Aleksander Machniak
|
681ba6fc3c
|
Improve system security by using optional special URL with security token
Allows to define separate server/path for image/js/css files
Fix bugs where CSRF attacks were still possible on some requests
|
10 years ago |
Thomas Bruederli
|
2e713d00f5
|
Set comm_path env variable after reset
|
10 years ago |
Aleksander Machniak
|
c97625e02a
|
CS fixes
|
11 years ago |
Thomas Bruederli
|
e46d060a4a
|
Fix errors in error page :-)
|
11 years ago |
Thomas Bruederli
|
95d2892686
|
Fix HTTP User-Agent XSS vulnerability (#1488737)
|
12 years ago |
Aleksander Machniak
|
b97d0e11b5
|
Fix empty user agent string on error page for "incompatible browser" error
|
13 years ago |
Aleksander Machniak
|
041c93ce0b
|
Removed $Id$
|
13 years ago |
alecpl
|
0c259682f6
|
- Merge devel-framework branch, resolved conflicts
|
13 years ago |
thomascube
|
1e09cd0811
|
Slighlty increase minimum browser requirements
|
13 years ago |
thomascube
|
7fe3811c65
|
Changed license to GNU GPLv3+ with exceptions for skins and plugins
|
13 years ago |
alecpl
|
d7b35c22af
|
- Fix usage of non-standard HTTP error codes (#1487797)
|
14 years ago |
thomascube
|
a77cf2292b
|
Add optional referer check to prevent CSRF in GET requests
|
14 years ago |
thomascube
|
f5e7b35307
|
Bumbed version; Roundcube development is not Switzerland only
|
14 years ago |
alecpl
|
e019f2d0f2
|
- s/RoundCube/Roundcube/
|
14 years ago |
alecpl
|
b25dfd0913
|
- removed PHP closing tag
|
15 years ago |
alecpl
|
24c91ed78e
|
- Moved error.inc to /utils
- Removed bugs.inc (content copied into main.inc)
|
15 years ago |