Aleksander Machniak
8e543f843e
Fix check_request() bypass in places using get_uids() [CVE-2018-9846] ( #6238 )
7 years ago
Aleksander Machniak
5832eca405
RCMAIL_CHARSET -> RCUBE_CHARSET ( #6236 )
7 years ago
Aleksander Machniak
73ea8f94d0
Use htmlspecialchars() with charset argument, simplify some code
7 years ago
Aleksander Machniak
a451ad6599
Fix handling encoding of HTML tags in "inline" JSON output ( #6207 )
7 years ago
Aleksander Machniak
4f6079833a
Fix PHP 7.2 warning: count(): Parameter must be an array or an object that implements Countable
7 years ago
Aleksander Machniak
b00d5c3836
Automatically localize data-label-* attributes of a template object
7 years ago
Aleksander Machniak
83bd85677b
Remove x_frame_options env
7 years ago
Aleksander Machniak
b172fb505c
Improve trusted_host_patterns code
7 years ago
Aleksander Machniak
55a1d6ef1b
Make search form's aria label to also support plugin localization (via label-domain property)
7 years ago
Aleksander Machniak
38d275445d
Plugin API: Add 'write' argument to 'render_page' hook
7 years ago
Aleksander Machniak
8e2f6275a4
Prevent from empty 'class' attribute in generated html
7 years ago
Aleksander Machniak
00cb440a07
Inline warnings can contain HTML code (regression fix)
7 years ago
Aleksander Machniak
db382fa19c
Change remote images to remote resources warning also in html attachment preview
7 years ago
Aleksander Machniak
46e2e7e16c
CS fix
7 years ago
Aleksander Machniak
758044d69e
Add skin config options to dont_override list
...
... so e.g. options in user preferences will be hidden.
7 years ago
Aleksander Machniak
1cf72fa2b6
Allow plugins to include Less files ( #6051 )
7 years ago
PhilW
26f1b0770c
use skinned alert boxes
7 years ago
PhilW
b897fe9349
use skined confirmation boxes where possible
7 years ago
Aleksander Machniak
910c735b87
Merge branch 'master' into dev-elastic
7 years ago
Aleksander Machniak
2a32f51c91
Fix file disclosure vulnerability caused by insuficient input validation in relation with attachment plugins ( #6026 )
7 years ago
Aleksander Machniak
ef0982f1b8
Merge branch 'master' into dev-elastic
7 years ago
JohnDoh
a8f0d35ebc
Extend disabled_actions config so it accepts also button names ( #5903 )
7 years ago
Aleksander Machniak
d815525c6a
Merge branch 'master' into dev-elastic
7 years ago
Aleksander Machniak
22b30de5d9
Fix bug where assets_path wasn't added to some watermark frames
7 years ago
Aleksander Machniak
3a77c906a1
Merge branch 'master' into dev-elastic
7 years ago
Aleksander Machniak
6ecf87b5bd
Support 'class' attribute in ComposeFormHead object
7 years ago
Aleksander Machniak
b77cce8d3e
Fix sending message with "Too many public recipients" dialog buttons ( #5924 )
7 years ago
Aleksander Machniak
13d203303e
Refactored Help plugin to use frames, added Elastic skin support
7 years ago
Aleksander Machniak
5d398d4d00
Add version number to the client environment
7 years ago
Aleksander Machniak
040a71e76c
Make public class rcmail_bounce_mail (now rcmail_resend_mail) ( #5861 )
7 years ago
Aleksander Machniak
cfed954a46
Fix bug where Chrome could not upload the same file that was selected before ( #5854 )
...
... and removed the cancel hack that is not needed anymore.
7 years ago
Aleksander Machniak
1b2d3c0ac2
Email Resent (Bounce) feature ( #4985 )
7 years ago
Aleksander Machniak
4b2f2b6b3b
Use about:blank instead of blank.gif for empty iframes
7 years ago
Aleksander Machniak
84a79ee8db
Move common mail composing/sending code to new rcmail_sendmail class
...
This is needed to make simpler an implementation of e.g.
- Mail Bounce feature (#4985 ),
- Direct Draft sending (#4998 ),
- Fast reply from mail preview (#5129 ).
