Commit Graph

1171 Commits (6daefc3d45e0977e9a97366ccd6efe249a82e2ae)

Author SHA1 Message Date
Aleksander Machniak 430c000e32 Support skin localization (#5853) 7 years ago
Aleksander Machniak 1247a8dd7d Fix bug where some forbidden characters on Cyrus-IMAP were not prevented from use in folder names 7 years ago
Aleksander Machniak 0716d499bc Fix bug where some escape sequences in html styles could bypass security checks 7 years ago
Edgaras L c236c22c41 Parse all quotas from GETQUOTAROOT (#6280) 7 years ago
Aleksander Machniak c0b9025215 Remove sample PHP configuration from .htaccess and .user.ini files (#5850)
Moved to https://github.com/roundcube/roundcubemail/wiki/Installation#php-configuration
7 years ago
Aleksander Machniak 63d3ad11fb Use Masterminds/HTML5 parser for HTML5 support (#5761) 7 years ago
Aleksander Machniak e79838aaac Enigma: Disable autofill for new keypair password 7 years ago
Aleksander Machniak dd3ea4ed2b Fix extracting codepage 7 years ago
Aleksander Machniak 8a6a9e86ae Fix handling of forwarded messages inside of a TNEF message (#5632) 7 years ago
Aleksander Machniak a889f55c31 Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244) 7 years ago
Aleksander Machniak b2bebe531a Fix bug where usernames without domain part could be malformed or converted to lower-case on logon (#6224) 7 years ago
Aleksander Machniak 8df6d7c3e4 Fix regression in compressMessageSet() (#6235) 7 years ago
Aleksander Machniak 8b0540d402 Fix possible IMAP command injection and type juggling vulnerabilities (#6229) 7 years ago
Aleksander Machniak df3878501c Fix PHP 7.2: count(): Parameter must be an array in enchant-based spellchecker (#6234) 7 years ago
Aleksander Machniak 73ea8f94d0 Use htmlspecialchars() with charset argument, simplify some code 7 years ago
Aleksander Machniak f36e23b778 Fix parsing date strings (e.g. from a Date: mail header) with comments (#6216) 7 years ago
Aleksander Machniak 2196f50437 Support redis_debug in the redis session driver 7 years ago
Aleksander Machniak 0f3ad342f7 Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() (#6212) 7 years ago
Aleksander Machniak a451ad6599 Fix handling encoding of HTML tags in "inline" JSON output (#6207) 7 years ago
Aleksander Machniak 981cd8726d Remove holes in cache index keys - makes the serialized representation shorter 7 years ago
Aleksander Machniak 1058924e21 Move some framework classes to sub-directories 7 years ago
Aleksander Machniak d07b032bcd Refactor cache code with separate engine-specific classes 7 years ago
Aleksander Machniak fa06d37901 Merge branch 'feature/add_redis_as_cache' of https://github.com/ledgr/roundcubemail into ledgr-feature/add_redis_as_cache 7 years ago
Aleksander Machniak 6bfebc5e32 Add sanity check when auto-unsubscribing non-existing folders 7 years ago
Aleksander Machniak 1556eb01c7 Use JSON_UNESCAPED_UNICODE only on PHP >= 7.1.0 (#6187) 7 years ago
laodc 672e57ea48 Patched bug where rcube_db::quote() was causing an infinite connection loop. (#6175)
As rcube_db::quote() checks to see if the connection is up before quoting, this would cause the class to try connect again, as rcube_db::$dbh was not being set until AFTER conn_configure was completed, causing a loop.

So updated rcube_db::$dbh in the rcube::conn_create() function instead allowing access to the new object straight away.

It's needed for edeb5d7.
7 years ago
Aleksander Machniak a1be62b19d Remove redundant trim() 7 years ago
Aleksander Machniak 9d2b303b51 Fix bug in remote content blocking on HTML image and style tags (#6178) 7 years ago
Aleksander Machniak b46cd5de1d Fix PHP Warning: exif_read_data(...): Illegal IFD size (#6169) 7 years ago
Edgaras Lukoševičius e371469664 Add Redis as cache backend 7 years ago
laodc edeb5d7ab4 Add support for PostgreSQL schemas in DSN (#6150)
If schema is set in the dsn, set search_path to the schema value.

