Thomas Bruederli
4a408843b0
Protect download urls against CSRF using unique request tokens ( #1490642 )
...
Send X-Frame-Options headers with every HTTP response
9 years ago
Aleksander Machniak
a15d877ba8
Added brute-force attack prevention via login rate limit ( #1490566 )
9 years ago
Aleksander Machniak
454b0b1ca9
Remove deprecated rcmail and rcube_imap methods
9 years ago
Aleksander Machniak
2aa9ee56fd
Fix so disabling emoticons plugin really removes emoticons button from HTML editor
9 years ago
Aleksander Machniak
a5c03db798
Security: Added options to validate username/password on logon ( #1490500 )
9 years ago
Aleksander Machniak
c1bbf0d0b6
After failed login wait a second to slow down brute-force attacks ( #1490549 )
9 years ago
Aleksander Machniak
26086981a2
Improve randomness of security tokens ( #1490529 )
9 years ago
Aleksander Machniak
e2f605d44d
Fallback to C locale
9 years ago
Aleksander Machniak
3c29c7e858
Fix various issues with Turkish (and similar) locales ( #1490519 )
9 years ago
Aleksander Machniak
c4daf3f14f
Fix regression in converting signatures to text, fixed PHP warning in html2text() call
9 years ago
Aleksander Machniak
a63f14ec40
Emoticons-related code refactoring
...
- Emoticons: All emoticons-related functionality is handled by the plugin now
- Emoticons: Added option to switch on/off emoticons in compose editor (#1485732 )
- Emoticons: Added option to switch on/off emoticons in plain text messages
- Plugin API: Added disabled_plugins an disabled_buttons options in html_editor hook
- Plugin API: Added html2text hook
9 years ago
Aleksander Machniak
1b39d9a6c7
PHP7: Fixed some E_WARNING errors that previously were E_STRICT
9 years ago
Aleksander Machniak
08bb20f261
Don't use deprecated functions/constants (from bc.inc)
9 years ago
Aleksander Machniak
9d78c68cbf
Fix so imap folder attribute comparisons are case-insensitive ( #1490466 )
...
+ make in_array_nocase() much faster for ASCII strings
9 years ago
Aleksander Machniak
a958748947
CS fixes
10 years ago
Aleksander Machniak
b782815dac
Fix XSS vulnerability in _mbox argument handling ( #1490417 )
10 years ago
Aleksander Machniak
03aa84f784
Fix bug where some files could have "executable" extension when stored in temp folder ( #1490377 )
10 years ago
Aleksander Machniak
216b31dd99
Fix so "over quota" errors are displayed also in message compose page
...
This also fixes over quota responses on cyrus imap which uses "Over quota" string and no error identifier.
10 years ago
Aleksander Machniak
3665d1e8ec
Merge pull request #259 from corbosman/plugin_preload
...
Plugin preload
10 years ago
corbosman
de89d46be2
Load plugins before sessions have started
...
Move the plugin loading phase to before sessions have started allowing plugins to add session drivers. Plugins that want to use this should define an "onload" method in their plugins. This method does not have access to variables like $task as they are not yet initialised at that time.
10 years ago
Aleksander Machniak
c6efcf5e6d
Fix blocked.gif image usage with assets_dir set
10 years ago
Aleksander Machniak
7259529fad
Get rid of requests whitelist for security check bypass
10 years ago
Aleksander Machniak
681ba6fc3c
Improve system security by using optional special URL with security token
...
Allows to define separate server/path for image/js/css files
Fix bugs where CSRF attacks were still possible on some requests
10 years ago
Aleksander Machniak
f7f4672649
Fix regression in rcmail::show_bytes() where unit was set to "[]" instead of "B"
10 years ago
Aleksander Machniak
0b36d15157
Add method to display operation (uploading) progress in UI message
10 years ago
Aleksander Machniak
2dfad0a564
Make upload progress text more compact.
...
E.g. "500 KB of 10 MB" becomes "0.5 of 10 MB"
10 years ago
Aleksander Machniak
71dbeeee10
Skip unnecessary session updates on task switch - switch session task less often ( #1490116 )
10 years ago
andryyy
383724eb97
Update rcmail.php
...
Typo
10 years ago
Aleksander Machniak
dcc4469844
Don't init output in CLI mode
...
Fixes infinite recurssion on raise_error() call when executing scripts
out of the INSTALL_PATH. Also use 'rcube' if 'rcmail' is not needed.