7 years ago
Aleksander Machniak
86a4d78369
Merge branch 'dev-elastic'
8 years ago
Aleksander Machniak
05ea5a5548
Add ignore_errors option to rcube_db, so error logging can be disabled temporarily
...
Use ignore_errors to make sure the DDL upgrade errors are printed only once.
8 years ago
Aleksander Machniak
7b4b36b16c
Plugin API: Added 'show_bytes' hook ( #5001 )
8 years ago
Aleksander Machniak
8fff21deb5
Fix POST parameter reflection in default_charset selector ( #5768 )
8 years ago
Aleksander Machniak
5101cfc67a
Bump version to 1.4-git
8 years ago
Aleksander Machniak
9858c2a294
Merge branch 'master' into dev-elastic
8 years ago
Aleksander Machniak
cc0defce86
Fix failing database schema check in all engines except mysql ( #5730 )
8 years ago
Aleksander Machniak
51fb3bfa58
Support including files with path relative to templates dir
8 years ago
Aleksander Machniak
559254d6ee
Use <button> instead of <input> for submit button on logon screen
8 years ago
Aleksander Machniak
b1be7fca51
Unify inline warnings in rcmail_html_page
8 years ago
Aleksander Machniak
34446e00ca
Fix bug where namespace prefix could not be truncated on folders list if show_real_foldernames=true ( #5695 )
8 years ago
Aleksander Machniak
51dffcda86
Skip <script> element if it has no content
8 years ago
Aleksander Machniak
f03839b24b
Add support for 'link' objects in templates (with conditions)
...
.. to simplify conditional <link> tags injection while nested 'if' objects do not work
8 years ago
Aleksander Machniak
71ff264b02
Support conditional include
8 years ago
ka7
9a35768c26
spelling fixes ( #5690 )
8 years ago
Aleksander Machniak
38067f61da
Get rid of data-popup-pos
8 years ago
Aleksander Machniak
adbab9d3e2
Merge branch 'master' into dev-elastic
8 years ago
Aleksander Machniak
e2d80479d6
Make possible to set (some) config options from a skin
8 years ago
Aleksander Machniak
81f67a4de2
Don't use each() deprecated in PHP 7.2
8 years ago
Aleksander Machniak
f29fd706cf
Get back to eval()
...
We used create_function() before but it's deprecated in PHP 7.2
and really it was just a wrapper on eval().
8 years ago
Aleksander Machniak
879f1dd2a0
Register some labels, add one localization label
8 years ago
Aleksander Machniak
8131629c6e
Extended unified searchform object for templates engine
8 years ago
Aleksander Machniak
cc10cbe039
Make button object to be a <button> by default
8 years ago
Aleksander Machniak
25de39d444
Merge branch 'dev-remove-js-deps'
8 years ago
Aleksander Machniak
369b44d94a
Fix unsetting template objects
...
Fixes compatibility with some plugins e.g. kolab_addressbook which
call parse() method (for sub-templates) while parsing the main template
8 years ago
Aleksander Machniak
2733258d2b
Load 'close' label for dialogs by default
8 years ago
Aleksander Machniak
5e1da48d0c
Remove external javascript code from the git repo, add jsdeps.sh script ( #5535 )
8 years ago
Aleksander Machniak
a844db6a27
Merge branch 'dev-layouts'
8 years ago
Aleksander Machniak
e17fcf1649
Support ALLOW-FROM in x_frame_options ( #5122 )
8 years ago
Aleksander Machniak
d02e6ea45e
Fix so templating system does not mess with external (e.g. email) content ( #5499 )
8 years ago
Aleksander Machniak
ecfe177173
CS fixes, use $this instead of local variable
8 years ago
Aleksander Machniak
e3b61cd487
Plugin API: Added get_compose_responses hook ( #5457 )
8 years ago
Aleksander Machniak
edea8732a6
Fix regression where UI object could be not created on some pages ( #5484 )
8 years ago
Aleksander Machniak
571a10751f
Display error when trying to upload more files than specified in max_file_uploads ( #5483 )
8 years ago
Aleksander Machniak
f43f5bf93f
Use JSON_PRETTY_PRINT in devel_mode
...
