thomascube
a77cf2292b
Add optional referer check to prevent CSRF in GET requests
14 years ago
thomascube
784a425e07
protect login form submission from CSRF using a request token
14 years ago
thomascube
cf2da2f9aa
Improve session validity check with changing auth cookies; reduce writes to DB; better phpdoc
14 years ago
thomascube
32234d71d3
Better fix for login redirect, don't force mail task
14 years ago
alecpl
68d2d54100
- Move action files map from index.php to steps' func.inc files
14 years ago
thomascube
88007cf060
Fix login redirect issues ( #1487686 )
14 years ago
thomascube
f5e7b35307
Bumbed version; Roundcube development is not Switzerland only
14 years ago
thomascube
c3be8ed64c
Make sure an existing session is killed/replaced when submitting login form
14 years ago
alecpl
af3c045ecf
- New Folder Manager UI
...
- Fix invalid Request when creating a folder (#1487443 )
- Add folder size and quota indicator in folder manager (#1485780 )
- Add possibility to move a subfolder into root folder (#1486791 )
14 years ago
alecpl
5f560ee7a0
- Plugin API: Add 'pass' argument in 'authenticate' hook ( #1487134 )
14 years ago
alecpl
6d99f99576
- Handle situation when $IMAP object isn't initialized on log in
14 years ago
alecpl
8fcc3e1ad6
- Improved IMAP errors handling
14 years ago
alecpl
249db18585
- Fix "Server Error! (Not Found)" when using utils/save-pref action ( #1487023 )
14 years ago
alecpl
e019f2d0f2
- s/RoundCube/Roundcube/
14 years ago
alecpl
614c642a4b
- Fix list_cols is not updated after column dragging ( #1486999 )
...
- Improved save-pref action and moved to separate file in utils task directory
- Improved http_post/http_request to support first argument in form 'task/action'
14 years ago
thomascube
4859fedb92
Fix unit tests + update version
15 years ago
alecpl
b25dfd0913
- removed PHP closing tag
15 years ago
thomascube
05a631a43c
Allow plugins to register their own tasks
15 years ago
alecpl
3544558f2d
- Add HTTP_X_REAL_IP and HTTP_X_FORWARDED_FOR to successful logins log ( #1486441 )
15 years ago
thomascube
aa12df20e4
Add server-side plugin hooks to address group functions + better action names
15 years ago
thomascube
c0297f4172
Asynchronously expand contact groups + skip count queries in autocompletion mode + check for the existance of contactgroups table
15 years ago
thomascube
3baa72a62f
Implement group renaming/deleting + use more consistent names for commands and actions ( #1486587 )
15 years ago
thomascube
a61bbb24aa
Added basic contact groups feature
15 years ago
thomascube
f52c936f4d
Merged devel-threads branch (r3066:3364) back into trunk
15 years ago
alecpl
929a508d80
- Improve performance by avoiding unnecessary updates to the session table ( #1486325 )
15 years ago
alecpl
64608bf2ef
- Password: Make passwords encoding consistent with core, add 'password_charset' global option ( #1486473 )
15 years ago
alecpl
7481dd903e
- don't set task for login_after hook
15 years ago
alecpl
48bc52e835
- Fix imap_init hook broken in r3258 ( #1486493 )
15 years ago
alecpl
9b94eb6415
- Fix setting task name according to auth state. So, any action before user
...
is authenticated is assigned to 'login' task instead of 'mail'. Now binding
plugins to 'login' task is possible and realy usefull. It's also possible
to bind to all tasks excluding 'login'.
15 years ago
alecpl
10eedbe75a
- add file/line definitions to raise_error() calls
15 years ago
alecpl
76c94b6ba8
- Fix 'force_https' to specified port when URL contains a port number ( #1486411 )
15 years ago
alecpl
5818e44345
- Fix $_SERVER['HTTPS'] check for SSL forcing on IIS ( #1486243 ) + fix port check
15 years ago
thomascube
f5d61d845f
Revert r3038 and allow to specify the port as value of force_https
15 years ago
alecpl
b5713396f1
- fix last commit
15 years ago
alecpl
ccc80d1ca8
- Fix login page loading into an iframe when session expires ( #1485952 )
15 years ago
alecpl
65c0a0e591
- Option 'force_https' replaced by 'force_https' plugin
...
- added option 'force_https_port' in 'force_https' plugin (#1486091 )
15 years ago
alecpl
161c28dffc
- Fix wrong headers for IE on servers without $_SERVER['HTTPS'] ( #1485926 )
...
- Force IE style headers for attachments in non-HTTPS session, 'use_https' option (#1485655 )
15 years ago
thomascube
7ef47e59a9
Add some arguments to the logout_after hook
16 years ago
thomascube
d002607852
Implemented logout_after plugin hook
16 years ago
thomascube
0ddf59aeb4
Fix spell check ( #1486036 )
16 years ago
thomascube
4463648451
Allow a plugin to disable the cookie check
16 years ago
thomascube
826ceecab8
Don't check request token on login
16 years ago
alecpl
564a2ba793
- Help plugin
...
