Aleksander Machniak
0716d499bc
Fix bug where some escape sequences in html styles could bypass security checks
7 years ago
Aleksander Machniak
a889f55c31
Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl ( #6244 )
7 years ago
Aleksander Machniak
b2bebe531a
Fix bug where usernames without domain part could be malformed or converted to lower-case on logon ( #6224 )
7 years ago
Aleksander Machniak
f36e23b778
Fix parsing date strings (e.g. from a Date: mail header) with comments ( #6216 )
7 years ago
Aleksander Machniak
0f3ad342f7
Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() ( #6212 )
7 years ago
Aleksander Machniak
a1be62b19d
Remove redundant trim()
7 years ago
Aleksander Machniak
9d2b303b51
Fix bug in remote content blocking on HTML image and style tags ( #6178 )
7 years ago
Aleksander Machniak
b172fb505c
Improve trusted_host_patterns code
7 years ago
Aleksander Machniak
4a5ca74724
Merge branch 'trusted-host-patterns' of https://github.com/dsoares/roundcubemail into dsoares-trusted-host-patterns
7 years ago
Daniel Kesselberg
a8d5547163
Update idn convertion methods ( #6115 )
...
* Add more test cases
* Update phpdoc
7 years ago
Aleksander Machniak
63a7d2313f
Improve SMTPUTF8 support and fix relaxed email validation issues
7 years ago
Aleksander Machniak
5665344673
Merge branch 'smtputf8' of https://github.com/jprjr/roundcubemail into jprjr-smtputf8
7 years ago
Aleksander Machniak
3cdc8af297
Fix possible performance issue when parsing malformed and long Date header ( #6087 )
7 years ago
Aleksander Machniak
3488531b26
Fix PHP Warning: Use of undefined constant INTL_IDNA_VARIANT_UTS46 on servers without php-intl extension
7 years ago
Aleksander Machniak
ca39a4e093
Fix PHP warning "idn_to_utf8(): INTL_IDNA_VARIANT_2003 is deprecated" with PHP 7.2 ( #6075 )
7 years ago
dsoares
5282cbaff9
Check against trusted_host_patterns in rcube_utils::parse_host()
7 years ago
dsoares
50a9c8f777
Add option trusted_host_patterns
7 years ago
Aleksander Machniak
3196d656db
Fix css conflicts in user interface and e-mail content ( #5891 )
...
... by adding prefix to element/class identifiers
Also cleaned up some code and removed global variable use.
7 years ago
Aleksander Machniak
5d16751ed8
Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview ( #5580 )
7 years ago
Thomas Bruederli
3723f3f178
Fix rcube_utils::random_bytes() to not throw exception for length=0
7 years ago
Aleksander Machniak
1fcf7bfab3
Fix bug where HTML messages with @media styles could moddify style of page body ( #5811 )
8 years ago
Aleksander Machniak
f0431c7475
Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length ( #5788 )
8 years ago
Aleksander Machniak
27a621818d
Make sure rcube_utils::resolve_url() does not add port 80 to the url
...
...which might have happened with reverse proxies
8 years ago
Aleksander Machniak
8f22c3287d
Fix bug where comment notation within style tag would cause the whole style to be ignored ( #5747 )
8 years ago
Aleksander Machniak
9ff7b78c7e
Fix conflict with _gid cookie of Google Analytics ( #5748 )
...
TODO: Review the whole code base and don't use INPUT_GPC when it's not really needed,
in most cases we should not read $_COOKIE.
8 years ago
Thomas Bruederli
bf21557873
Better fix for XSS in style tags ( b59ff5ca
)
8 years ago
Aleksander Machniak
05aae4711c
Replace xss_entity_decode_callback() method with lambda function
8 years ago
Aleksander Machniak
b59ff5cafb
Fix XSS issue in handling of a style tag inside of an svg element
8 years ago
Aleksander Machniak
81f67a4de2
Don't use each() deprecated in PHP 7.2
8 years ago
Aleksander Machniak
dfd19206a4
sizeof() -> count()
8 years ago
Aleksander Machniak
7340360e79
Fix bug where image data URIs in css style were treated as evil/remote in mail preview ( #5580 )
8 years ago
Aleksander Machniak
4e0532808d
Fix bug where it wasn't possible to store more that 2MB objects in memcache/apc ( #5452 )
...
Added memcache_max_allowed_packet and apc_max_allowed_packet settings
8 years ago
Aleksander Machniak
195dc11855
Support host-specific imap_conn_options/smtp_conn_options/managesieve_conn_options ( #5136 )
8 years ago
Aleksander Machniak
dcabc1d814
Merge remote-tracking branch 'upstream/master'
...
Conflicts:
tests/Framework/Washtml.php
8 years ago
Aleksander Machniak
c3fc072d97
Remove code related to magic_quotes_* and register_globals
...
...they do not exist in PHP 5.4 which we now require.
8 years ago
Aleksander Machniak
906cf101c3
Better time handling in rcube_utils::clean_datestr()
8 years ago
Aleksander Machniak
ec1525a1e6
Remove debug code
8 years ago
Aleksander Machniak
ed35267b9b
Managesieve: Fix parsing of vacation date-time with non-default date_format ( #5372 )
...
Added new method rcube_utils::format_datestr() to convert date_format date
into ISO date format.
8 years ago
Aleksander Machniak
f2eafda539
Fix bug where microsecond format in logged date didn't work in some cases
9 years ago
Aleksander Machniak
d61d33a12a
Fix handling of --delete argument in moduserprefs.sh script ( #5296 )
9 years ago
Aleksander Machniak
6737e293bb
Wash position:fixed style in HTML mail for better security ( #5264 )
9 years ago
John Regan
3a2874c77c
Remove check for multiple dots in local-part
9 years ago
John Regan
0e809364e7
Support SMTPUTF8, relax email restrictions
...
If the FROM/TO portions of an email use non-ASCII characters,
check that the SMTP server supports the SMTPUTF8 extension.
Additionally, change some rules for parsing email addresses to
allow for more characters. Basically, SMTPUTF8 states that
nearly any printable character is a valid character in an
email address.
9 years ago
Aleksander Machniak
cbe701ac4a
Fix rcube_utils::words_match() to work with mixed/invalid/binary content (T844)
9 years ago
Aleksander Machniak
7e3298753a
Use ternary operator where aplicable
9 years ago
Aleksander Machniak
a03233ceba
CS fixes
9 years ago
Aleksander Machniak
b2b9b591ce
Fix handling random_bytes() errors in PHP 7.0.0RC3
9 years ago
Aleksander Machniak
e85bbc9e9c
random_bytes() can throw an exception in some cases, since PHP 7.0.0rc3
9 years ago
Aleksander Machniak
26086981a2
Improve randomness of security tokens ( #1490529 )
9 years ago
Aleksander Machniak
f00e1f5333
CS fixes
9 years ago