Example:

$config['db_dsnw'] = 'pgsql://user:pass@localhost/dbname?schema=exampleschema';
7 years ago
Aleksander Machniak 4793ec753a Remove double-quotes in filename* parameter of the Content-Disposition of downloads (#5857) 7 years ago
Aleksander Machniak 55e99398e1 Fix possible information leak - add more strict sql error check on user creation (#6125) 7 years ago
Aleksander Machniak ce338164e3 Fix bug where contacts search could skip some records (#6130) 7 years ago
Richard Hillmann 59bbf6c081 Fix preg_match in guess_type function (#6123) 7 years ago
Aleksander Machniak b172fb505c Improve trusted_host_patterns code 7 years ago
Aleksander Machniak 4a5ca74724 Merge branch 'trusted-host-patterns' of https://github.com/dsoares/roundcubemail into dsoares-trusted-host-patterns 7 years ago
Daniel Kesselberg a8d5547163 Update idn convertion methods (#6115)
* Add more test cases
* Update phpdoc
7 years ago
Aleksander Machniak 63a7d2313f Improve SMTPUTF8 support and fix relaxed email validation issues 7 years ago
Aleksander Machniak 5665344673 Merge branch 'smtputf8' of https://github.com/jprjr/roundcubemail into jprjr-smtputf8 7 years ago
Aleksander Machniak a2875cdda9 - Fix searching contacts by address in LDAP source (#6084) 7 years ago
Aleksander Machniak c0959bd619 Sanity checks for header data length in FETCH (#6087)
Where we know what expected data length is we truncate the input.
7 years ago
Aleksander Machniak 3cdc8af297 Fix possible performance issue when parsing malformed and long Date header (#6087) 7 years ago
johndoh 05d1b1947e Check for minified CSS files (#6089) 7 years ago
Aleksander Machniak 3488531b26 Fix PHP Warning: Use of undefined constant INTL_IDNA_VARIANT_UTS46 on servers without php-intl extension 7 years ago
Georgeto 161038ee87 Support additional connect parameters in PostgreSQL database wrapper (#6071)
Most notably this change enables you to specify whether or with what
priority a secure SSL TCP/IP connection will be negotiated with the
database server.
7 years ago
Aleksander Machniak 61a6666eee Small CS fixes 7 years ago
Aleksander Machniak ca39a4e093 Fix PHP warning "idn_to_utf8(): INTL_IDNA_VARIANT_2003 is deprecated" with PHP 7.2 (#6075) 7 years ago
Aleksander Machniak 36638ec0c2 Fix untagged COPYUID responses handling - again (#5982) 7 years ago
Aleksander Machniak 9ce8948294 Get rid of the 2nd argument of include_stylesheet()
.. make the optional behavior default now.
7 years ago
Aleksander Machniak 1cf72fa2b6 Allow plugins to include Less files (#6051) 7 years ago
Aleksander Machniak c6b2d8bead Merge branch 'dev-elastic' 7 years ago
Aleksander Machniak 4cb7713520 Fix checking table columns when there's more schemas/databases in postgres/mysql (#6047) 7 years ago
Aleksander Machniak a6c37b7735 Fix broken long filenames when using imap4d server - workaround server bug (#6048) 7 years ago
Aleksander Machniak eed4be3ba6 Display value of the SMTP message size limit in the error message (#6032) 7 years ago
Aleksander Machniak 4dc1f3b757 Use configured log_file_ext also for errors thrown by PHP (#6035) 7 years ago
Aleksander Machniak 910c735b87 Merge branch 'master' into dev-elastic 7 years ago
Aleksander Machniak a0374f3c45 Fix mangled non-ASCII characters in links in HTML messages (#6028) 7 years ago
Aleksander Machniak 23af0b7f36 Merge branch 'master' into dev-elastic 7 years ago
dsoares 5282cbaff9 Check against trusted_host_patterns in rcube_utils::parse_host() 7 years ago
Aleksander Machniak 0f4f85e097 Skip redundant INSERT query on successful logon when using PHP7
Since PHP 7.0 session_regenerate_id() will cause the old session data update.