- support 'dummy' task (for plugins)
16 years ago
thomascube
5499336fef
Use global request tokens and automatically protect all POST requests
16 years ago
thomascube
e48a10a0d7
Add option to enforce https connections
16 years ago
alecpl
3a2b270c9d
- always call logout action as task ( #1485919 )
16 years ago
alecpl
0ce119869d
- use preg functions instead of ereg functions
16 years ago
alecpl
d51c93b43e
- get rid of some hardcoded action names and move decission about output compression to the user
16 years ago
svncommit
f22c2cefb4
Really, really logout (fixes r2467).
16 years ago
thomascube
cc97ea0559
Merged branch devel-api (from r2208 to r2387) back into trunk (omitting some sample plugins)
16 years ago
thomascube
48ee693f49
Partially reverted r2339 + fix indentation
16 years ago
svncommit
93adb3fc1b
Fixed check-recent [richs]
16 years ago
alecpl
0129d7c914
- Fix authentication when submitting form with existing session ( #1485679 )
16 years ago
till
cbbef379a5
* bumping up copyright (happy new year ;-))
16 years ago
alecpl
133bb07f78
- performance: skip imap connection for attachments actions
...
- created attachments.inc file for attachment upload, remove and display actions
16 years ago
alecpl
39cd51aff5
- performance: connect to imap server only when needed
...
(some mail actions do not require imap connection)
16 years ago
alecpl
7342d7ef8c
- re-fix r2095
16 years ago
alecpl
b2265aea86
#1485584 : display proper warning on login with empty user and pass
16 years ago
alecpl
d2993ee4db
- added BYE response simple support to prevent from endless loops in imap.inc ( #1483956 )
16 years ago
svncommit
c9ca6ada03
added obscure ASCII encoding aliases, added more error checking to RFC2822 date parsing
16 years ago
thomascube
835ae8516a
Fix some recently introduced bugs
16 years ago
thomascube
c8a21d646c
Killed one more global var + log logins to a separate file (not console)
16 years ago
thomascube
48aff91f7e
Moved code block to a more appropriate position + codestyle
16 years ago
svncommit
f5aa16541e
Add folder hierarchy collapsing.
16 years ago
thomascube
2e3ce3e765
Add rcube name prefixes + codestyle
16 years ago
thomascube
8c72e33d37
Show appropriate error message if config files are missing
17 years ago
thomascube
c719f3c1e0
Store compose parameters in session and redirect to a unique URL
17 years ago
thomascube
6ea6c9b96e
Simplify step inclusion in controller (index.php)
17 years ago
thomascube
83a7636872
More code cleanup
17 years ago
svncommit
5e0045b128
Add option to log successful logins.
17 years ago
alecpl
a6f90e1b2b
-fixed disclaimer
17 years ago
thomascube
1854c4525b
More code cleanup + oop-ization
17 years ago
alecpl
bbf15d8115
- fixed task setting on login
17 years ago
thomascube
197601ef5f
Next step: introduce the application class 'rcmail' and get rid of some global vars
17 years ago
thomascube
47124c2279
Changed codebase to PHP5 with autoloader + added some new classes from the devel-vnext branch
17 years ago
alecpl
6d2714b3b3
#1484972 : optimization: mark as read in one action with preview, deleted redundant quota reads
17 years ago
alecpl
eaa39477bd
#1483863 : empty trash and expunge inbox on logout
17 years ago
thomascube
967b342039
Disable installer by default; add config option to enable it again
17 years ago
till
d7a2878d09
* committed patch from #1484231
17 years ago
till
03fcc16896
* fixing warning reported in #1484851
17 years ago
thomascube
0714b7e09d
Add config parameter to disable the installer warning
17 years ago
thomascube
330127a612
Disable PHP notices + check for installer script on login page
17 years ago
till
23b8701079
* changed version ;)
17 years ago
till
8d3e2a54ba
* reverting patch from #1484236
17 years ago
svncommit
4315b0086b
added ability to insert attached images in HTML editor
17 years ago
thomascube
fba1f5ab81
New class rcube_user + send message disposition notification
17 years ago
thomascube
fc67251839
Show appropriate warning on connection error
17 years ago
thomascube
b9183e5fd4
Use common function to mark the user session as not logged in
17 years ago
till
234c0d0ab0
* changed sessid to roundcube_sessid ( #1484475 )
18 years ago
till
969cefa581
# fixed : #1484517
18 years ago
thomascube
88f66ec89c
Fix bugs introduced with latest changes
18 years ago
thomascube
719a257f0c
Some bugfixes, security issues + minor improvements
18 years ago
thomascube
6d969b4d90
Documentation, code style and cleanup
18 years ago
svncommit
8094288d23
fixed html2text in editor
18 years ago
svncommit
570f0bb4a6
fixed HTML->Plain conversion
18 years ago
thomascube
8d07583f39
Use HTTP-POST requests for actions that change application state
18 years ago
thomascube
6ae6e41fb3
Updated description files and version info
18 years ago
thomascube
f1154163b0
Merged branch devel-addressbook from r443 back to trunk
18 years ago
thomascube
f15c26869c
Don't allow empty user names but empty passwords
18 years ago
thomascube
aad6e2a9c4
New session authentication, should fix bugs #1483951 and #1484299 ; testing required
18 years ago