10 years ago
Aleksander Machniak
5f58127eae
Added rcube_utils::resolve_url()
10 years ago
Aleksander Machniak
75bbada03b
Remove code for PHP<5.3, use PHP_VERSION_ID instead of version_compare() for version checks
10 years ago
Aleksander Machniak
e35eab5f94
Fix comm_path update on task switch ( #1490041 )
10 years ago
Thomas Bruederli
06fdaf88cb
Extend rcmail::url() to produce absolute and fully qualified URLs
10 years ago
Thomas Bruederli
d4783319a0
Set 'compose_extwin' env property on every step; accept a list of URL parameters for the 'compose' command
10 years ago
Aleksander Machniak
5312b71126
Allways return current folder from quota_content()
11 years ago
Aleksander Machniak
b8bcca7033
Display quota information for current folder not INBOX only ( #1487993 )
11 years ago
Aleksander Machniak
3cc1afa1c2
Support images in HTML signatures ( #1488676 )
...
This enables image button and file browser in html editor for signatures
11 years ago
Aleksander Machniak
6d5a1b9e8f
Get rid of some rcube_config::all() calls
11 years ago
Aleksander Machniak
c5f06896d4
Display full quota information in popup ( #1485769 , #1486604 )
11 years ago
Aleksander Machniak
6fa1a0da1f
Extend get_quota() so it's possible to specify GETQUOTAROOT folder and return full quota info (including all roots and types, e.g. MESSAGE) - for future use
11 years ago
David Carter
4a9a0e1f0f
The following:
...
program/steps/mail/compose.inc :: rcmail_store_target_selection()
program/steps/settings/edit_folder.inc :: rcmail_folder_form()
both try to localise mailbox names.
Push the logic down into the folder_selector() method which can use:
$this->config->get('show_real_foldernames')
to decide the correct default behaviour.
Clients functions and methods can still override by adding 'realnames'
named parameter to the folder_selector() call. The obvious example is
the Settings -> Preferences -> Special Folders screen.
11 years ago
Thomas Bruederli
99cdca46b7
Merge branch 'dev-accessibility'
...
Conflicts:
program/include/rcmail_output_html.php
program/js/app.js
program/js/treelist.js
program/lib/Roundcube/html.php
skins/larry/styles.css
skins/larry/templates/compose.html
11 years ago
Aleksander Machniak
c5bfe69e21
Improved video support, all tinymce related resources moved to program/js/tinymce/roundcube dir
11 years ago
Thomas Bruederli
77043f8469
Apply accessibility improvements to the settings section
11 years ago
Thomas Bruederli
d58c39126f
Some more improvemements on content structure, text representation and keyboard navigation within the mail view
11 years ago
Aleksander Machniak
b408e0bc53
Display a warning if popup window was blocked ( #1489618 )
11 years ago
Aleksander Machniak
646b64107a
Implemented Text Editor widget that integrates all operations on
...
textareas including HTML editor and spellchecking
11 years ago
Aleksander Machniak
731d190fec
Merge branch 'tinymce4'
...
Conflicts:
program/js/app.js
program/js/editor.js
program/js/tiny_mce/tiny_mce.js
program/steps/utils/spell_html.inc
11 years ago
Aleksander Machniak
b21f8bd3ef
Implemented image selector dialog for TinyMCE, css fixes in classic skin for TinyMCE4
11 years ago
Aleksander Machniak
48e92fcbba
Add 'performance_stats' option, so perf. stats can be logged with disabled devel_mode
11 years ago
Aleksander Machniak
93e12fa414
Support upload progress with session.upload_progress and PECL uploadprogress module ( #1488702 )
11 years ago
Aleksander Machniak
204977598a
Fix invalid host validation on login ( #1489841 )
11 years ago
Thomas Bruederli
8992116313
Set task variable to 'cli' when loading rcmail instance in shell scripts
11 years ago
Aleksander Machniak
a12bbbaf41
Fix invalid page title for some folders (1489804)
11 years ago
Aleksander Machniak
24e63e2218
Fix deleting/moving folders from folders with name "0", "00", etc.
11 years ago
Aleksander Machniak
cb29c97bf6
Fix lack of translation of special folders in some configurations ( #1489799 )
11 years ago
Aleksander Machniak
eddaf0b5f6
Merge branch 'master' of github.com:roundcube/roundcubemail
11 years ago
Aleksander Machniak
70c0d25684
Make sure preformance info logged in devel_mode uses locale-independent number format
11 years ago
Thomas Bruederli
188247894f
Make multi-folder message identifiers work with folders containing commas
11 years ago
Thomas Bruederli
518963d1d4
Fix _uid=* case for regular selections
11 years ago
Thomas Bruederli
f0c94a3dc3
Don't display error when moving a message to the same folder it already resides
11 years ago
Thomas Bruederli
0f48e6e660
Fix message UID extraction for _uid=*; update unread count for all affected mailboxes
11 years ago
Thomas Bruederli
0456f728ee
Make UID extraction function globally availbale (for plugins)
11 years ago
Aleksander Machniak
adaddf0b18
Improve error message on failed http connection
11 years ago
Aleksander Machniak
dc0b500e78
Removed redundant default_folders config option ( #1489737 )
...
