::upload_form().
8 years ago
Aleksander Machniak 184de7735c CS fixes (mostly phpdoc) 8 years ago
Aleksander Machniak ebc2f5dc7d Add possibility to rename attachments in mail compose (#4996)
... and fix some small issues related to the new compose attachment menu feature
8 years ago
Aleksander Machniak 8a13615e9e Add possibility to preview and download attachments in mail compose (#5053) 8 years ago
Aleksander Machniak 4361a95820 Fix missing localization of HTML editor when assets_dir != INSTALL_PATH 8 years ago
Aleksander Machniak a0f38f5fd8 Small code style improvements 9 years ago
Aleksander Machniak 4e6f3019f5 Enigma: Handle encrypted/signed content inside message/rfc822 attachments 9 years ago
Thomas Bruederli 4a408843b0 Protect download urls against CSRF using unique request tokens (#1490642)
Send X-Frame-Options headers with every HTTP response
9 years ago
Aleksander Machniak a15d877ba8 Added brute-force attack prevention via login rate limit (#1490566) 9 years ago
Aleksander Machniak 454b0b1ca9 Remove deprecated rcmail and rcube_imap methods 9 years ago
Aleksander Machniak 2aa9ee56fd Fix so disabling emoticons plugin really removes emoticons button from HTML editor 9 years ago
Aleksander Machniak a5c03db798 Security: Added options to validate username/password on logon (#1490500) 9 years ago
Aleksander Machniak c1bbf0d0b6 After failed login wait a second to slow down brute-force attacks (#1490549) 9 years ago
Aleksander Machniak 26086981a2 Improve randomness of security tokens (#1490529) 9 years ago
Aleksander Machniak e2f605d44d Fallback to C locale 9 years ago
Aleksander Machniak 3c29c7e858 Fix various issues with Turkish (and similar) locales (#1490519) 9 years ago
Aleksander Machniak c4daf3f14f Fix regression in converting signatures to text, fixed PHP warning in html2text() call 9 years ago
Aleksander Machniak a63f14ec40 Emoticons-related code refactoring
- Emoticons: All emoticons-related functionality is handled by the plugin now
- Emoticons: Added option to switch on/off emoticons in compose editor (#1485732)
- Emoticons: Added option to switch on/off emoticons in plain text messages
- Plugin API: Added disabled_plugins an disabled_buttons options in html_editor hook
- Plugin API: Added html2text hook
9 years ago
Aleksander Machniak 1b39d9a6c7 PHP7: Fixed some E_WARNING errors that previously were E_STRICT 9 years ago
Aleksander Machniak 08bb20f261 Don't use deprecated functions/constants (from bc.inc) 9 years ago
Aleksander Machniak 9d78c68cbf Fix so imap folder attribute comparisons are case-insensitive (#1490466)
+ make in_array_nocase() much faster for ASCII strings
9 years ago
Aleksander Machniak a958748947 CS fixes 10 years ago
Aleksander Machniak b782815dac Fix XSS vulnerability in _mbox argument handling (#1490417) 10 years ago
Aleksander Machniak 03aa84f784 Fix bug where some files could have "executable" extension when stored in temp folder (#1490377) 10 years ago
Aleksander Machniak 216b31dd99 Fix so "over quota" errors are displayed also in message compose page
This also fixes over quota responses on cyrus imap which uses "Over quota" string and no error identifier.
10 years ago
Aleksander Machniak 3665d1e8ec Merge pull request #259 from corbosman/plugin_preload
Plugin preload
10 years ago
corbosman de89d46be2 Load plugins before sessions have started
Move the plugin loading phase to before sessions have started allowing plugins to add session drivers.  Plugins that want to use this should define an "onload" method in their plugins. This method does not have access to variables like $task as they are not yet initialised at that time.
10 years ago