Commit Graph

95 Commits (802ed0dc6dbfaa520c6d669643ece67dcbd68b0c)

Author SHA1 Message Date
Aleksander Machniak 2dcf50019c Merge branch 'master' into dev/elastic 6 years ago
Aleksander Machniak c28242f63c Log errors caused by low pcre.backtrack_limit when sending a mail message (#6433) 6 years ago
Aleksander Machniak 796e5a17e6 Removed referer_check option (#6440) 6 years ago
Aleksander Machniak cba1605949 Add http_only argument to rcube_utils::setcookie() 7 years ago
Aleksander Machniak 0716d499bc Fix bug where some escape sequences in html styles could bypass security checks 7 years ago
Aleksander Machniak a889f55c31 Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244) 7 years ago
Aleksander Machniak b2bebe531a Fix bug where usernames without domain part could be malformed or converted to lower-case on logon (#6224) 7 years ago
Aleksander Machniak f36e23b778 Fix parsing date strings (e.g. from a Date: mail header) with comments (#6216) 7 years ago
Aleksander Machniak 0f3ad342f7 Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() (#6212) 7 years ago
Aleksander Machniak a1be62b19d Remove redundant trim() 7 years ago
Aleksander Machniak 9d2b303b51 Fix bug in remote content blocking on HTML image and style tags (#6178) 7 years ago
Aleksander Machniak b172fb505c Improve trusted_host_patterns code 7 years ago
Aleksander Machniak 4a5ca74724 Merge branch 'trusted-host-patterns' of https://github.com/dsoares/roundcubemail into dsoares-trusted-host-patterns 7 years ago
Daniel Kesselberg a8d5547163 Update idn convertion methods (#6115)
* Add more test cases
* Update phpdoc
7 years ago
Aleksander Machniak 63a7d2313f Improve SMTPUTF8 support and fix relaxed email validation issues 7 years ago
Aleksander Machniak 5665344673 Merge branch 'smtputf8' of https://github.com/jprjr/roundcubemail into jprjr-smtputf8 7 years ago
Aleksander Machniak 3cdc8af297 Fix possible performance issue when parsing malformed and long Date header (#6087) 7 years ago
Aleksander Machniak 3488531b26 Fix PHP Warning: Use of undefined constant INTL_IDNA_VARIANT_UTS46 on servers without php-intl extension 7 years ago
Aleksander Machniak ca39a4e093 Fix PHP warning "idn_to_utf8(): INTL_IDNA_VARIANT_2003 is deprecated" with PHP 7.2 (#6075) 7 years ago
dsoares 5282cbaff9 Check against trusted_host_patterns in rcube_utils::parse_host() 7 years ago
dsoares 50a9c8f777 Add option trusted_host_patterns 7 years ago
Aleksander Machniak 3196d656db Fix css conflicts in user interface and e-mail content (#5891)
... by adding prefix to element/class identifiers
Also cleaned up some code and removed global variable use.
7 years ago
Aleksander Machniak 5d16751ed8 Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 7 years ago
Thomas Bruederli 3723f3f178 Fix rcube_utils::random_bytes() to not throw exception for length=0 7 years ago
Aleksander Machniak 1fcf7bfab3 Fix bug where HTML messages with @media styles could moddify style of page body (#5811) 8 years ago
Aleksander Machniak f0431c7475 Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length (#5788) 8 years ago
Aleksander Machniak 27a621818d Make sure rcube_utils::resolve_url() does not add port 80 to the url
...which might have happened with reverse proxies
8 years ago
Aleksander Machniak 8f22c3287d Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747) 8 years ago
Aleksander Machniak 9ff7b78c7e Fix conflict with _gid cookie of Google Analytics (#5748)
TODO: Review the whole code base and don't use INPUT_GPC when it's not really needed,
      in most cases we should not read $_COOKIE.
8 years ago
Thomas Bruederli bf21557873 Better fix for XSS in style tags (b59ff5ca) 8 years ago
Aleksander Machniak 05aae4711c Replace xss_entity_decode_callback() method with lambda function 8 years ago
Aleksander Machniak b59ff5cafb Fix XSS issue in handling of a style tag inside of an svg element 8 years ago
Aleksander Machniak 81f67a4de2 Don't use each() deprecated in PHP 7.2 8 years ago
Aleksander Machniak dfd19206a4 sizeof() -> count() 8 years ago
Aleksander Machniak 7340360e79 Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 8 years ago
Aleksander Machniak 4e0532808d Fix bug where it wasn't possible to store more that 2MB objects in memcache/apc (#5452)
Added memcache_max_allowed_packet and apc_max_allowed_packet settings
8 years ago
Aleksander Machniak 195dc11855 Support host-specific imap_conn_options/smtp_conn_options/managesieve_conn_options (#5136) 8 years ago
Aleksander Machniak dcabc1d814 Merge remote-tracking branch 'upstream/master'
Conflicts:
	tests/Framework/Washtml.php
8 years ago
Aleksander Machniak c3fc072d97 Remove code related to magic_quotes_* and register_globals
...they do not exist in PHP 5.4 which we now require.
8 years ago
Aleksander Machniak 906cf101c3 Better time handling in rcube_utils::clean_datestr() 8 years ago
Aleksander Machniak ec1525a1e6 Remove debug code 8 years ago
Aleksander Machniak ed35267b9b Managesieve: Fix parsing of vacation date-time with non-default date_format (#5372)
Added new method rcube_utils::format_datestr() to convert date_format date
into ISO date format.
8 years ago
Aleksander Machniak f2eafda539 Fix bug where microsecond format in logged date didn't work in some cases 9 years ago
Aleksander Machniak d61d33a12a Fix handling of --delete argument in moduserprefs.sh script (#5296) 9 years ago
Aleksander Machniak 6737e293bb Wash position:fixed style in HTML mail for better security (#5264) 9 years ago
John Regan 3a2874c77c Remove check for multiple dots in local-part 9 years ago
John Regan 0e809364e7 Support SMTPUTF8, relax email restrictions
If the FROM/TO portions of an email use non-ASCII characters,
check that the SMTP server supports the SMTPUTF8 extension.

Additionally, change some rules for parsing email addresses to
allow for more characters. Basically, SMTPUTF8 states that
nearly any printable character is a valid character in an
email address.
9 years ago
Aleksander Machniak cbe701ac4a Fix rcube_utils::words_match() to work with mixed/invalid/binary content (T844) 9 years ago
Aleksander Machniak 7e3298753a Use ternary operator where aplicable 9 years ago
Aleksander Machniak a03233ceba CS fixes 9 years ago