c91d4975ff
Make sure an email address is valid when replacing it with mailto: link
10 years ago
126d099e83
Fix PHP warning when defaults.inc.php is not readable
10 years ago
699af1e520
Protect download urls against CSRF using unique request tokens ( #1490642 )
...
Send X-Frame-Options headers with every HTTP response
Conflicts:
plugins/enigma/enigma.js
plugins/enigma/lib/enigma_ui.php
program/lib/Roundcube/rcube_message.php
10 years ago
d66793f0af
Fix missing emoticons on html-to-text conversion
10 years ago
f2ff464002
Bump version to 1.1.4; update Changelog
10 years ago
89a5dcb946
Fix path traversal vulnerability in setting a skin ( #1490620 )
...
Conflicts:
CHANGELOG
10 years ago
70942083ce
After failed login wait a second to slow down brute-force attacks ( #1490549 )
10 years ago
bbef212b0e
Fallback to C locale
10 years ago
7bfe676d53
Fix various issues with Turkish (and similar) locales ( #1490519 )
10 years ago
106d47992b
Bump version and update changelog
11 years ago
19a61851ae
Fix so imap folder attribute comparisons are case-insensitive ( #1490466 )
...
+ make in_array_nocase() much faster for ASCII strings
11 years ago
15fd8f9dc7
Fix XSS vulnerability in _mbox argument handling ( #1490417 )
11 years ago
5529d94ed7
Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key ( #1490402 )
...
Conflicts:
CHANGELOG
11 years ago
f1ae19dc6b
Bump version
11 years ago
84af0db103
Fix bug where some files could have "executable" extension when stored in temp folder ( #1490377 )
11 years ago
c7a88ff0c2
Localize common error messages; improve explanation for CSRF check failures
11 years ago
2c0861495b
Bump version for next release
11 years ago
bbbd02bd6a
Fix so "over quota" errors are displayed also in message compose page
...
This also fixes over quota responses on cyrus imap which uses "Over quota" string and no error identifier.
11 years ago
9e147a36ad
Fix fatal errors on systems without mbstring extension or mb_regex_encoding() function ( #1490280 )
11 years ago
2f8b1036da
Bump version and copyright year
11 years ago
09d52dbb67
Fix some typos in comments
11 years ago
be140e827d
Don't reset 'plugins' config option when running from update.sh script
11 years ago
c6efcf5e6d
Fix blocked.gif image usage with assets_dir set
11 years ago
b737021a90
Improve plugin selection in installer; check already selected plugins
11 years ago
8e7ed506c4
Merge pull request #248 from flanpy/master
...
#1489096 : Ability to select plugins to enable in the installer
11 years ago
7259529fad
Get rid of requests whitelist for security check bypass
11 years ago
681ba6fc3c
Improve system security by using optional special URL with security token
...
Allows to define separate server/path for image/js/css files
Fix bugs where CSRF attacks were still possible on some requests
11 years ago
f7f4672649
Fix regression in rcmail::show_bytes() where unit was set to "[]" instead of "B"
11 years ago
0b36d15157
Add method to display operation (uploading) progress in UI message
11 years ago
2dfad0a564
Make upload progress text more compact.
...
E.g. "500 KB of 10 MB" becomes "0.5 of 10 MB"
11 years ago
9e4246d957
Code improvements and fixes (mostly unused variables and methods)
11 years ago
8f576d87d2
Add the ability to select plugins in the installer
11 years ago
b8837e3f43
Add the ability to enable plugins in the installer
11 years ago
8d526c4938
Fix skin path handling in plugin context ( #1488967 ):
...
The plugin skin directories are removed again from the search path after parsing of a plugin template has finished.
11 years ago
1ffab0ad4a
Fix possible issues in skin/skin_path config handling ( #1490125 )
11 years ago
71dbeeee10
Skip unnecessary session updates on task switch - switch session task less often ( #1490116 )
11 years ago
383724eb97
Update rcmail.php
...
Typo
11 years ago
91a449138e
Add output class for commandline scripts
11 years ago
000f6ee304
Merge branch 'oracle'
11 years ago
c2345747ac
Add Oracle driver check in Installer
11 years ago
8ef203827f
Make noshow attribute for roundcube:label tags actually work as supposed
11 years ago
dcc4469844
Don't init output in CLI mode
...
Fixes infinite recurssion on raise_error() call when executing scripts
out of the INSTALL_PATH. Also use 'rcube' if 'rcmail' is not needed.
11 years ago
fec4f240e5
Seek vendor/autoload.php in install path to make tests working
11 years ago
a98a4f8bb5
Remove 3rd party libs from our repository and define the dependencies in composer.json-dist.
...
Also remove the ancient utf8 lib and replace it with 'Patchwork UTF-8 for PHP'.
For direct git checkouts, copy composer.json-dist into composer.json and run
`php composer.phar install` to install the dependencies.
12 years ago
5f58127eae
Added rcube_utils::resolve_url()
12 years ago
75bbada03b
Remove code for PHP<5.3, use PHP_VERSION_ID instead of version_compare() for version checks
12 years ago
e35eab5f94
Fix comm_path update on task switch ( #1490041 )
12 years ago
06fdaf88cb
Extend rcmail::url() to produce absolute and fully qualified URLs
12 years ago
d01f9fc7f5
Add option (disabled_actions) to disable UI elements/actions ( #1489638 )
12 years ago
d4783319a0
Set 'compose_extwin' env property on every step; accept a list of URL parameters for the 'compose' command
12 years ago
Aleksander Machniak