Commit Graph

2344 Commits (74fe74bf7d01b72b828e134f48d279581f221b45)

Author SHA1 Message Date
Aleksander Machniak 8e543f843e Fix check_request() bypass in places using get_uids() [CVE-2018-9846] (#6238) 7 years ago
Aleksander Machniak 5832eca405 RCMAIL_CHARSET -> RCUBE_CHARSET (#6236) 7 years ago
Aleksander Machniak 73ea8f94d0 Use htmlspecialchars() with charset argument, simplify some code 7 years ago
Aleksander Machniak a451ad6599 Fix handling encoding of HTML tags in "inline" JSON output (#6207) 7 years ago
Aleksander Machniak 4f6079833a Fix PHP 7.2 warning: count(): Parameter must be an array or an object that implements Countable 7 years ago
Aleksander Machniak b00d5c3836 Automatically localize data-label-* attributes of a template object 7 years ago
Aleksander Machniak 83bd85677b Remove x_frame_options env 7 years ago
Aleksander Machniak b172fb505c Improve trusted_host_patterns code 7 years ago
Aleksander Machniak 55a1d6ef1b Make search form's aria label to also support plugin localization (via label-domain property) 7 years ago
Aleksander Machniak 38d275445d Plugin API: Add 'write' argument to 'render_page' hook 7 years ago
Aleksander Machniak 8e2f6275a4 Prevent from empty 'class' attribute in generated html 7 years ago
Aleksander Machniak 00cb440a07 Inline warnings can contain HTML code (regression fix) 7 years ago
Aleksander Machniak db382fa19c Change remote images to remote resources warning also in html attachment preview 7 years ago
Aleksander Machniak 46e2e7e16c CS fix 7 years ago
Aleksander Machniak 758044d69e Add skin config options to dont_override list
... so e.g. options in user preferences will be hidden.
7 years ago
Aleksander Machniak 1cf72fa2b6 Allow plugins to include Less files (#6051) 7 years ago
PhilW 26f1b0770c use skinned alert boxes 7 years ago
PhilW b897fe9349 use skined confirmation boxes where possible 7 years ago
Aleksander Machniak 910c735b87 Merge branch 'master' into dev-elastic 7 years ago
Aleksander Machniak 2a32f51c91 Fix file disclosure vulnerability caused by insuficient input validation in relation with attachment plugins (#6026) 7 years ago
Aleksander Machniak ef0982f1b8 Merge branch 'master' into dev-elastic 7 years ago
JohnDoh a8f0d35ebc Extend disabled_actions config so it accepts also button names (#5903) 7 years ago
Aleksander Machniak d815525c6a Merge branch 'master' into dev-elastic 7 years ago
Aleksander Machniak 22b30de5d9 Fix bug where assets_path wasn't added to some watermark frames 7 years ago
Aleksander Machniak 3a77c906a1 Merge branch 'master' into dev-elastic 7 years ago
Aleksander Machniak 6ecf87b5bd Support 'class' attribute in ComposeFormHead object 7 years ago
Aleksander Machniak b77cce8d3e Fix sending message with "Too many public recipients" dialog buttons (#5924) 7 years ago
Aleksander Machniak 13d203303e Refactored Help plugin to use frames, added Elastic skin support 7 years ago
Aleksander Machniak 5d398d4d00 Add version number to the client environment 7 years ago
Aleksander Machniak 040a71e76c Make public class rcmail_bounce_mail (now rcmail_resend_mail) (#5861) 7 years ago
Aleksander Machniak cfed954a46 Fix bug where Chrome could not upload the same file that was selected before (#5854)
... and removed the cancel hack that is not needed anymore.
7 years ago
Aleksander Machniak 1b2d3c0ac2 Email Resent (Bounce) feature (#4985) 7 years ago
Aleksander Machniak 4b2f2b6b3b Use about:blank instead of blank.gif for empty iframes 7 years ago
Aleksander Machniak 84a79ee8db Move common mail composing/sending code to new rcmail_sendmail class
This is needed to make simpler an implementation of e.g.
