Aleksander Machniak
2a32f51c91
Fix file disclosure vulnerability caused by insuficient input validation in relation with attachment plugins ( #6026 )
7 years ago
Aleksander Machniak
cfed954a46
Fix bug where Chrome could not upload the same file that was selected before ( #5854 )
...
... and removed the cancel hack that is not needed anymore.
7 years ago
Aleksander Machniak
86a4d78369
Merge branch 'dev-elastic'
7 years ago
Aleksander Machniak
7b4b36b16c
Plugin API: Added 'show_bytes' hook ( #5001 )
7 years ago
Aleksander Machniak
9858c2a294
Merge branch 'master' into dev-elastic
8 years ago
Aleksander Machniak
34446e00ca
Fix bug where namespace prefix could not be truncated on folders list if show_real_foldernames=true ( #5695 )
8 years ago
ka7
9a35768c26
spelling fixes ( #5690 )
8 years ago
Aleksander Machniak
adbab9d3e2
Merge branch 'master' into dev-elastic
8 years ago
Aleksander Machniak
81f67a4de2
Don't use each() deprecated in PHP 7.2
8 years ago
Aleksander Machniak
879f1dd2a0
Register some labels, add one localization label
8 years ago
Aleksander Machniak
25de39d444
Merge branch 'dev-remove-js-deps'
8 years ago
Aleksander Machniak
2733258d2b
Load 'close' label for dialogs by default
8 years ago
Aleksander Machniak
5e1da48d0c
Remove external javascript code from the git repo, add jsdeps.sh script ( #5535 )
8 years ago
Aleksander Machniak
ecfe177173
CS fixes, use $this instead of local variable
8 years ago
Aleksander Machniak
e3b61cd487
Plugin API: Added get_compose_responses hook ( #5457 )
8 years ago
Aleksander Machniak
571a10751f
Display error when trying to upload more files than specified in max_file_uploads ( #5483 )
8 years ago
Aleksander Machniak
4e0532808d
Fix bug where it wasn't possible to store more that 2MB objects in memcache/apc ( #5452 )
...
Added memcache_max_allowed_packet and apc_max_allowed_packet settings
8 years ago
Aleksander Machniak
650ac8befb
Fix displaying size of attachments with zero size
8 years ago
Aleksander Machniak
32e5a6bbcf
Fix bug where folder creation could fail if personal namespace contained more than one entry ( #5403 )
...
+ small code improvements
8 years ago
Aleksander Machniak
873e0353cf
Use smart-upload-button for messages and contact photos upload
...
Unified interface with rcmail::upload_form().
8 years ago
Aleksander Machniak
184de7735c
CS fixes (mostly phpdoc)
8 years ago
Aleksander Machniak
ebc2f5dc7d
Add possibility to rename attachments in mail compose ( #4996 )
...
... and fix some small issues related to the new compose attachment menu feature
8 years ago
Aleksander Machniak
8a13615e9e
Add possibility to preview and download attachments in mail compose ( #5053 )
8 years ago
Aleksander Machniak
4361a95820
Fix missing localization of HTML editor when assets_dir != INSTALL_PATH
8 years ago
Aleksander Machniak
a0f38f5fd8
Small code style improvements
9 years ago
Aleksander Machniak
4e6f3019f5
Enigma: Handle encrypted/signed content inside message/rfc822 attachments
9 years ago
Thomas Bruederli
4a408843b0
Protect download urls against CSRF using unique request tokens ( #1490642 )
...
Send X-Frame-Options headers with every HTTP response
9 years ago
Aleksander Machniak
a15d877ba8
Added brute-force attack prevention via login rate limit ( #1490566 )
9 years ago
Aleksander Machniak
454b0b1ca9
Remove deprecated rcmail and rcube_imap methods
9 years ago
Aleksander Machniak
2aa9ee56fd
Fix so disabling emoticons plugin really removes emoticons button from HTML editor
9 years ago
Aleksander Machniak
a5c03db798
Security: Added options to validate username/password on logon ( #1490500 )
9 years ago
Aleksander Machniak
c1bbf0d0b6
After failed login wait a second to slow down brute-force attacks ( #1490549 )
9 years ago
Aleksander Machniak
26086981a2
Improve randomness of security tokens ( #1490529 )
9 years ago
Aleksander Machniak
e2f605d44d
Fallback to C locale
9 years ago
Aleksander Machniak
3c29c7e858
Fix various issues with Turkish (and similar) locales ( #1490519 )
9 years ago
Aleksander Machniak
c4daf3f14f
Fix regression in converting signatures to text, fixed PHP warning in html2text() call
9 years ago
Aleksander Machniak
a63f14ec40
Emoticons-related code refactoring
...
- Emoticons: All emoticons-related functionality is handled by the plugin now
- Emoticons: Added option to switch on/off emoticons in compose editor (#1485732 )
- Emoticons: Added option to switch on/off emoticons in plain text messages
- Plugin API: Added disabled_plugins an disabled_buttons options in html_editor hook
- Plugin API: Added html2text hook
9 years ago
Aleksander Machniak
1b39d9a6c7
PHP7: Fixed some E_WARNING errors that previously were E_STRICT
9 years ago
Aleksander Machniak
08bb20f261
Don't use deprecated functions/constants (from bc.inc)
9 years ago
Aleksander Machniak
9d78c68cbf
Fix so imap folder attribute comparisons are case-insensitive ( #1490466 )
...
+ make in_array_nocase() much faster for ASCII strings
9 years ago
Aleksander Machniak
a958748947
CS fixes
10 years ago
Aleksander Machniak
b782815dac
Fix XSS vulnerability in _mbox argument handling ( #1490417 )
10 years ago
Aleksander Machniak
03aa84f784
Fix bug where some files could have "executable" extension when stored in temp folder ( #1490377 )
10 years ago
Aleksander Machniak
216b31dd99
Fix so "over quota" errors are displayed also in message compose page
...
This also fixes over quota responses on cyrus imap which uses "Over quota" string and no error identifier.
10 years ago
Aleksander Machniak
3665d1e8ec
Merge pull request #259 from corbosman/plugin_preload
...
Plugin preload
10 years ago
corbosman
de89d46be2
Load plugins before sessions have started
...
Move the plugin loading phase to before sessions have started allowing plugins to add session drivers. Plugins that want to use this should define an "onload" method in their plugins. This method does not have access to variables like $task as they are not yet initialised at that time.
10 years ago
Aleksander Machniak
c6efcf5e6d
Fix blocked.gif image usage with assets_dir set
10 years ago
Aleksander Machniak
7259529fad
Get rid of requests whitelist for security check bypass
10 years ago
Aleksander Machniak
681ba6fc3c
Improve system security by using optional special URL with security token
...
Allows to define separate server/path for image/js/css files
Fix bugs where CSRF attacks were still possible on some requests
10 years ago
Aleksander Machniak
f7f4672649
Fix regression in rcmail::show_bytes() where unit was set to "[]" instead of "B"
10 years ago