183f68f387
Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length ( #5788 )
9 years ago
9bfacb4d3c
Fix bug where comment notation within style tag would cause the whole style to be ignored ( #5747 )
9 years ago
cbd35626f7
Better fix for XSS in style tags ( fa2824fdc)
9 years ago
fa2824fdcd
Fix XSS issue in handling of a style tag inside of an svg element
9 years ago
f90f22ffb8
Fix bug where image data URIs in css style were treated as evil/remote in mail preview ( #5580 )
9 years ago
9eac1dd513
Fix bug where it wasn't possible to store more that 2MB objects in memcache/apc ( #5452 )
...
Added memcache_max_allowed_packet and apc_max_allowed_packet settings
9 years ago
fcf1a988a1
Wash position:fixed style in HTML mail for better security ( #5264 )
10 years ago
fa0769dc0e
Better time handling in rcube_utils::clean_datestr()
10 years ago
0e15c9bd45
Remove debug code
10 years ago
4624b22967
Managesieve: Fix parsing of vacation date-time with non-default date_format ( #5372 )
...
Added new method rcube_utils::format_datestr() to convert date_format date
into ISO date format.
10 years ago
b1217807f3
Fix bug where microsecond format in logged date didn't work in some cases
10 years ago
06d09b23c6
Fix handling of --delete argument in moduserprefs.sh script ( #5296 )
10 years ago
cbe701ac4a
Fix rcube_utils::words_match() to work with mixed/invalid/binary content (T844)
10 years ago
7e3298753a
Use ternary operator where aplicable
10 years ago
a03233ceba
CS fixes
10 years ago
b2b9b591ce
Fix handling random_bytes() errors in PHP 7.0.0RC3
10 years ago
e85bbc9e9c
random_bytes() can throw an exception in some cases, since PHP 7.0.0rc3
10 years ago
26086981a2
Improve randomness of security tokens ( #1490529 )
10 years ago
f00e1f5333
CS fixes
10 years ago
7a42173a16
Simplify rcube_utils::check_ip()
11 years ago
6b31846c43
Fix IPv6 address validation on PHP with disabled IPv6 support
11 years ago
93e64008a6
Small code improvements
11 years ago
8447bae77c
Require Mbstring and OpenSSL extensions ( #1490415 ) - remove redundant code
11 years ago
9aae1b7fc3
Fix so microseconds macro (u) in log_date_format works ( #1490446 )
11 years ago
a958748947
CS fixes
11 years ago
3994b3a26c
Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key ( #1490402 )
11 years ago
c32998084d
Add untility function to match strings ignoring word order
11 years ago
e8b82c2e7b
Fix rcube_utils::normalize_string() to support unicode characters + add argument for minimum token length
11 years ago
09c58d1add
Make rcube_utils::strtotime() timezone aware ( #1490163 )
11 years ago
787a421846
Fix rcube_utils::anytodatetime() with no timezone specified
11 years ago
848e204ef9
Fix validation of email addresses with IDNA domains ( #1490067 )
11 years ago
29c24e647c
Get rid of DIRECTORY_SEPARATOR for consistency
11 years ago
5f58127eae
Added rcube_utils::resolve_url()
12 years ago
75bbada03b
Remove code for PHP<5.3, use PHP_VERSION_ID instead of version_compare() for version checks
12 years ago
cc850263d4
Add optional timezone argument for date conversion
12 years ago
49dad5f669
Fix broken normalize_string(), add support for ISO-8859-2
12 years ago
30e6b980a6
Remove usage of $RCMAIL global variable
12 years ago
ef721fc430
Add config variable 'proxy_whitelist'
...
HTTP headers X_FORWARDED_* and X_REAL_IP are only evaluated when
received from an IP listed in proxy_whitelist. Furthermore, only the
last non-trusted IP from X-Forwarded-For is used in place of the real
ip.
Without this, an attacker can easily spoof the headers and control the
result of the ip or ssl check.
This fixes several problems with [3a4c9f424d480b36a520f331#1489729 .
12 years ago
517c9f9a8d
Fix directories check in Installer on Windows ( #1489576 )
...
Added rcube_utils::is_absolute_path() method
12 years ago
f6d23a8dce
Fix PHP warning when 1st argument of parse_host() is not a string ( #1489486 )
12 years ago
a520f331c1
Fix handling of X-Forwarded-For header with multiple addresses ( #1489481 )
12 years ago
d19c0f9f30
In normalize_string() replace 4-byte unicode characters with '?' character.
...
These are not supported in default utf-8 charset on mysql,
the chance we'd need them in searching is very low.
12 years ago
b1f3c3bee8
Fixed saving contact birthday/anniversary dates before 01-01-1970
12 years ago
fdb30f3279
Fix CSS selector modifications when nested in @media blocks
12 years ago
ff6de99ae4
Some micro-optimizations
12 years ago
d1abd8e339
Fix infinite loop in rcube_utils::mod_css_styles() after recent changes in rcube_string_replacer
12 years ago
af79a7b837
Fixed issues where HTML comments inside style tag would hang Internet Explorer
12 years ago
eafd5b1aa4
Improved mailto: link arguments handling ( #1489363 )
12 years ago
52830ea605
Improve handling of date strings and DateTime values in contacts
12 years ago
b32fab16ef
Fix handling of non-default date formats ( #1489294 )
...
- remove ambiguous m/d/Y format from default config
13 years ago
Aleksander Machniak