Commit Graph

387 Commits (be2e3f215412dcd8e92c04ce0df3a72a8293fd39)

Author SHA1 Message Date
Thomas Bruederli 4a408843b0 Protect download urls against CSRF using unique request tokens (#1490642)
Send X-Frame-Options headers with every HTTP response
9 years ago
Aleksander Machniak a15d877ba8 Added brute-force attack prevention via login rate limit (#1490566) 9 years ago
Aleksander Machniak 454b0b1ca9 Remove deprecated rcmail and rcube_imap methods 9 years ago
Aleksander Machniak 2aa9ee56fd Fix so disabling emoticons plugin really removes emoticons button from HTML editor 9 years ago
Aleksander Machniak a5c03db798 Security: Added options to validate username/password on logon (#1490500) 9 years ago
Aleksander Machniak c1bbf0d0b6 After failed login wait a second to slow down brute-force attacks (#1490549) 9 years ago
Aleksander Machniak 26086981a2 Improve randomness of security tokens (#1490529) 9 years ago
Aleksander Machniak e2f605d44d Fallback to C locale 9 years ago
Aleksander Machniak 3c29c7e858 Fix various issues with Turkish (and similar) locales (#1490519) 9 years ago
Aleksander Machniak c4daf3f14f Fix regression in converting signatures to text, fixed PHP warning in html2text() call 9 years ago
Aleksander Machniak a63f14ec40 Emoticons-related code refactoring
- Emoticons: All emoticons-related functionality is handled by the plugin now
- Emoticons: Added option to switch on/off emoticons in compose editor (#1485732)
- Emoticons: Added option to switch on/off emoticons in plain text messages
- Plugin API: Added disabled_plugins an disabled_buttons options in html_editor hook
- Plugin API: Added html2text hook
9 years ago
Aleksander Machniak 1b39d9a6c7 PHP7: Fixed some E_WARNING errors that previously were E_STRICT 9 years ago
Aleksander Machniak 08bb20f261 Don't use deprecated functions/constants (from bc.inc) 9 years ago
Aleksander Machniak 9d78c68cbf Fix so imap folder attribute comparisons are case-insensitive (#1490466)
+ make in_array_nocase() much faster for ASCII strings
9 years ago
Aleksander Machniak a958748947 CS fixes 10 years ago
Aleksander Machniak b782815dac Fix XSS vulnerability in _mbox argument handling (#1490417) 10 years ago
Aleksander Machniak 03aa84f784 Fix bug where some files could have "executable" extension when stored in temp folder (#1490377) 10 years ago
Aleksander Machniak 216b31dd99 Fix so "over quota" errors are displayed also in message compose page
This also fixes over quota responses on cyrus imap which uses "Over quota" string and no error identifier.
10 years ago
Aleksander Machniak 3665d1e8ec Merge pull request #259 from corbosman/plugin_preload
Plugin preload
10 years ago
corbosman de89d46be2 Load plugins before sessions have started
Move the plugin loading phase to before sessions have started allowing plugins to add session drivers.  Plugins that want to use this should define an "onload" method in their plugins. This method does not have access to variables like $task as they are not yet initialised at that time.
10 years ago
Aleksander Machniak c6efcf5e6d Fix blocked.gif image usage with assets_dir set 10 years ago
Aleksander Machniak 7259529fad Get rid of requests whitelist for security check bypass 10 years ago
Aleksander Machniak 681ba6fc3c Improve system security by using optional special URL with security token
Allows to define separate server/path for image/js/css files
Fix bugs where CSRF attacks were still possible on some requests
10 years ago
Aleksander Machniak f7f4672649 Fix regression in rcmail::show_bytes() where unit was set to "[]" instead of "B" 10 years ago
Aleksander Machniak 0b36d15157 Add method to display operation (uploading) progress in UI message 10 years ago
Aleksander Machniak 2dfad0a564 Make upload progress text more compact.
E.g. "500 KB of 10 MB" becomes "0.5 of 10 MB"
10 years ago
Aleksander Machniak 71dbeeee10 Skip unnecessary session updates on task switch - switch session task less often (#1490116) 10 years ago
andryyy 383724eb97 Update rcmail.php
Typo
10 years ago
Aleksander Machniak dcc4469844 Don't init output in CLI mode
Fixes infinite recurssion on raise_error() call when executing scripts
out of the INSTALL_PATH. Also use 'rcube' if 'rcmail' is not needed.
10 years ago
Aleksander Machniak 5f58127eae Added rcube_utils::resolve_url() 10 years ago
Aleksander Machniak 75bbada03b Remove code for PHP<5.3, use PHP_VERSION_ID instead of version_compare() for version checks 10 years ago
Aleksander Machniak e35eab5f94 Fix comm_path update on task switch (#1490041) 10 years ago
Thomas Bruederli 06fdaf88cb Extend rcmail::url() to produce absolute and fully qualified URLs 10 years ago
Thomas Bruederli d4783319a0 Set 'compose_extwin' env property on every step; accept a list of URL parameters for the 'compose' command 10 years ago
Aleksander Machniak 5312b71126 Allways return current folder from quota_content() 11 years ago
Aleksander Machniak b8bcca7033 Display quota information for current folder not INBOX only (#1487993) 11 years ago
Aleksander Machniak 3cc1afa1c2 Support images in HTML signatures (#1488676)
This enables image button and file browser in html editor for signatures
11 years ago
Aleksander Machniak 6d5a1b9e8f Get rid of some rcube_config::all() calls 11 years ago
Aleksander Machniak c5f06896d4 Display full quota information in popup (#1485769, #1486604) 11 years ago
Aleksander Machniak 6fa1a0da1f Extend get_quota() so it's possible to specify GETQUOTAROOT folder and return full quota info (including all roots and types, e.g. MESSAGE) - for future use 11 years ago
David Carter 4a9a0e1f0f The following:
program/steps/mail/compose.inc :: rcmail_store_target_selection()
  program/steps/settings/edit_folder.inc :: rcmail_folder_form()

