Commit Graph

408 Commits (ca332d58628a3b88f22795d9b34d7d0ad8c1b97a)

Author SHA1 Message Date
Aleksander Machniak a15d877ba8 Added brute-force attack prevention via login rate limit (#1490566) 9 years ago
Normal Norway 707712b939 fixed typo 9 years ago
Aleksander Machniak a5c03db798 Security: Added options to validate username/password on logon (#1490500) 9 years ago
Aleksander Machniak c8c4cafb1f Add possibility to define date format in write operations for ldap attributes (#1488741) 9 years ago
Aleksander Machniak 90c82ebf13 Clarify DSN for SQLite on Windows (#1490547) 9 years ago
Aleksander Machniak 2c6951b9cb Add hint about configuration 9 years ago
Aleksander Machniak e4c66080a8 Improved encrypt/decrypt methods with option to choose the cipher_method (#1489719) 9 years ago
Aleksander Machniak 399a2d68b6 Make optional adding of standard signature separator - sig_separator (#1487768) 9 years ago
Aleksander Machniak 5eb9c70b60 Added method to determine IMAP server vendor, for future use 9 years ago
Aleksander Machniak 4ceff8f353 Make optional hidding of folders with name starting with a dot - imap_skip_hidden_folders (#1490468) 9 years ago
Aleksander Machniak 6ca1e6add1 Add option to enable HTML editor always, except when replying to plain text messages (#1489365) 9 years ago
Aleksander Machniak 44708ec647 Implemented memcache_debug and apc_debug options for cache operations tracking 10 years ago
Thomas Bruederli 585ee9e181 Improve directory protection for Apache 2.4 10 years ago
Thomas Bruederli 012555c1ce Add .htaccess files to deny access to config, temp, logs + describe how to protect access to these directories in the INSTALL instructions (#1490378) 10 years ago
Thomas Bruederli 0f63418b7e Use Net_LDAP3::domain_root_dn() to resolve the domain DN for the %dc variable; replaces PR #268 10 years ago
Aleksander Machniak 09225a41ec Add option to place signature at bottom of the quoted text even in top-posting mode [sig_below] 10 years ago
Thomas B. 2755471f33 Merge pull request #257 from corbosman/session_refactor
Merging session refactor into master
10 years ago
Aleksander Machniak 2a31f6dbd7 Reset default db_max_allowed_packet, fix max packet size detection 10 years ago
Aleksander Machniak 8f485469c7 Add possibility to configure max_allowed_packet value for all database engines (#1490283) 10 years ago
corbosman 4df4ab5007 session refactor and add redis driver 10 years ago
Thomas Bruederli de3fc1afaf Describe memcache connection configuration options in defaults 10 years ago
David Routhieau d491463df2 Fix config file sample tiny typo 10 years ago
Aleksander Machniak 681ba6fc3c Improve system security by using optional special URL with security token
Allows to define separate server/path for image/js/css files
Fix bugs where CSRF attacks were still possible on some requests
10 years ago
Andriy Yurchuk 402c1bff01 Clarify temp/logs directories permissions 10 years ago
Thomas Bruederli 507dad3354 Clarify spell check settings in default config 10 years ago
Thomas Bruederli acf8d67c96 Add 'sig_max_lines' config option to defaults (#1490071) 10 years ago
Thomas Bruederli 44b47dfb35 Add config/preference option to disable saving messages in localStorage (#1489979) 10 years ago
Victor Benincasa aecdf0644d Remove $config['default_folders'] from config tips
Remove $config['default_folders'] from config tips as this option was removed on commit dc0b500.
Related ticket: http://trac.roundcube.net/ticket/1489737
10 years ago
Thomas Bruederli 561f5e0a22 Describe new config options 10 years ago
Aleksander Machniak d01f9fc7f5 Add option (disabled_actions) to disable UI elements/actions (#1489638) 10 years ago
Aleksander Machniak 36d004e3d0 Added 'contact_search_name' option to define autocompletion entry format 11 years ago
Aleksander Machniak 3cc1afa1c2 Support images in HTML signatures (#1488676)
This enables image button and file browser in html editor for signatures
11 years ago
Aleksander Machniak cd01dc027b Add option to set default message list mode - default_list_mode (#1487312) 11 years ago
Aleksander Machniak 109bcce470 Add config option to specify IMAP connection socket parameters - imap_conn_options (#1489948) 11 years ago
Aleksander Machniak 769829a0ce Add notes about messages_cache setting requirements (#1489946) 11 years ago
Aleksander Machniak d519008498 Add configurable LDAP_OPT_DEREF option (#1489864) - patch from Stuart C. Naifeh 11 years ago
Aleksander Machniak 2ea27162e8 Add comment about behavior with empty im_*_path 11 years ago
Thomas Bruederli b867bb81e1 Merge branch 'x-forwarded-whitelist' of github.com:tribut/roundcubemail into tribut-x-forwarded-whitelist 11 years ago
Aleksander Machniak 5be6dcf0e2 Remove useless debug_level=8 and javascripts's rcube_console 11 years ago
Aleksander Machniak dc0b500e78 Removed redundant default_folders config option (#1489737)
Implemented IMAP SPECIAL-USE extension support [RFC6154] (#1487830)
11 years ago
Felix Eckhofer ef721fc430 Add config variable 'proxy_whitelist'
HTTP headers X_FORWARDED_* and X_REAL_IP are only evaluated when
received from an IP listed in proxy_whitelist. Furthermore, only the
last non-trusted IP from X-Forwarded-For is used in place of the real
ip.

Without this, an attacker can easily spoof the headers and control the
result of the ip or ssl check.

This fixes several problems with [3a4c9f42], [4d480b36] and [a520f331] as
mentioned in #1489729.
11 years ago
Felix Eckhofer 3fca238554 Fix typo in comment 11 years ago
Thomas Bruederli 1562a83608 Add mime-type mapping for 7zip files (#1489512) 11 years ago
Aleksander Machniak 357f9c831a Support SMTP socket context options via new config option 'smtp_conn_options' 11 years ago
Thomas Bruederli 3786a48aeb * New option that write logs to per-user directories. (Debug) logs will only be written if a directory for the current user exists.
* The 'write_log' plugin hook now also supports the return property 'dir' to let plugins specify the log directory.
11 years ago
Thomas Bruederli 57def0d195 Use absolute paths in default config 11 years ago
Thomas Bruederli 4a05e8a7e8 Finish advanced prefs feature (#1488829) 11 years ago
Aleksander Machniak 88934b6132 Keep all security rules in one place, support Apache 2.4 syntax 11 years ago
Aleksander Machniak b972b4c4c0 Add an option to disable smart Reply-List behaviour - reply_all_mode (#1488734) 11 years ago
Thomas Bruederli 3ce7c56826 Applied the (modified) patch to extend configuration possibilities of LDAP address books as suggested in #1488753:
- Add option to specify arbitrary replacements of config options with attributes from the bound user
- Allow mapping of group object class => member attribute used in these objects
- Describe the 'member_filter' property for groups config
11 years ago