- Mail Bounce feature (#4985),
- Direct Draft sending (#4998),
- Fast reply from mail preview (#5129).
7 years ago
Aleksander Machniak 86a4d78369 Merge branch 'dev-elastic' 8 years ago
Aleksander Machniak 05ea5a5548 Add ignore_errors option to rcube_db, so error logging can be disabled temporarily
Use ignore_errors to make sure the DDL upgrade errors are printed only once.
8 years ago
Aleksander Machniak 7b4b36b16c Plugin API: Added 'show_bytes' hook (#5001) 8 years ago
Aleksander Machniak 8fff21deb5 Fix POST parameter reflection in default_charset selector (#5768) 8 years ago
Aleksander Machniak 5101cfc67a Bump version to 1.4-git 8 years ago
Aleksander Machniak 9858c2a294 Merge branch 'master' into dev-elastic 8 years ago
Aleksander Machniak cc0defce86 Fix failing database schema check in all engines except mysql (#5730) 8 years ago
Aleksander Machniak 51fb3bfa58 Support including files with path relative to templates dir 8 years ago
Aleksander Machniak 559254d6ee Use <button> instead of <input> for submit button on logon screen 8 years ago
Aleksander Machniak b1be7fca51 Unify inline warnings in rcmail_html_page 8 years ago
Aleksander Machniak 34446e00ca Fix bug where namespace prefix could not be truncated on folders list if show_real_foldernames=true (#5695) 8 years ago
Aleksander Machniak 51dffcda86 Skip <script> element if it has no content 8 years ago
Aleksander Machniak f03839b24b Add support for 'link' objects in templates (with conditions)
.. to simplify conditional <link> tags injection while nested 'if' objects do not work
8 years ago
Aleksander Machniak 71ff264b02 Support conditional include 8 years ago
ka7 9a35768c26 spelling fixes (#5690) 8 years ago
Aleksander Machniak 38067f61da Get rid of data-popup-pos 8 years ago
Aleksander Machniak adbab9d3e2 Merge branch 'master' into dev-elastic 8 years ago
Aleksander Machniak e2d80479d6 Make possible to set (some) config options from a skin 8 years ago
Aleksander Machniak 81f67a4de2 Don't use each() deprecated in PHP 7.2 8 years ago
Aleksander Machniak f29fd706cf Get back to eval()
We used create_function() before but it's deprecated in PHP 7.2
and really it was just a wrapper on eval().
8 years ago
Aleksander Machniak 879f1dd2a0 Register some labels, add one localization label 8 years ago
Aleksander Machniak 8131629c6e Extended unified searchform object for templates engine 8 years ago
Aleksander Machniak cc10cbe039 Make button object to be a <button> by default 8 years ago
Aleksander Machniak 25de39d444 Merge branch 'dev-remove-js-deps' 8 years ago
Aleksander Machniak 369b44d94a Fix unsetting template objects
Fixes compatibility with some plugins e.g. kolab_addressbook which
call parse() method (for sub-templates) while parsing the main template
8 years ago
Aleksander Machniak 2733258d2b Load 'close' label for dialogs by default 8 years ago
Aleksander Machniak 5e1da48d0c Remove external javascript code from the git repo, add jsdeps.sh script (#5535) 8 years ago
Aleksander Machniak a844db6a27 Merge branch 'dev-layouts' 8 years ago
Aleksander Machniak e17fcf1649 Support ALLOW-FROM in x_frame_options (#5122) 8 years ago
Aleksander Machniak d02e6ea45e Fix so templating system does not mess with external (e.g. email) content (#5499) 8 years ago
Aleksander Machniak ecfe177173 CS fixes, use $this instead of local variable 8 years ago
Aleksander Machniak e3b61cd487 Plugin API: Added get_compose_responses hook (#5457) 8 years ago
Aleksander Machniak edea8732a6 Fix regression where UI object could be not created on some pages (#5484) 8 years ago
Aleksander Machniak 571a10751f Display error when trying to upload more files than specified in max_file_uploads (#5483) 8 years ago
Aleksander Machniak f43f5bf93f Use JSON_PRETTY_PRINT in devel_mode
This effectively makes PHP 5.4 a real requirement
8 years ago
Aleksander Machniak 4e0532808d Fix bug where it wasn't possible to store more that 2MB objects in memcache/apc (#5452)
Added memcache_max_allowed_packet and apc_max_allowed_packet settings
8 years ago
Aleksander Machniak 40fe66b71e Fix reference to non-existing blank.tif file in mime_content_type check 8 years ago
Aleksander Machniak 638afafbd2 Make so rcmail.log() depends on devel_mode (#5193) 8 years ago
Aleksander Machniak 6886a4de3f Widescreen layout aka three column view (#5093) 8 years ago
Aleksander Machniak 650ac8befb Fix displaying size of attachments with zero size 8 years ago
Victor Benincasa daeb66ee99 Fix login form
Fix a small bug introduced on commit 43f3c5f that breaks the login form ($attrib['form'] is checked at line 1899, so it cannot be unset).