both try to localise mailbox names.

Push the logic down into the folder_selector() method which can use:

  $this->config->get('show_real_foldernames')

to decide the correct default behaviour.

Clients functions and methods can still override by adding 'realnames'
named parameter to the folder_selector() call. The obvious example is
the Settings -> Preferences -> Special Folders screen.
11 years ago
Thomas Bruederli 99cdca46b7 Merge branch 'dev-accessibility'
Conflicts:
	program/include/rcmail_output_html.php
	program/js/app.js
	program/js/treelist.js
	program/lib/Roundcube/html.php
	skins/larry/styles.css
	skins/larry/templates/compose.html
11 years ago
Aleksander Machniak c5bfe69e21 Improved video support, all tinymce related resources moved to program/js/tinymce/roundcube dir 11 years ago
Thomas Bruederli 77043f8469 Apply accessibility improvements to the settings section 11 years ago
Thomas Bruederli d58c39126f Some more improvemements on content structure, text representation and keyboard navigation within the mail view 11 years ago
Aleksander Machniak b408e0bc53 Display a warning if popup window was blocked (#1489618) 11 years ago
Aleksander Machniak 646b64107a Implemented Text Editor widget that integrates all operations on
textareas including HTML editor and spellchecking
11 years ago
Aleksander Machniak 731d190fec Merge branch 'tinymce4'
Conflicts:
	program/js/app.js
	program/js/editor.js
	program/js/tiny_mce/tiny_mce.js
	program/steps/utils/spell_html.inc
11 years ago
Aleksander Machniak b21f8bd3ef Implemented image selector dialog for TinyMCE, css fixes in classic skin for TinyMCE4 11 years ago
Aleksander Machniak 48e92fcbba Add 'performance_stats' option, so perf. stats can be logged with disabled devel_mode 11 years ago
Aleksander Machniak 93e12fa414 Support upload progress with session.upload_progress and PECL uploadprogress module (#1488702) 11 years ago
Aleksander Machniak 204977598a Fix invalid host validation on login (#1489841) 11 years ago
Thomas Bruederli 8992116313 Set task variable to 'cli' when loading rcmail instance in shell scripts 11 years ago
Aleksander Machniak a12bbbaf41 Fix invalid page title for some folders (1489804) 11 years ago
Aleksander Machniak 24e63e2218 Fix deleting/moving folders from folders with name "0", "00", etc. 11 years ago
Aleksander Machniak cb29c97bf6 Fix lack of translation of special folders in some configurations (#1489799) 11 years ago
Aleksander Machniak eddaf0b5f6 Merge branch 'master' of github.com:roundcube/roundcubemail 11 years ago
Aleksander Machniak 70c0d25684 Make sure preformance info logged in devel_mode uses locale-independent number format 11 years ago
Thomas Bruederli 188247894f Make multi-folder message identifiers work with folders containing commas 11 years ago
Thomas Bruederli 518963d1d4 Fix _uid=* case for regular selections 11 years ago
Thomas Bruederli f0c94a3dc3 Don't display error when moving a message to the same folder it already resides 11 years ago
Thomas Bruederli 0f48e6e660 Fix message UID extraction for _uid=*; update unread count for all affected mailboxes 11 years ago
Thomas Bruederli 0456f728ee Make UID extraction function globally availbale (for plugins) 11 years ago
Aleksander Machniak adaddf0b18 Improve error message on failed http connection 11 years ago
Aleksander Machniak dc0b500e78 Removed redundant default_folders config option (#1489737)
Implemented IMAP SPECIAL-USE extension support [RFC6154] (#1487830)
11 years ago
Thomas Bruederli 2b05c5e9ec Render 'now' dates in short form, too 11 years ago
Aleksander Machniak 1597c8a0c2 Make sure parent folder selector always contains parent folder
of current folder, even if it does not exist
11 years ago
Thomas Bruederli ce20194266 Add setter for user object to rcube class; we already have getters for various user properties there 11 years ago
Thomas Bruederli 9ba4967a73 Create class documentation with latest phpdoc utility 11 years ago
Aleksander Machniak 3509a8e5f8 Do not use rcube_config::all() 11 years ago
