Commit Graph

161 Commits (bbce3edd61d05e0aa0bade7364315f7840549d9e)

Author SHA1 Message Date
thomascube de62f02eed Also check referer on logout action 14 years ago
thomascube a77cf2292b Add optional referer check to prevent CSRF in GET requests 14 years ago
thomascube 784a425e07 protect login form submission from CSRF using a request token 14 years ago
thomascube cf2da2f9aa Improve session validity check with changing auth cookies; reduce writes to DB; better phpdoc 14 years ago
thomascube 32234d71d3 Better fix for login redirect, don't force mail task 14 years ago
alecpl 68d2d54100 - Move action files map from index.php to steps' func.inc files 14 years ago
thomascube 88007cf060 Fix login redirect issues (#1487686) 14 years ago
thomascube f5e7b35307 Bumbed version; Roundcube development is not Switzerland only 14 years ago
thomascube c3be8ed64c Make sure an existing session is killed/replaced when submitting login form 14 years ago
alecpl af3c045ecf - New Folder Manager UI
- Fix invalid Request when creating a folder (#1487443)
- Add folder size and quota indicator in folder manager (#1485780)
- Add possibility to move a subfolder into root folder (#1486791)
14 years ago
alecpl 5f560ee7a0 - Plugin API: Add 'pass' argument in 'authenticate' hook (#1487134) 14 years ago
alecpl 6d99f99576 - Handle situation when $IMAP object isn't initialized on log in 14 years ago
alecpl 8fcc3e1ad6 - Improved IMAP errors handling 14 years ago
alecpl 249db18585 - Fix "Server Error! (Not Found)" when using utils/save-pref action (#1487023) 14 years ago
alecpl e019f2d0f2 - s/RoundCube/Roundcube/ 14 years ago
alecpl 614c642a4b - Fix list_cols is not updated after column dragging (#1486999)
- Improved save-pref action and moved to separate file in utils task directory
- Improved http_post/http_request to support first argument in form 'task/action'
14 years ago
thomascube 4859fedb92 Fix unit tests + update version 14 years ago
alecpl b25dfd0913 - removed PHP closing tag 15 years ago
thomascube 05a631a43c Allow plugins to register their own tasks 15 years ago
alecpl 3544558f2d - Add HTTP_X_REAL_IP and HTTP_X_FORWARDED_FOR to successful logins log (#1486441) 15 years ago
thomascube aa12df20e4 Add server-side plugin hooks to address group functions + better action names 15 years ago
thomascube c0297f4172 Asynchronously expand contact groups + skip count queries in autocompletion mode + check for the existance of contactgroups table 15 years ago
thomascube 3baa72a62f Implement group renaming/deleting + use more consistent names for commands and actions (#1486587) 15 years ago
thomascube a61bbb24aa Added basic contact groups feature 15 years ago
thomascube f52c936f4d Merged devel-threads branch (r3066:3364) back into trunk 15 years ago
alecpl 929a508d80 - Improve performance by avoiding unnecessary updates to the session table (#1486325) 15 years ago
alecpl 64608bf2ef - Password: Make passwords encoding consistent with core, add 'password_charset' global option (#1486473) 15 years ago
alecpl 7481dd903e - don't set task for login_after hook 15 years ago
alecpl 48bc52e835 - Fix imap_init hook broken in r3258 (#1486493) 15 years ago
alecpl 9b94eb6415 - Fix setting task name according to auth state. So, any action before user
is authenticated is assigned to 'login' task instead of 'mail'. Now binding
  plugins to 'login' task is possible and realy usefull. It's also possible 
  to bind to all tasks excluding 'login'.
15 years ago
alecpl 10eedbe75a - add file/line definitions to raise_error() calls 15 years ago
alecpl 76c94b6ba8 - Fix 'force_https' to specified port when URL contains a port number (#1486411) 15 years ago
alecpl 5818e44345 - Fix $_SERVER['HTTPS'] check for SSL forcing on IIS (#1486243) + fix port check 15 years ago
thomascube f5d61d845f Revert r3038 and allow to specify the port as value of force_https 15 years ago
alecpl b5713396f1 - fix last commit 15 years ago
alecpl ccc80d1ca8 - Fix login page loading into an iframe when session expires (#1485952) 15 years ago
alecpl 65c0a0e591 - Option 'force_https' replaced by 'force_https' plugin
- added option 'force_https_port' in 'force_https' plugin (#1486091)
15 years ago
alecpl 161c28dffc - Fix wrong headers for IE on servers without $_SERVER['HTTPS'] (#1485926)
- Force IE style headers for attachments in non-HTTPS session, 'use_https' option (#1485655)
15 years ago
thomascube 7ef47e59a9 Add some arguments to the logout_after hook 15 years ago
thomascube d002607852 Implemented logout_after plugin hook 15 years ago
thomascube 0ddf59aeb4 Fix spell check (#1486036) 15 years ago
thomascube 4463648451 Allow a plugin to disable the cookie check 16 years ago
thomascube 826ceecab8 Don't check request token on login 16 years ago
alecpl 564a2ba793 - Help plugin
- support 'dummy' task (for plugins)
16 years ago
thomascube 5499336fef Use global request tokens and automatically protect all POST requests 16 years ago
thomascube e48a10a0d7 Add option to enforce https connections 16 years ago
alecpl 3a2b270c9d - always call logout action as task (#1485919) 16 years ago
alecpl 0ce119869d - use preg functions instead of ereg functions 16 years ago
alecpl d51c93b43e - get rid of some hardcoded action names and move decission about output compression to the user 16 years ago
svncommit f22c2cefb4 Really, really logout (fixes r2467). 16 years ago