This is redundant INSERT query and also produces a record for the session
we don't need anymore.
7 years ago
Aleksander Machniak ef0982f1b8 Merge branch 'master' into dev-elastic 7 years ago
dsoares 50a9c8f777 Add option trusted_host_patterns 7 years ago
JohnDoh 515d496808 Replace display_version with display_product_info (#5904) 7 years ago
Aleksander Machniak e21ab984bc Skip <span> wrappers in html_table that is a <ul> list 7 years ago
Aleksander Machniak d815525c6a Merge branch 'master' into dev-elastic 7 years ago
Brendan Braybrook 4574870adc fix: unknown content-disposition type should be treated as attachment (#6002) 7 years ago
Aleksander Machniak 5e08a6ac59 Handle remote stylesheets the same as remote images, ask the user to allow them (#5994)
Fixes the issue where remote stylesheet could have been blocked
if the message contained no remote images and user have no way to
allow that content.
7 years ago
Aleksander Machniak 3196d656db Fix css conflicts in user interface and e-mail content (#5891)
... by adding prefix to element/class identifiers
Also cleaned up some code and removed global variable use.
7 years ago
Aleksander Machniak 403d8453c8 Fix issue caused by non-default session.cookie_lifetime setting (#5961) 7 years ago
Aleksander Machniak f8fc01b800 Fix so untagged COPYUID responses are also supported according to RFC6851 (#5982) 7 years ago
Aleksander Machniak 5d3add78aa Add Message-ID to the sendmail log (#5871) 7 years ago
Aleksander Machniak 117c150b2f Fix bug where mail search could return empty result on servers without SORT capability (#5973) 7 years ago
Aleksander Machniak 3c1b78af48 Merge branch 'master' into dev-elastic 7 years ago
Aleksander Machniak 4223bed7e8 Add html_button class 7 years ago
Aleksander Machniak 5d16751ed8 Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 7 years ago
Thomas Bruederli 3723f3f178 Fix rcube_utils::random_bytes() to not throw exception for length=0 7 years ago
Lukas Erlacher 130f0cde3e Add host to IMAP login error
This simplifies debugging authentication failures in multi-host setups.
7 years ago
Aleksander Machniak 72fe97ddfc Fix bug where HTML messages could have been rendered empty on some systems (#5957)
Consistently use $nodeName instead of $tagName property.
7 years ago
Aleksander Machniak ee6b5e9e58 Fix PHP 7.2 error: count(): Parameter must be an array or an object that implements Countable 7 years ago
Aleksander Machniak fa3eb6813f Ignore rewind() warnings (#5950) 7 years ago
Aleksander Machniak 3a77c906a1 Merge branch 'master' into dev-elastic 7 years ago
Aleksander Machniak 7fc626d527 Changed defaults for smtp_user (%u), smtp_pass (%p) and smtp_port (587) 7 years ago
Aleksander Machniak cdcbad1879 Handle inline images also inside multipart/mixed messages (#5905) 7 years ago
Aleksander Machniak 2d608a799c Fix decoding message/rtf822 part body/size
When e.g. an encrypted message has one of it's sub-parts a part that is message/rfc822
part we need it's body and size, because it will be listed on the attachments list
and also can be downloaded.