This effectively makes PHP 5.4 a real requirement
8 years ago
Aleksander Machniak
4e0532808d
Fix bug where it wasn't possible to store more that 2MB objects in memcache/apc ( #5452 )
...
Added memcache_max_allowed_packet and apc_max_allowed_packet settings
8 years ago
Aleksander Machniak
40fe66b71e
Fix reference to non-existing blank.tif file in mime_content_type check
8 years ago
Aleksander Machniak
638afafbd2
Make so rcmail.log() depends on devel_mode ( #5193 )
8 years ago
Aleksander Machniak
6886a4de3f
Widescreen layout aka three column view ( #5093 )
8 years ago
Aleksander Machniak
650ac8befb
Fix displaying size of attachments with zero size
8 years ago
Victor Benincasa
daeb66ee99
Fix login form
...
Fix a small bug introduced on commit 43f3c5f
that breaks the login form ($attrib['form'] is checked at line 1899, so it cannot be unset).
8 years ago
Aleksander Machniak
32e5a6bbcf
Fix bug where folder creation could fail if personal namespace contained more than one entry ( #5403 )
...
+ small code improvements
8 years ago
Aleksander Machniak
873e0353cf
Use smart-upload-button for messages and contact photos upload
...
Unified interface with rcmail::upload_form().
8 years ago
Aleksander Machniak
43f3c5fb2a
Implement "one click" attachment upload ( #5024 )
8 years ago
Aleksander Machniak
9debc38724
Drop mail_header_delimiter option, since we don't use mail() we don't need it
8 years ago
Aleksander Machniak
184de7735c
CS fixes (mostly phpdoc)
8 years ago
Aleksander Machniak
ebc2f5dc7d
Add possibility to rename attachments in mail compose ( #4996 )
...
... and fix some small issues related to the new compose attachment menu feature
8 years ago
Aleksander Machniak
8a13615e9e
Add possibility to preview and download attachments in mail compose ( #5053 )
8 years ago
Aleksander Machniak
e1165fed89
Remove backward compatibility "layer" of bc.php ( #4902 ) - now for real
8 years ago
Aleksander Machniak
4361a95820
Fix missing localization of HTML editor when assets_dir != INSTALL_PATH
8 years ago
Aleksander Machniak
9e64dc2deb
Remove application/x-tar file extension test as it might not exist in nginx config ( #5253 )
...
Use text/css instead
9 years ago
Aleksander Machniak
9634169647
Bump version number to 1.3-beta
9 years ago
Aleksander Machniak
a0f38f5fd8
Small code style improvements
9 years ago
Aleksander Machniak
4e6f3019f5
Enigma: Handle encrypted/signed content inside message/rfc822 attachments
9 years ago
Aleksander Machniak
3a13b5dab8
CS fixes
9 years ago
Aleksander Machniak
0c9e55b0c9
Fix PHP warning when defaults.inc.php is not readable
9 years ago
Thomas Bruederli
4a408843b0
Protect download urls against CSRF using unique request tokens ( #1490642 )
...
Send X-Frame-Options headers with every HTTP response
9 years ago
Aleksander Machniak
10e5192a2b
Fix path traversal vulnerability in setting a skin ( #1490620 )
9 years ago
Aleksander Machniak
69a1e4f7b1
rcube_parse_host() -> rcube_utils::parse_host()
9 years ago
Aleksander Machniak
7476410a04
Add missing deprecation warning
9 years ago
Thomas Bruederli
458a6b26e8
Load bc.inc in script startup
9 years ago
Thomas Bruederli
32695c333c
Restore bc.inc which now logs a warning when calling deprecated functions
9 years ago
Aleksander Machniak
a15d877ba8
Added brute-force attack prevention via login rate limit ( #1490566 )
9 years ago
Aleksander Machniak
454b0b1ca9
Remove deprecated rcmail and rcube_imap methods
9 years ago
Aleksander Machniak
2aa9ee56fd
Fix so disabling emoticons plugin really removes emoticons button from HTML editor
9 years ago
dsoares
234fd19505
Replace deprecated call to Q within array_map()
9 years ago