Commit Graph

278 Commits (c25616b3b56c633dd63f1e3ad7eaaa0eb2922a4b)

Author SHA1 Message Date
Aleksander Machniak 1c239c90d9 Fix XSS issue in handling of CDATA in HTML messages 5 years ago
Aleksander Machniak 233beea354 Fix identity selection on reply when both sender and recipient addresses are included in identities (#7211) 5 years ago
Aleksander Machniak d3bedca7f8 Fix malformed characters in HTML message with charset meta tag not in head (#7116) 5 years ago
Aleksander Machniak d025351d64 Fix bug where 'text' attribute on body tag was ignored when displaying HTML message (#7109) 5 years ago
Aleksander Machniak 71990b59d6 Fix db_prefix handling in queries with `TRUNCATE TABLE <name>` and `UNIQUE <name>` (#7013) 5 years ago
PhilW 714ea7b128 add unit tests for rcmail_output_html::get_template_logo 5 years ago
Aleksander Machniak da2ebb272a Add basic test for attachment_reminder plugin 5 years ago
Aleksander Machniak 1b8e01e324 Cleanup unused code 5 years ago
johndoh 57960b1cab add messages for in_array_nocase tests (#6957) 5 years ago
Aleksander Machniak 27bfd0884e Drop rcube_browser::$lang property
You should use Accept-Language header instead, as we do in other place
5 years ago
Aleksander Machniak 1a10074b85 Add Edge browser detection 5 years ago
Aleksander Machniak f5d6a242a8 Remove useless properties from rcube_browser 5 years ago
Aleksander Machniak 21ebf3ff5a Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896) 5 years ago
Aleksander Machniak 63730cf842 Fix security issue where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897) 5 years ago
Aleksander Machniak 057fb69bb9 Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899) 5 years ago
Aleksander Machniak 7bf868767e Fix security issue where it was possible to bypass the position:fixed CSS check in received messages (#6898) 5 years ago
Aleksander Machniak e88e0c16c9 Move rcmail (and future rcmail_*) class tests to tests/Rcmail directory 5 years ago
Aleksander Machniak bfe2bc17d7 Fix css styles leak from replied/forwarded message to the rest of the composed text (#6831)
Generally do the same with styles what we do on message preview.

This also fixes small bugs in handling styles:
- fix so <style> tag on the start of the HTML content is not ignored
- fix so body's background/bgcolor attributes are applied to the container (regression)
5 years ago
Aleksander Machniak 0a0ad2c9b7 Switch to IDNA2008 variant (#6806)
After switching IDNA_NONTRANSITIONAL_TO_ASCII on, switch to
IDNA2008 variant in Net_LDAP2. Add test, update changelog.
6 years ago
Aleksander Machniak ce52b04051 Update changelog, add some tests for rcube_utils::parse_host() 6 years ago
Aleksander Machniak 7c8ce07e8c Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758) 6 years ago
Aleksander Machniak 55cca61134 Workaround more invalid HTML cases parsed incorrectly by Mastermind/HTML5 (#6713) 6 years ago
Aleksander Machniak 57c67db029 Remove year(s) from copyright headers + some cleanup 6 years ago
Aleksander Machniak 92ed0154d5 Followup fix on handling HTML content w/o html/head/body tag (#6713) 6 years ago
Aleksander Machniak 03d56926d8 Fix bug in HTML parser that could cause missing text fragments when there was no head/body tag (#6713) 6 years ago
dsoares 00cc13a1b9 Fix bug where HTML messages with a xml:namespace tag were not rendered. 6 years ago
Aleksander Machniak 881b344fba Fix regression in vcard parser 6 years ago
Aleksander Machniak 7a49b48dc1 Fix handling of empty entries in vCard import (#6564) 6 years ago
Aleksander Machniak 36485dfc34 Prevent from using deprecated timezone names from jsTimezoneDetect
For better interoperability of plugins such as Calendar, for example
issue see: https://git.kolab.org/T2666.
6 years ago
Aleksander Machniak 0a0ac045fe Fix bug where valid content between HTML comments could have been skipped in some cases (#6464) 6 years ago
Aleksander Machniak 0dee528adb Add test for #6410 6 years ago
Aleksander Machniak 086e781b8f Fix bug where some HTML comments could have been malformed by HTML parser (#6333) 7 years ago
Aleksander Machniak 3d0b2cd3ce Pass PEAR errors to rcube::raise_error(), small CS improvements 7 years ago
Aleksander Machniak 0716d499bc Fix bug where some escape sequences in html styles could bypass security checks 7 years ago
Aleksander Machniak 63d3ad11fb Use Masterminds/HTML5 parser for HTML5 support (#5761) 7 years ago
Aleksander Machniak b2bebe531a Fix bug where usernames without domain part could be malformed or converted to lower-case on logon (#6224) 7 years ago
Aleksander Machniak f36e23b778 Fix parsing date strings (e.g. from a Date: mail header) with comments (#6216) 7 years ago
Aleksander Machniak 0f3ad342f7 Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() (#6212) 7 years ago
Aleksander Machniak 1058924e21 Move some framework classes to sub-directories 7 years ago
Aleksander Machniak d07b032bcd Refactor cache code with separate engine-specific classes 7 years ago
Aleksander Machniak 9d2b303b51 Fix bug in remote content blocking on HTML image and style tags (#6178) 7 years ago
Daniel Kesselberg a8d5547163 Update idn convertion methods (#6115)
* Add more test cases
* Update phpdoc
7 years ago
Aleksander Machniak 63a7d2313f Improve SMTPUTF8 support and fix relaxed email validation issues 7 years ago
Daniel Kesselberg a3504cb3b8 Add unit test for IDN (#6114) 7 years ago
Aleksander Machniak a0374f3c45 Fix mangled non-ASCII characters in links in HTML messages (#6028) 7 years ago
Aleksander Machniak 5e08a6ac59 Handle remote stylesheets the same as remote images, ask the user to allow them (#5994)
Fixes the issue where remote stylesheet could have been blocked
if the message contained no remote images and user have no way to
allow that content.
7 years ago
Aleksander Machniak 3196d656db Fix css conflicts in user interface and e-mail content (#5891)
... by adding prefix to element/class identifiers
Also cleaned up some code and removed global variable use.
7 years ago
Aleksander Machniak 5d16751ed8 Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 7 years ago
Filippo Tessarotto e5e37928d4 Add Travis CI 7 years ago
Thomas Bruederli 1cfc024036 Modify links in html messages during Washtml DOM traversal
This is a more safe approach than using regex and mitigates
possible vulnerabilities using malformed html markup.
7 years ago