3196d656db
Fix css conflicts in user interface and e-mail content ( #5891 )
...
... by adding prefix to element/class identifiers
Also cleaned up some code and removed global variable use.
7 years ago
5d16751ed8
Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview ( #5580 )
7 years ago
3723f3f178
Fix rcube_utils::random_bytes() to not throw exception for length=0
7 years ago
1fcf7bfab3
Fix bug where HTML messages with @media styles could moddify style of page body ( #5811 )
7 years ago
f0431c7475
Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length ( #5788 )
7 years ago
27a621818d
Make sure rcube_utils::resolve_url() does not add port 80 to the url
...
...which might have happened with reverse proxies
8 years ago
8f22c3287d
Fix bug where comment notation within style tag would cause the whole style to be ignored ( #5747 )
8 years ago
9ff7b78c7e
Fix conflict with _gid cookie of Google Analytics ( #5748 )
...
TODO: Review the whole code base and don't use INPUT_GPC when it's not really needed,
in most cases we should not read $_COOKIE.
8 years ago
bf21557873
Better fix for XSS in style tags ( b59ff5ca)
8 years ago
05aae4711c
Replace xss_entity_decode_callback() method with lambda function
8 years ago
b59ff5cafb
Fix XSS issue in handling of a style tag inside of an svg element
8 years ago
81f67a4de2
Don't use each() deprecated in PHP 7.2
8 years ago
dfd19206a4
sizeof() -> count()
8 years ago
7340360e79
Fix bug where image data URIs in css style were treated as evil/remote in mail preview ( #5580 )
8 years ago
4e0532808d
Fix bug where it wasn't possible to store more that 2MB objects in memcache/apc ( #5452 )
...
Added memcache_max_allowed_packet and apc_max_allowed_packet settings
8 years ago
195dc11855
Support host-specific imap_conn_options/smtp_conn_options/managesieve_conn_options ( #5136 )
8 years ago
dcabc1d814
Merge remote-tracking branch 'upstream/master'
...
Conflicts:
tests/Framework/Washtml.php
8 years ago
c3fc072d97
Remove code related to magic_quotes_* and register_globals
...
...they do not exist in PHP 5.4 which we now require.
8 years ago
906cf101c3
Better time handling in rcube_utils::clean_datestr()
8 years ago
ec1525a1e6
Remove debug code
8 years ago
ed35267b9b
Managesieve: Fix parsing of vacation date-time with non-default date_format ( #5372 )
...
Added new method rcube_utils::format_datestr() to convert date_format date
into ISO date format.
8 years ago
f2eafda539
Fix bug where microsecond format in logged date didn't work in some cases
9 years ago
d61d33a12a
Fix handling of --delete argument in moduserprefs.sh script ( #5296 )
9 years ago
6737e293bb
Wash position:fixed style in HTML mail for better security ( #5264 )
9 years ago
cbe701ac4a
Fix rcube_utils::words_match() to work with mixed/invalid/binary content (T844)
9 years ago
7e3298753a
Use ternary operator where aplicable
9 years ago
a03233ceba
CS fixes
9 years ago
b2b9b591ce
Fix handling random_bytes() errors in PHP 7.0.0RC3
9 years ago
e85bbc9e9c
random_bytes() can throw an exception in some cases, since PHP 7.0.0rc3
9 years ago
26086981a2
Improve randomness of security tokens ( #1490529 )
9 years ago
f00e1f5333
CS fixes
9 years ago
7a42173a16
Simplify rcube_utils::check_ip()
9 years ago
6b31846c43
Fix IPv6 address validation on PHP with disabled IPv6 support
9 years ago
93e64008a6
Small code improvements
9 years ago
8447bae77c
Require Mbstring and OpenSSL extensions ( #1490415 ) - remove redundant code
9 years ago
9aae1b7fc3
Fix so microseconds macro (u) in log_date_format works ( #1490446 )
10 years ago
a958748947
CS fixes
10 years ago
3994b3a26c
Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key ( #1490402 )
10 years ago
c32998084d
Add untility function to match strings ignoring word order
10 years ago
e8b82c2e7b
Fix rcube_utils::normalize_string() to support unicode characters + add argument for minimum token length
10 years ago
09c58d1add
Make rcube_utils::strtotime() timezone aware ( #1490163 )
10 years ago
787a421846
Fix rcube_utils::anytodatetime() with no timezone specified
10 years ago
848e204ef9
Fix validation of email addresses with IDNA domains ( #1490067 )
10 years ago
29c24e647c
Get rid of DIRECTORY_SEPARATOR for consistency
10 years ago
5f58127eae
Added rcube_utils::resolve_url()
10 years ago
75bbada03b
Remove code for PHP<5.3, use PHP_VERSION_ID instead of version_compare() for version checks
10 years ago
cc850263d4
Add optional timezone argument for date conversion
10 years ago
49dad5f669
Fix broken normalize_string(), add support for ISO-8859-2
11 years ago
30e6b980a6
Remove usage of $RCMAIL global variable
11 years ago
ef721fc430
Add config variable 'proxy_whitelist'
...
HTTP headers X_FORWARDED_* and X_REAL_IP are only evaluated when
received from an IP listed in proxy_whitelist. Furthermore, only the
last non-trusted IP from X-Forwarded-For is used in place of the real
ip.
Without this, an attacker can easily spoof the headers and control the
result of the ip or ssl check.
This fixes several problems with [3a4c9f424d480b36a520f331#1489729 .
11 years ago
Aleksander Machniak