7 years ago
Aleksander Machniak 1235dcf321 Encode JSON with JSON_UNESCAPED_SLASHES and JSON_UNESCAPED_UNICODE options 7 years ago
Thomas Bruederli 919338d4ba Escape textarea contents in Washtml 7 years ago
Aleksander Machniak 1c24c69a3b Fix path for css file existence check in include_stylesheet() 7 years ago
Aleksander Machniak 4a71847c98 Fix bug where last character of a filename extracted from TNEF could be truncated (#5799) 7 years ago
Aleksander Machniak 69f50b122d Add a way to include plugin stylesheets optionally only if the file exists 7 years ago
Aleksander Machniak fc1a0a1f65 Fix bug where messages count was not updated after delete when imap_cache is set (#5872) 7 years ago
Aleksander Machniak 76adb49454 Support for IMAP folders that cannot contain both folders and messages (#5057) 7 years ago
Aleksander Machniak b97e3b5cd7 Don't ignore (global) userlogins/sendmail logs in per_user_logging mode 7 years ago
Aleksander Machniak e04f72d018 Fix PHP 7.2 warnings on count() use (#5845) 7 years ago
Aleksander Machniak 97bf251dc6 Don't use create_function() deprecated in PHP 7.2 7 years ago
Aleksander Machniak 86a4d78369 Merge branch 'dev-elastic' 7 years ago
Aleksander Machniak 05ea5a5548 Add ignore_errors option to rcube_db, so error logging can be disabled temporarily
Use ignore_errors to make sure the DDL upgrade errors are printed only once.
7 years ago
Aleksander Machniak 9d63b80873 Fix bug where errors were not printed when using bin/update.sh (#5834)
Don't pass errors to rcmail_install::raise_error() in CLI mode.
7 years ago
Aleksander Machniak a8278d61cf Update changelog, CS fixes 7 years ago
Aleksander Machniak 8b7c7dd5a9 Merge branch 'issue-logfilename' of https://github.com/remicollet/roundcubemail into remicollet-issue-logfilename 7 years ago
Aleksander Machniak 21e7d873ce Fix so links over images are not removed in plain text signatures converted from HTML (#4473) 7 years ago
Aleksander Machniak 6a83c3cc18 Fix fatal error when using DMY- or MDY-based date format in PostgreSQL (#5808) 7 years ago
Aleksander Machniak 1fcf7bfab3 Fix bug where HTML messages with @media styles could moddify style of page body (#5811) 7 years ago
Aleksander Machniak f0431c7475 Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length (#5788) 7 years ago
Aleksander Machniak 0bef84c410 Fix decoding non-ascii attachment names from TNEF attachments (#5646, #5799) 7 years ago
Remi Collet 6ca4eab399 add 'log_file_ext' configuration option 7 years ago
Aleksander Machniak bcc6405552 Fix various issues when downloading files with names containing non-ascii chars, use RFC 2231 (#5772) 7 years ago
Thomas Bruederli 3bc8a30314 Translate old 'preview_pane' setting into new 'layout' property 8 years ago
Aleksander Machniak 27a621818d Make sure rcube_utils::resolve_url() does not add port 80 to the url
...which might have happened with reverse proxies
8 years ago
Aleksander Machniak 7c001260fa Simplified code to parse METADATA responses 8 years ago
Aleksander Machniak 76170baac0 Fix bug where it wasn't possible to set timezone to auto-detected value (#5782) 8 years ago
Aleksander Machniak 6ad4ebe431 Fix SQL syntax error on MariaDB 10.2 (#5774) 8 years ago
Aleksander Machniak bb67757b5c Removed global $CONFIG variable 8 years ago
Aleksander Machniak 9a63e40faf Accept an array as $input argument of decode_address_list()
... to support a common case and to prevent from PHP warnings.
8 years ago
Aleksander Machniak 336a0cd87b strncasecmp() -> strcasecmp() 8 years ago
Aleksander Machniak f7809af6e4 Support AUTHENTICATE LOGIN for IMAP connections (#5563)
Add imap_auth_type=IMAP to force use of LOGIN instead of AUTHENTICATE LOGIN.
In imap_auth_type=CHECK mode prefer LOGIN over AUTHENTICATE LOGIN (for performance reasons).