8 years ago
Aleksander Machniak 32e5a6bbcf Fix bug where folder creation could fail if personal namespace contained more than one entry (#5403)
+ small code improvements
8 years ago
Aleksander Machniak 873e0353cf Use smart-upload-button for messages and contact photos upload
Unified interface with rcmail::upload_form().
8 years ago
Aleksander Machniak 43f3c5fb2a Implement "one click" attachment upload (#5024) 8 years ago
Aleksander Machniak 9debc38724 Drop mail_header_delimiter option, since we don't use mail() we don't need it 8 years ago
Aleksander Machniak 184de7735c CS fixes (mostly phpdoc) 8 years ago
Aleksander Machniak ebc2f5dc7d Add possibility to rename attachments in mail compose (#4996)
... and fix some small issues related to the new compose attachment menu feature
8 years ago
Aleksander Machniak 8a13615e9e Add possibility to preview and download attachments in mail compose (#5053) 8 years ago
Aleksander Machniak e1165fed89 Remove backward compatibility "layer" of bc.php (#4902) - now for real 8 years ago
Aleksander Machniak 4361a95820 Fix missing localization of HTML editor when assets_dir != INSTALL_PATH 8 years ago
Aleksander Machniak 9e64dc2deb Remove application/x-tar file extension test as it might not exist in nginx config (#5253)
Use text/css instead
9 years ago
Aleksander Machniak 9634169647 Bump version number to 1.3-beta 9 years ago
Aleksander Machniak a0f38f5fd8 Small code style improvements 9 years ago
Aleksander Machniak 4e6f3019f5 Enigma: Handle encrypted/signed content inside message/rfc822 attachments 9 years ago
Aleksander Machniak 3a13b5dab8 CS fixes 9 years ago
Aleksander Machniak 0c9e55b0c9 Fix PHP warning when defaults.inc.php is not readable 9 years ago
Thomas Bruederli 4a408843b0 Protect download urls against CSRF using unique request tokens (#1490642)
Send X-Frame-Options headers with every HTTP response
9 years ago
Aleksander Machniak 10e5192a2b Fix path traversal vulnerability in setting a skin (#1490620) 9 years ago
Aleksander Machniak 69a1e4f7b1 rcube_parse_host() -> rcube_utils::parse_host() 9 years ago
Aleksander Machniak 7476410a04 Add missing deprecation warning 9 years ago
Thomas Bruederli 458a6b26e8 Load bc.inc in script startup 9 years ago
Thomas Bruederli 32695c333c Restore bc.inc which now logs a warning when calling deprecated functions 9 years ago
Aleksander Machniak a15d877ba8 Added brute-force attack prevention via login rate limit (#1490566) 9 years ago
Aleksander Machniak 454b0b1ca9 Remove deprecated rcmail and rcube_imap methods 9 years ago
Aleksander Machniak 2aa9ee56fd Fix so disabling emoticons plugin really removes emoticons button from HTML editor 9 years ago
dsoares 234fd19505 Replace deprecated call to Q within array_map() 9 years ago