Commit Graph

8366 Commits (7bbefdb63b12e2344cf1cb87aeb6e3933b4063e0)
 

Author SHA1 Message Date
Aleksander Machniak 7bbefdb63b Fix XSS issue in SVG images handling (#1490625)
Conflicts:

	CHANGELOG
9 years ago
Aleksander Machniak 3f6fbdcc6d Fix random "access to this resource is secured against CSRF" message at logout (#1490641)
- this is when openssl module is not installed
9 years ago
Aleksander Machniak db76c50a7c Update ticket number 9 years ago
Francis Russell 8a53588940 Make TLS method for IMAP parameterisable. 9 years ago
Francis Russell f8911c2a7f Enable use of TLSv1.1 and TLSv1.2 for IMAP. 9 years ago
Aleksander Machniak fc5befff0f Fix missing language name in "Add to Dictionary" request in HTML mode (#1490634)
Conflicts:

	CHANGELOG
9 years ago
Thomas Bruederli 772e08fa2a Fix mail view scaling on iOS (#1490551) 9 years ago
Thomas Bruederli f2ff464002 Bump version to 1.1.4; update Changelog 9 years ago
Aleksander Machniak ded453cdc4 Fix .htaccess rewrite rules to not block .well-known URIs (#1490615)
Conflicts:

	.htaccess
	CHANGELOG
9 years ago
Aleksander Machniak 7d0099f28e Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#1490619)
Conflicts:

	CHANGELOG
9 years ago
Aleksander Machniak 89a5dcb946 Fix path traversal vulnerability in setting a skin (#1490620)
Conflicts:

	CHANGELOG
9 years ago
Aleksander Machniak 9fbabc4668 Add INBOX to the list of folders only if no filter and no prefix was specified 9 years ago
Aleksander Machniak c67e7e8f85 Fix PDF support detection in Firefox > 19 (#1490610)
Conflicts:
	CHANGELOG
9 years ago
Aleksander Machniak c82d09a052 Fix handling of message/rfc822 attachments on replies and forwards (#1490607)
Conflicts:

	CHANGELOG
	program/lib/Roundcube/rcube_message.php
	program/steps/mail/compose.inc
9 years ago
Aleksander Machniak 6e71c958fc Fix also charset encoding of message/rfc822 part bodies (#1490606) 9 years ago
Aleksander Machniak 2382c6e822 Fix regression in displaying contents of message/rfc822 parts (#1490606)
Conflicts:

	CHANGELOG
9 years ago
Aleksander Machniak b6b92c0ddd Optionally throw 404 error when contact photo wasn't found 9 years ago
Aleksander Machniak 5143c47e0f Fix rcube_utils::words_match() to work with mixed/invalid/binary content (T844) 9 years ago
Aleksander Machniak 818b78a893 Fix invalid LDAP query in ACL user autocompletion (#1490591) 9 years ago
Aleksander Machniak 78a9870e00 Remove redundant .gitignore files 9 years ago
Thomas Bruederli 62ee427b7e Improve directory protection for Apache 2.4 9 years ago
Aleksander Machniak 9953d5c10c Add workaround for https://bugs.php.net/bug.php?id=70757 (#1490582) 9 years ago
Aleksander Machniak c7c09f85d9 Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583) 9 years ago
Aleksander Machniak 2c3634df04 Update changelog 9 years ago
Aleksander Machniak 8e7f32fddc Small improvements in HTML to text conversion.
Better handling of <body> and trailing spaces, and </p><div> or <br><div>.
9 years ago
Aleksander Machniak 9e808942ba Update changelog 9 years ago
Aleksander Machniak a04a16c285 Make sure list page is never set to 0 (#1490458)
This should fix the issue where after message move wrong message was
added to the list and the list counter was invalid.
9 years ago
Aleksander Machniak 72be74508f Fix redundant blank lines when using HTML and top posting (#1490576) 9 years ago
Aleksander Machniak 6ee039e10e Bump Net_SMTP version in composer config (#1490569) 9 years ago
Aleksander Machniak 5de338e45e Update changelog 9 years ago
Aleksander Machniak 70942083ce After failed login wait a second to slow down brute-force attacks (#1490549) 9 years ago
Aleksander Machniak 280395a544 Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#1490539)
Technically speaking we remove the whole CSS content when it has more than 5k lines.
9 years ago
Aleksander Machniak c5acbc6c94 Fix bug where message preview was unintentionally reset on check-recent action (#1490563) 9 years ago
Aleksander Machniak 5e6f6ac539 Fix responses list update issue after response name change (#1490555) 9 years ago
Aleksander Machniak ba48318e2c Fix so database_attachments::cleanup() does not remove attachments from other sessions (#1490542)
Conflicts:
	CHANGELOG
9 years ago
Aleksander Machniak 3d9798da1f Make brute force attacks harder by re-generating security token on every failed login (#1490549)
Or more precissely use the same we did in git-master, i.e. do not base the token on
session ID, but use random bytes instead.
9 years ago
Aleksander Machniak 7d9a29cbc0 Remove also old .htaccess file that is not used anymore (#1489980) 9 years ago
Aleksander Machniak c2269df436 Require PHP5 9 years ago
Aleksander Machniak 0596f79a18 Require PHP5 9 years ago
Aleksander Machniak 357cd5103d Fix issue where Content-Length of some attachments could be set to wrong value causing browser errors (#1490482) 9 years ago
Aleksander Machniak 6731d2116c Fix XSS issue in drag-n-drop file uploads (#1490530) 9 years ago
Aleksander Machniak 73d98c4766 Fix missing HTTP_X_FORWARDED_FOR address in generated Received header 9 years ago
Aleksander Machniak 9f98332240 Fix so In-Reply-To header is set also for MDN receipts (#1490523) 9 years ago
Aleksander Machniak bbef212b0e Fallback to C locale 9 years ago
Aleksander Machniak 7bfe676d53 Fix various issues with Turkish (and similar) locales (#1490519) 9 years ago
Aleksander Machniak ac3078fe93 Fix support for Mozilla-based browsers, e.g. Pale Moon (#1490517) 9 years ago
Aleksander Machniak 03be470538 Fix so gc.sh script removes also expired sessions from sql database (#1490512) 9 years ago
Aleksander Machniak 52b75f2506 Fix so adding CC/BCC recipients from the sidebar unhides compose form fields in Classic skin (#1490472) 9 years ago
Aleksander Machniak 8ef86f5253 Fix handling of plus character in mailto: links (#1490510) 9 years ago
Aleksander Machniak b9bbc69ddc Fix typo 9 years ago