Aleksander Machniak
10e5192a2b
Fix path traversal vulnerability in setting a skin ( #1490620 )
9 years ago
Aleksander Machniak
69a1e4f7b1
rcube_parse_host() -> rcube_utils::parse_host()
9 years ago
Aleksander Machniak
7476410a04
Add missing deprecation warning
9 years ago
Thomas Bruederli
458a6b26e8
Load bc.inc in script startup
9 years ago
Thomas Bruederli
32695c333c
Restore bc.inc which now logs a warning when calling deprecated functions
9 years ago
Aleksander Machniak
a15d877ba8
Added brute-force attack prevention via login rate limit ( #1490566 )
9 years ago
Aleksander Machniak
454b0b1ca9
Remove deprecated rcmail and rcube_imap methods
9 years ago
Aleksander Machniak
2aa9ee56fd
Fix so disabling emoticons plugin really removes emoticons button from HTML editor
9 years ago
dsoares
234fd19505
Replace deprecated call to Q within array_map()
9 years ago
Aleksander Machniak
74ce01efc7
Q() -> rcube::Q()
9 years ago
Aleksander Machniak
a5c03db798
Security: Added options to validate username/password on logon ( #1490500 )
9 years ago
Aleksander Machniak
c1bbf0d0b6
After failed login wait a second to slow down brute-force attacks ( #1490549 )
9 years ago
Aleksander Machniak
fddfd8e6d7
Remove backward compatibility "layer" of bc.php ( #1490534 )
9 years ago
Aleksander Machniak
df0b4f3437
Make sure an email address is valid when replacing it with mailto: link
9 years ago
Aleksander Machniak
26086981a2
Improve randomness of security tokens ( #1490529 )
9 years ago
Aleksander Machniak
e2f605d44d
Fallback to C locale
9 years ago
Aleksander Machniak
3c29c7e858
Fix various issues with Turkish (and similar) locales ( #1490519 )
9 years ago
Aleksander Machniak
c4daf3f14f
Fix regression in converting signatures to text, fixed PHP warning in html2text() call
9 years ago
Aleksander Machniak
a63f14ec40
Emoticons-related code refactoring
...
- Emoticons: All emoticons-related functionality is handled by the plugin now
- Emoticons: Added option to switch on/off emoticons in compose editor (#1485732 )
- Emoticons: Added option to switch on/off emoticons in plain text messages
- Plugin API: Added disabled_plugins an disabled_buttons options in html_editor hook
- Plugin API: Added html2text hook
9 years ago
Aleksander Machniak
1b39d9a6c7
PHP7: Fixed some E_WARNING errors that previously were E_STRICT
9 years ago
Aleksander Machniak
93e64008a6
Small code improvements
9 years ago
Aleksander Machniak
08bb20f261
Don't use deprecated functions/constants (from bc.inc)
9 years ago
Aleksander Machniak
9d78c68cbf
Fix so imap folder attribute comparisons are case-insensitive ( #1490466 )
...
+ make in_array_nocase() much faster for ASCII strings
9 years ago
Aleksander Machniak
252cc4c4ac
Password: Allow temporarily disabling the plugin functionality with a notice
9 years ago
Aleksander Machniak
8447bae77c
Require Mbstring and OpenSSL extensions ( #1490415 ) - remove redundant code
10 years ago
Aleksander Machniak
a958748947
CS fixes
10 years ago
Aleksander Machniak
b782815dac
Fix XSS vulnerability in _mbox argument handling ( #1490417 )
10 years ago
Aleksander Machniak
8042e13af6
Add --config and --type options to moduserprefs.sh script ( #1490051 )
10 years ago
Aleksander Machniak
3994b3a26c
Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key ( #1490402 )
10 years ago
Aleksander Machniak
0c08b04778
Fix issues when using moduserprefs.sh without --user argument ( #1490399 )
10 years ago
Aleksander Machniak
03aa84f784
Fix bug where some files could have "executable" extension when stored in temp folder ( #1490377 )
10 years ago
Aleksander Machniak
e7620812b0
Installer: Remove system() function use ( #1490139 )
...
Move some functionality of scripts from bin/ into rcmail_utils class
10 years ago
Thomas Bruederli
0bd99db08d
Localize common error messages; improve explanation for CSRF check failures
10 years ago
Aleksander Machniak
216b31dd99
Fix so "over quota" errors are displayed also in message compose page
...
This also fixes over quota responses on cyrus imap which uses "Over quota" string and no error identifier.
10 years ago
Aleksander Machniak
f070da7c27
Fix fatal errors on systems without mbstring extension or mb_regex_encoding() function ( #1490280 )
10 years ago
Aleksander Machniak
3665d1e8ec
Merge pull request #259 from corbosman/plugin_preload
...
Plugin preload
10 years ago
Aleksander Machniak
3779b67a9c
Set version number to 1.2-git
10 years ago
Thomas Bruederli
2f8b1036da
Bump version and copyright year
10 years ago
corbosman
de89d46be2
Load plugins before sessions have started
...
Move the plugin loading phase to before sessions have started allowing plugins to add session drivers. Plugins that want to use this should define an "onload" method in their plugins. This method does not have access to variables like $task as they are not yet initialised at that time.
10 years ago
Aleksander Machniak
09d52dbb67
Fix some typos in comments
10 years ago
Thomas Bruederli
be140e827d
Don't reset 'plugins' config option when running from update.sh script
10 years ago
Aleksander Machniak
c6efcf5e6d
Fix blocked.gif image usage with assets_dir set
10 years ago
Thomas Bruederli
b737021a90
Improve plugin selection in installer; check already selected plugins
10 years ago
Thomas B.
8e7ed506c4
Merge pull request #248 from flanpy/master
...
#1489096 : Ability to select plugins to enable in the installer
10 years ago
Aleksander Machniak
7259529fad
Get rid of requests whitelist for security check bypass
10 years ago
Aleksander Machniak
681ba6fc3c
Improve system security by using optional special URL with security token
...
Allows to define separate server/path for image/js/css files
Fix bugs where CSRF attacks were still possible on some requests
10 years ago
Aleksander Machniak
f7f4672649
Fix regression in rcmail::show_bytes() where unit was set to "[]" instead of "B"
10 years ago
Aleksander Machniak
0b36d15157
Add method to display operation (uploading) progress in UI message
10 years ago
Aleksander Machniak
2dfad0a564
Make upload progress text more compact.
...
E.g. "500 KB of 10 MB" becomes "0.5 of 10 MB"
10 years ago
Aleksander Machniak
9e4246d957
Code improvements and fixes (mostly unused variables and methods)
10 years ago