Aleksander Machniak 4da065e8a9 Check/create default folders on every login not only the first (#1489423) 11 years ago
Aleksander Machniak 6fa5b437a4 Update to TinyMCE 4.x 11 years ago
Aleksander Machniak 0301d9347f CS fixes 11 years ago
Aleksander Machniak f5d2eef55c More CS fixes, replace global $CONFIG usage with $RCMAIL->config->get() 11 years ago
Aleksander Machniak 6b2b2eca5f Remove deprecated functions (these listed in bc.php file) usage 11 years ago
Aleksander Machniak 9a0153324e Implemented menu actions to copy/move messages, added folder-selector widget (#1484086) 11 years ago
Aleksander Machniak edca654ef0 Fix quota image broken in e71ceb0c98 (#1489467) 11 years ago
Thomas Bruederli 85e60ada15 First version of the local storage compose data saving feature; some behavioral improvements and encrytion are still to be added 11 years ago
Thomas Bruederli 98b7b548a2 Merge branch 'dev-canned-responses'
Conflicts (resolved):
	skins/classic/includes/settingstabs.html
	skins/larry/includes/settingstabs.html
11 years ago
Thomas Bruederli 9c41ba3c9e Allow sysadmins to define static responses which are immutable for the user 11 years ago
Aleksander Machniak 96f59c6150 Add option force specified domain in user login - username_domain_forced (#1489264) 11 years ago
Thomas Bruederli 4f432f880a Make result of rcmail::get_compose_responses() always an (indexed) array; add plugin hook for updating user prefs: 'preferences_update' 11 years ago
Thomas Bruederli 460a3eaaac Fix indentation 11 years ago
Thomas Bruederli 0ce2126ac9 New settings section to manage canned responses 11 years ago
Aleksander Machniak 0f5574913f Fix "PHP Warning: Missing argument 1 for rcmail::log_login()" 11 years ago
Aleksander Machniak 060467df9d Log also failed logins to userlogins log 11 years ago
Aleksander Machniak 62350ba021 Fix bugs when invoking contact creation form when read-only addressbook is selected (#1489296) 11 years ago
Thomas Bruederli deb2b8d080 Allow to load config files for different environments (#1487311); keep (non-default) filename in URLs throughout the webmail app 12 years ago
Aleksander Machniak 9df7e17043 Disable workaround for http://bugs.php.net/bug.php?id=18556 if PHP 5.5 is detected 12 years ago
Aleksander Machniak 39b905b7a8 Canonize boolean ini_get() results (#1489189) 12 years ago
Thomas Bruederli dd54725b21 Merge branch 'dev-advanced-ldap-groups':
- Refactoring: separated address book implementation from generic LDAP wrapper class
- Auto-detect and use VLV indices for all search operations
- Additional group configuration options for LDAP address books
- Allow address books to display a multi-level group hierarchy in the contacts list
12 years ago
Aleksander Machniak 3dbe4f79e4 Fix session issues when local and database time differs (#1486132)
Improve performance by executing session gc on script shutdown, also call session_write_close() ASAP
12 years ago
Aleksander Machniak ae80b5a309 Fix error when there's no writeable addressbook source (#1489162) 12 years ago
Aleksander Machniak 85e65c3c76 Improvements to PR merge "add option show_real_foldernames" 12 years ago
Aleksander Machniak 174327c25c Merge pull request #77 from dpc22/realnames
Add show_real_foldernames preference and configuration option.
12 years ago
Aleksander Machniak 4fee776e51 Small code improvement 12 years ago
Thomas Bruederli 42de33c7de Add option to use PHP's native session save handlers 12 years ago
David Carter 149f8a00cc Change show_actual_foldernames to be show_real_foldernames.
Change requested by alec@alec.pl.
12 years ago
David Carter 52deb18d96 Add show_actual_foldernames preference and configuration option.
When enabled this setting shows actual folder names rather than
the localised verions for the four default folders:

$rcmail_config['default_folders'] =
  array('INBOX', 'Drafts', 'sent-mail', 'spam', 'Trash');
12 years ago
Thomas Bruederli 0b9a7bcde3 Move rcmail::deliver_message() to framework for common use 12 years ago