Implemented IMAP SPECIAL-USE extension support [RFC6154] (#1487830 )
11 years ago
Thomas Bruederli
2b05c5e9ec
Render 'now' dates in short form, too
11 years ago
Aleksander Machniak
1597c8a0c2
Make sure parent folder selector always contains parent folder
...
of current folder, even if it does not exist
11 years ago
Thomas Bruederli
ce20194266
Add setter for user object to rcube class; we already have getters for various user properties there
11 years ago
Thomas Bruederli
9ba4967a73
Create class documentation with latest phpdoc utility
11 years ago
Aleksander Machniak
3509a8e5f8
Do not use rcube_config::all()
11 years ago
Aleksander Machniak
4da065e8a9
Check/create default folders on every login not only the first ( #1489423 )
11 years ago
Aleksander Machniak
6fa5b437a4
Update to TinyMCE 4.x
11 years ago
Aleksander Machniak
0301d9347f
CS fixes
11 years ago
Aleksander Machniak
f5d2eef55c
More CS fixes, replace global $CONFIG usage with $RCMAIL->config->get()
11 years ago
Aleksander Machniak
6b2b2eca5f
Remove deprecated functions (these listed in bc.php file) usage
11 years ago
Aleksander Machniak
9a0153324e
Implemented menu actions to copy/move messages, added folder-selector widget ( #1484086 )
11 years ago
Aleksander Machniak
edca654ef0
Fix quota image broken in e71ceb0c98
( #1489467 )
11 years ago
Thomas Bruederli
85e60ada15
First version of the local storage compose data saving feature; some behavioral improvements and encrytion are still to be added
11 years ago
Thomas Bruederli
98b7b548a2
Merge branch 'dev-canned-responses'
...
Conflicts (resolved):
skins/classic/includes/settingstabs.html
skins/larry/includes/settingstabs.html
11 years ago
Thomas Bruederli
9c41ba3c9e
Allow sysadmins to define static responses which are immutable for the user
11 years ago
Aleksander Machniak
96f59c6150
Add option force specified domain in user login - username_domain_forced ( #1489264 )
11 years ago
Thomas Bruederli
4f432f880a
Make result of rcmail::get_compose_responses() always an (indexed) array; add plugin hook for updating user prefs: 'preferences_update'
11 years ago
Thomas Bruederli
460a3eaaac
Fix indentation
11 years ago
Thomas Bruederli
0ce2126ac9
New settings section to manage canned responses
11 years ago
Aleksander Machniak
0f5574913f
Fix "PHP Warning: Missing argument 1 for rcmail::log_login()"
11 years ago
Aleksander Machniak
060467df9d
Log also failed logins to userlogins log
11 years ago
Aleksander Machniak
62350ba021
Fix bugs when invoking contact creation form when read-only addressbook is selected ( #1489296 )
11 years ago
Thomas Bruederli
deb2b8d080
Allow to load config files for different environments ( #1487311 ); keep (non-default) filename in URLs throughout the webmail app
12 years ago
Aleksander Machniak
9df7e17043
Disable workaround for http://bugs.php.net/bug.php?id=18556 if PHP 5.5 is detected
12 years ago
Aleksander Machniak
39b905b7a8
Canonize boolean ini_get() results ( #1489189 )
12 years ago
Thomas Bruederli
dd54725b21
Merge branch 'dev-advanced-ldap-groups':
...
- Refactoring: separated address book implementation from generic LDAP wrapper class
- Auto-detect and use VLV indices for all search operations
- Additional group configuration options for LDAP address books
- Allow address books to display a multi-level group hierarchy in the contacts list
12 years ago
Aleksander Machniak
3dbe4f79e4
Fix session issues when local and database time differs ( #1486132 )
...
Improve performance by executing session gc on script shutdown, also call session_write_close() ASAP
12 years ago
Aleksander Machniak
ae80b5a309
Fix error when there's no writeable addressbook source ( #1489162 )
12 years ago
Aleksander Machniak
85e65c3c76
Improvements to PR merge "add option show_real_foldernames"
12 years ago
Aleksander Machniak
174327c25c
Merge pull request #77 from dpc22/realnames
...
Add show_real_foldernames preference and configuration option.
12 years ago
Aleksander Machniak
4fee776e51
Small code improvement
12 years ago
Thomas Bruederli
42de33c7de
Add option to use PHP's native session save handlers
12 years ago
David Carter
149f8a00cc
Change show_actual_foldernames to be show_real_foldernames.
...
Change requested by alec@alec.pl .
12 years ago
David Carter
52deb18d96
Add show_actual_foldernames preference and configuration option.
...
When enabled this setting shows actual folder names rather than
the localised verions for the four default folders:
$rcmail_config['default_folders'] =
array('INBOX', 'Drafts', 'sent-mail', 'spam', 'Trash');
12 years ago
Thomas Bruederli
0b9a7bcde3
Move rcmail::deliver_message() to framework for common use
12 years ago