Aleksander Machniak
|
5832eca405
|
RCMAIL_CHARSET -> RCUBE_CHARSET (#6236)
|
7 years ago |
Aleksander Machniak
|
73ea8f94d0
|
Use htmlspecialchars() with charset argument, simplify some code
|
7 years ago |
Aleksander Machniak
|
b00d5c3836
|
Automatically localize data-label-* attributes of a template object
|
7 years ago |
Aleksander Machniak
|
83bd85677b
|
Remove x_frame_options env
|
7 years ago |
Aleksander Machniak
|
55a1d6ef1b
|
Make search form's aria label to also support plugin localization (via label-domain property)
|
7 years ago |
Aleksander Machniak
|
38d275445d
|
Plugin API: Add 'write' argument to 'render_page' hook
|
7 years ago |
Aleksander Machniak
|
46e2e7e16c
|
CS fix
|
7 years ago |
Aleksander Machniak
|
758044d69e
|
Add skin config options to dont_override list
... so e.g. options in user preferences will be hidden.
|
7 years ago |
Aleksander Machniak
|
1cf72fa2b6
|
Allow plugins to include Less files (#6051)
|
7 years ago |
Aleksander Machniak
|
ef0982f1b8
|
Merge branch 'master' into dev-elastic
|
7 years ago |
JohnDoh
|
a8f0d35ebc
|
Extend disabled_actions config so it accepts also button names (#5903)
|
7 years ago |
Aleksander Machniak
|
d815525c6a
|
Merge branch 'master' into dev-elastic
|
7 years ago |
Aleksander Machniak
|
22b30de5d9
|
Fix bug where assets_path wasn't added to some watermark frames
|
7 years ago |
Aleksander Machniak
|
3a77c906a1
|
Merge branch 'master' into dev-elastic
|
7 years ago |
Aleksander Machniak
|
13d203303e
|
Refactored Help plugin to use frames, added Elastic skin support
|
7 years ago |
Aleksander Machniak
|
5d398d4d00
|
Add version number to the client environment
|
7 years ago |
Aleksander Machniak
|
4b2f2b6b3b
|
Use about:blank instead of blank.gif for empty iframes
|
7 years ago |
Aleksander Machniak
|
86a4d78369
|
Merge branch 'dev-elastic'
|
7 years ago |
Aleksander Machniak
|
8fff21deb5
|
Fix POST parameter reflection in default_charset selector (#5768)
|
8 years ago |
Aleksander Machniak
|
9858c2a294
|
Merge branch 'master' into dev-elastic
|
8 years ago |
Aleksander Machniak
|
51fb3bfa58
|
Support including files with path relative to templates dir
|
8 years ago |
Aleksander Machniak
|
559254d6ee
|
Use <button> instead of <input> for submit button on logon screen
|
8 years ago |
Aleksander Machniak
|
51dffcda86
|
Skip <script> element if it has no content
|
8 years ago |
Aleksander Machniak
|
f03839b24b
|
Add support for 'link' objects in templates (with conditions)
.. to simplify conditional <link> tags injection while nested 'if' objects do not work
|
8 years ago |
Aleksander Machniak
|
71ff264b02
|
Support conditional include
|
8 years ago |
ka7
|
9a35768c26
|
spelling fixes (#5690)
|
8 years ago |
Aleksander Machniak
|
38067f61da
|
Get rid of data-popup-pos
|
8 years ago |
Aleksander Machniak
|
adbab9d3e2
|
Merge branch 'master' into dev-elastic
|
8 years ago |
Aleksander Machniak
|
e2d80479d6
|
Make possible to set (some) config options from a skin
|
8 years ago |
Aleksander Machniak
|
f29fd706cf
|
Get back to eval()
We used create_function() before but it's deprecated in PHP 7.2
and really it was just a wrapper on eval().
|
8 years ago |
Aleksander Machniak
|
8131629c6e
|
Extended unified searchform object for templates engine
|
8 years ago |
Aleksander Machniak
|
cc10cbe039
|
Make button object to be a <button> by default
|
8 years ago |
Aleksander Machniak
|
369b44d94a
|
Fix unsetting template objects
Fixes compatibility with some plugins e.g. kolab_addressbook which
call parse() method (for sub-templates) while parsing the main template
|
8 years ago |
Aleksander Machniak
|
e17fcf1649
|
Support ALLOW-FROM in x_frame_options (#5122)
|
8 years ago |
Aleksander Machniak
|
d02e6ea45e
|
Fix so templating system does not mess with external (e.g. email) content (#5499)
|
8 years ago |
Aleksander Machniak
|
edea8732a6
|
Fix regression where UI object could be not created on some pages (#5484)
|
8 years ago |
Aleksander Machniak
|
f43f5bf93f
|
Use JSON_PRETTY_PRINT in devel_mode
This effectively makes PHP 5.4 a real requirement
|
8 years ago |
Aleksander Machniak
|
638afafbd2
|
Make so rcmail.log() depends on devel_mode (#5193)
|
8 years ago |
Victor Benincasa
|
daeb66ee99
|
Fix login form
Fix a small bug introduced on commit 43f3c5f that breaks the login form ($attrib['form'] is checked at line 1899, so it cannot be unset).
|
8 years ago |
Aleksander Machniak
|
43f3c5fb2a
|
Implement "one click" attachment upload (#5024)
|
8 years ago |
Aleksander Machniak
|
184de7735c
|
CS fixes (mostly phpdoc)
|
8 years ago |
Thomas Bruederli
|
4a408843b0
|
Protect download urls against CSRF using unique request tokens (#1490642)
Send X-Frame-Options headers with every HTTP response
|
9 years ago |
Aleksander Machniak
|
10e5192a2b
|
Fix path traversal vulnerability in setting a skin (#1490620)
|
9 years ago |
dsoares
|
234fd19505
|
Replace deprecated call to Q within array_map()
|
9 years ago |
Aleksander Machniak
|
93e64008a6
|
Small code improvements
|
9 years ago |
Aleksander Machniak
|
252cc4c4ac
|
Password: Allow temporarily disabling the plugin functionality with a notice
|
9 years ago |
Aleksander Machniak
|
a958748947
|
CS fixes
|
10 years ago |
Thomas Bruederli
|
0bd99db08d
|
Localize common error messages; improve explanation for CSRF check failures
|
10 years ago |
Aleksander Machniak
|
681ba6fc3c
|
Improve system security by using optional special URL with security token
Allows to define separate server/path for image/js/css files
Fix bugs where CSRF attacks were still possible on some requests
|
10 years ago |
Thomas Bruederli
|
8d526c4938
|
Fix skin path handling in plugin context (#1488967):
The plugin skin directories are removed again from the search path after parsing of a plugin template has finished.
|
10 years ago |