Aleksander Machniak
5d16751ed8
Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview ( #5580 )
7 years ago
Thomas Bruederli
3723f3f178
Fix rcube_utils::random_bytes() to not throw exception for length=0
7 years ago
Aleksander Machniak
1fcf7bfab3
Fix bug where HTML messages with @media styles could moddify style of page body ( #5811 )
7 years ago
Aleksander Machniak
f0431c7475
Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length ( #5788 )
7 years ago
Aleksander Machniak
27a621818d
Make sure rcube_utils::resolve_url() does not add port 80 to the url
...
...which might have happened with reverse proxies
8 years ago
Aleksander Machniak
8f22c3287d
Fix bug where comment notation within style tag would cause the whole style to be ignored ( #5747 )
8 years ago
Aleksander Machniak
9ff7b78c7e
Fix conflict with _gid cookie of Google Analytics ( #5748 )
...
TODO: Review the whole code base and don't use INPUT_GPC when it's not really needed,
in most cases we should not read $_COOKIE.
8 years ago
Thomas Bruederli
bf21557873
Better fix for XSS in style tags ( b59ff5ca
)
8 years ago
Aleksander Machniak
05aae4711c
Replace xss_entity_decode_callback() method with lambda function
8 years ago
Aleksander Machniak
b59ff5cafb
Fix XSS issue in handling of a style tag inside of an svg element
8 years ago
Aleksander Machniak
81f67a4de2
Don't use each() deprecated in PHP 7.2
8 years ago
Aleksander Machniak
dfd19206a4
sizeof() -> count()
8 years ago
Aleksander Machniak
7340360e79
Fix bug where image data URIs in css style were treated as evil/remote in mail preview ( #5580 )
8 years ago
Aleksander Machniak
4e0532808d
Fix bug where it wasn't possible to store more that 2MB objects in memcache/apc ( #5452 )
...
Added memcache_max_allowed_packet and apc_max_allowed_packet settings
8 years ago
Aleksander Machniak
195dc11855
Support host-specific imap_conn_options/smtp_conn_options/managesieve_conn_options ( #5136 )
8 years ago
Aleksander Machniak
dcabc1d814
Merge remote-tracking branch 'upstream/master'
...
Conflicts:
tests/Framework/Washtml.php
8 years ago
Aleksander Machniak
c3fc072d97
Remove code related to magic_quotes_* and register_globals
...
...they do not exist in PHP 5.4 which we now require.
8 years ago
Aleksander Machniak
906cf101c3
Better time handling in rcube_utils::clean_datestr()
8 years ago
Aleksander Machniak
ec1525a1e6
Remove debug code
8 years ago
Aleksander Machniak
ed35267b9b
Managesieve: Fix parsing of vacation date-time with non-default date_format ( #5372 )
...
Added new method rcube_utils::format_datestr() to convert date_format date
into ISO date format.
8 years ago
Aleksander Machniak
f2eafda539
Fix bug where microsecond format in logged date didn't work in some cases
9 years ago
Aleksander Machniak
d61d33a12a
Fix handling of --delete argument in moduserprefs.sh script ( #5296 )
9 years ago
Aleksander Machniak
6737e293bb
Wash position:fixed style in HTML mail for better security ( #5264 )
9 years ago
Aleksander Machniak
cbe701ac4a
Fix rcube_utils::words_match() to work with mixed/invalid/binary content (T844)
9 years ago
Aleksander Machniak
7e3298753a
Use ternary operator where aplicable
9 years ago
Aleksander Machniak
a03233ceba
CS fixes
9 years ago
Aleksander Machniak
b2b9b591ce
Fix handling random_bytes() errors in PHP 7.0.0RC3
9 years ago
Aleksander Machniak
e85bbc9e9c
random_bytes() can throw an exception in some cases, since PHP 7.0.0rc3
9 years ago
Aleksander Machniak
26086981a2
Improve randomness of security tokens ( #1490529 )
9 years ago
Aleksander Machniak
f00e1f5333
CS fixes
9 years ago
Aleksander Machniak
7a42173a16
Simplify rcube_utils::check_ip()
9 years ago
Aleksander Machniak
6b31846c43
Fix IPv6 address validation on PHP with disabled IPv6 support
9 years ago
Aleksander Machniak
93e64008a6
Small code improvements
9 years ago
Aleksander Machniak
8447bae77c
Require Mbstring and OpenSSL extensions ( #1490415 ) - remove redundant code
10 years ago
Aleksander Machniak
9aae1b7fc3
Fix so microseconds macro (u) in log_date_format works ( #1490446 )
10 years ago
Aleksander Machniak
a958748947
CS fixes
10 years ago
Aleksander Machniak
3994b3a26c
Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key ( #1490402 )
10 years ago
Thomas Bruederli
c32998084d
Add untility function to match strings ignoring word order
10 years ago
Thomas Bruederli
e8b82c2e7b
Fix rcube_utils::normalize_string() to support unicode characters + add argument for minimum token length
10 years ago
Thomas Bruederli
09c58d1add
Make rcube_utils::strtotime() timezone aware ( #1490163 )
10 years ago
Aleksander Machniak
787a421846
Fix rcube_utils::anytodatetime() with no timezone specified
10 years ago
Aleksander Machniak
848e204ef9
Fix validation of email addresses with IDNA domains ( #1490067 )
10 years ago
Aleksander Machniak
29c24e647c
Get rid of DIRECTORY_SEPARATOR for consistency
10 years ago
Aleksander Machniak
5f58127eae
Added rcube_utils::resolve_url()
10 years ago
Aleksander Machniak
75bbada03b
Remove code for PHP<5.3, use PHP_VERSION_ID instead of version_compare() for version checks
10 years ago
Thomas Bruederli
cc850263d4
Add optional timezone argument for date conversion
10 years ago
Aleksander Machniak
49dad5f669
Fix broken normalize_string(), add support for ISO-8859-2
11 years ago
Felix Eckhofer
30e6b980a6
Remove usage of $RCMAIL global variable
11 years ago
Felix Eckhofer
ef721fc430
Add config variable 'proxy_whitelist'
...
HTTP headers X_FORWARDED_* and X_REAL_IP are only evaluated when
received from an IP listed in proxy_whitelist. Furthermore, only the
last non-trusted IP from X-Forwarded-For is used in place of the real
ip.
Without this, an attacker can easily spoof the headers and control the
result of the ip or ssl check.
This fixes several problems with [3a4c9f42
], [4d480b36
] and [a520f331
] as
mentioned in #1489729 .
11 years ago
Aleksander Machniak
517c9f9a8d
Fix directories check in Installer on Windows ( #1489576 )
...
Added rcube_utils::is_absolute_path() method
11 years ago