8 years ago
Aleksander Machniak 253aac5d9e Fix var name 8 years ago
Aleksander Machniak 0a7a95b714 Support LDAP GSSAPI authentication (#5703)
Requires https://git.kolab.org/rPNL1d87f98d300645e15b7ad2819fcffb19010a060f
8 years ago
Aleksander Machniak 59e5cef08c Allow contacts without an email address (#5079) 8 years ago
Aleksander Machniak 5101cfc67a Bump version to 1.4-git 8 years ago
Aleksander Machniak 9858c2a294 Merge branch 'master' into dev-elastic 8 years ago
Aleksander Machniak d151afd229 Fix addressbook searching by gender (#5757) 8 years ago
Aleksander Machniak 5804ef8aa2 Fix folders list sorting on Windows - if php-intl is available (#5732) 8 years ago
Aleksander Machniak 8f22c3287d Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747) 8 years ago
Aleksander Machniak 9ff7b78c7e Fix conflict with _gid cookie of Google Analytics (#5748)
TODO: Review the whole code base and don't use INPUT_GPC when it's not really needed,
      in most cases we should not read $_COOKIE.
8 years ago
Aleksander Machniak e800fb5a19 Bring back unintentionally removed .SILENT suffix in STORE FLAGS command 8 years ago
Aleksander Machniak d1cf69562f CS fixes and return values fixes 8 years ago
Joel Gerber 40b51b9dc9 Add Log to STDOUT Feature (#5721)
Primarily useful for PHP applications running under PHP-FPM which in
turn is running within a Docker container. But also it is generally
useful in any situation where you want to be able to send the logs
directly to your terminal when debugging &etc.
8 years ago
Aleksander Machniak 712875bde1 Fix bug where base_dn setting was ignored inside group_filters (#5720) 8 years ago
Aleksander Machniak 72f19c079f Installer: Fix DB schema initialization on MS SQL Server 8 years ago
Aleksander Machniak e160e48069 Fix undesired effects when postgres database uses different timezone than PHP host (#5708)
Allow passing DateTime variables as query arguments. Their value will
be converted to date/time input string in format specific to the database type
(with timezone on postgres).
8 years ago
Aleksander Machniak 19fcc35a55 Fix regression in LDAP fuzzy search where it always used prefix search instead (#5713) 8 years ago
dfukagaw28 89a4134064 Add support for DelSp=Yes messages (#5702) 8 years ago
Aleksander Machniak 9b554cd3d5 Remove redundant spaces from generated contact names 8 years ago
ka7 9a35768c26 spelling fixes (#5690) 8 years ago
Remi Collet 132a807dff add .log suffix to all log file names 8 years ago
Thomas Bruederli bf21557873 Better fix for XSS in style tags (b59ff5ca) 8 years ago
Aleksander Machniak 05aae4711c Replace xss_entity_decode_callback() method with lambda function 8 years ago
Aleksander Machniak b59ff5cafb Fix XSS issue in handling of a style tag inside of an svg element 8 years ago
Aleksander Machniak fa32c2c471 Plugin API: Call message_part_structure hook for sub-parts of multipart/alternative message (#5678) 8 years ago
Aleksander Machniak 51dbc2e438 Merge branch 'master' of github.com:roundcube/roundcubemail 8 years ago
Aleksander Machniak 9028e77290 Enigma: Set micalg parameter to real hash algorithm used for signing 8 years ago
Shin Kojima 0b385dc946 Skip iconv for problematic ISO-2022-JP strings (#5668)
We sometimes get broken character encodings such as:
Subject: =?iso-2022-jp?B?GyRCLWo7M3l1OSk2SBsoQgo=?=
This actually is not a strict ISO-2022-JP string, but a CP50220 string
that is a variant of ISO-2022-JP with extended characters proposed by
Microsoft. Iconv can not handle these encodings well.
8 years ago
Aleksander Machniak adbab9d3e2 Merge branch 'master' into dev-elastic 8 years ago
Aleksander Machniak e2d80479d6 Make possible to set (some) config options from a skin 8 years ago
Joe Bordes 3c1d951d84 feat(Hook) full message object on message_sent event 8 years ago
Aleksander Machniak 81f67a4de2 Don't use each() deprecated in PHP 7.2 8 years ago
Aleksander Machniak dfd19206a4 sizeof() -> count() 8 years ago
Aleksander Machniak 8131629c6e Extended unified searchform object for templates engine 8 years ago
Aleksander Machniak e08f22ef28 Fix bug where external content in src attribute of input/video tags was not secured (#5583) 8 years ago