Commit Graph

1154 Commits (d646a10217ad99bda44c2c5930e15c4d71481c78)

Author SHA1 Message Date
Aleksander Machniak 186f21c4c1 Avoid Referer leaking by using Referrer-Policy:same-origin header (#6385)
Added 'common_headers' hook
6 years ago
Aleksander Machniak c8d133a6a0 Merge branch 'master' into dev/elastic 6 years ago
Aleksander Machniak b126941846 Fix session issue on long running requests (#6470) 6 years ago
Stefanos Petrakis 8ab1e4fbc3 Fix multiple VCard field search (#6466) 6 years ago
Aleksander Machniak 0a0ac045fe Fix bug where valid content between HTML comments could have been skipped in some cases (#6464) 6 years ago
Aleksander Machniak 255638cc44 Update changelog, require Net_SMTP 1.8.1 for GSSAPI support 6 years ago
urusha 75f37f8b0f SMTP GSSAPI support (#6417)
* krb_authentication support for smtp_connect
* smtp GSSAPI support
6 years ago
Aleksander Machniak 2dcf50019c Merge branch 'master' into dev/elastic 6 years ago
Aleksander Machniak e38b477b99 Fix including plugin scripts (regression) 6 years ago
Aleksander Machniak 2c12274d38 Fix style/navigation on error page depending on authentication state (#6362) 6 years ago
Aleksander Machniak 4310046993 Remove redundant trim() 6 years ago
Aleksander Machniak c28242f63c Log errors caused by low pcre.backtrack_limit when sending a mail message (#6433) 6 years ago
Aleksander Machniak 03fef0d6ca New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419) 6 years ago
Aleksander Machniak 796e5a17e6 Removed referer_check option (#6440) 6 years ago
Aleksander Machniak eaa81a5b61 Fix so invalid smtp_helo_host is never used, fallback to localhost (#6408) 6 years ago
Allan Klaus 6a49ba5aa2 Added exec_hook to send error to an external error tracking tool (#6198) 6 years ago
Aleksander Machniak 5cdb54221f Fix listing the same attachment multiple times on forwarded messages 6 years ago
Aleksander Machniak 24e3977d74 Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398) 6 years ago
Aleksander Machniak 19332495b0 Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383) 6 years ago
Aleksander Machniak 988ed7e565 Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374) 6 years ago
Aleksander Machniak 4f2b795cd2 Fix doc for 3rd argument of rcube::deliver_message() (#6353) 6 years ago
Aleksander Machniak cba1605949 Add http_only argument to rcube_utils::setcookie() 6 years ago
Aleksander Machniak 086e781b8f Fix bug where some HTML comments could have been malformed by HTML parser (#6333) 7 years ago
Aleksander Machniak fd7d7faabd Improve checking folder delete rights according to RFC 4314 7 years ago
Aleksander Machniak 58e514970e Add option to hide folders in share/other-user namespace or outside of the personal namespace root (#5073) 7 years ago
Aleksander Machniak 5e3868eb10 Fix so attachment without Content-ID is not an inline attachment (#5905) 7 years ago
Aleksander Machniak e9d38e847c Re-add setting error_log=syslog when log_driver=syslog 7 years ago
Aleksander Machniak 3d0b2cd3ce Pass PEAR errors to rcube::raise_error(), small CS improvements 7 years ago
Aleksander Machniak 12b1b54792 Fix bug where after "mark all folders as read" action message counters were not reset (#6307)
also fixed one PHP 7.2 warning
7 years ago
Aleksander Machniak 6691756ea1 Fix bug where unicode contact names could have been broken/emptied or caused DB errors (#6299) 7 years ago
Aleksander Machniak 30ab2eec5f Remove function_exists() checks for mbstring functions 7 years ago
Aleksander Machniak 4b97f40af9 Get rid of debug_level (#6298) 7 years ago
Aleksander Machniak 71eec07d25 Fix regression where some non-inline attachments could be not listed (#6291) 7 years ago
Aleksander Machniak 430c000e32 Support skin localization (#5853) 7 years ago
Aleksander Machniak 1247a8dd7d Fix bug where some forbidden characters on Cyrus-IMAP were not prevented from use in folder names 7 years ago
Aleksander Machniak 0716d499bc Fix bug where some escape sequences in html styles could bypass security checks 7 years ago
Edgaras L c236c22c41 Parse all quotas from GETQUOTAROOT (#6280) 7 years ago
Aleksander Machniak c0b9025215 Remove sample PHP configuration from .htaccess and .user.ini files (#5850)
Moved to https://github.com/roundcube/roundcubemail/wiki/Installation#php-configuration
7 years ago
Aleksander Machniak 63d3ad11fb Use Masterminds/HTML5 parser for HTML5 support (#5761) 7 years ago
Aleksander Machniak e79838aaac Enigma: Disable autofill for new keypair password 7 years ago
Aleksander Machniak dd3ea4ed2b Fix extracting codepage 7 years ago
Aleksander Machniak 8a6a9e86ae Fix handling of forwarded messages inside of a TNEF message (#5632) 7 years ago
Aleksander Machniak a889f55c31 Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244) 7 years ago
Aleksander Machniak b2bebe531a Fix bug where usernames without domain part could be malformed or converted to lower-case on logon (#6224) 7 years ago
Aleksander Machniak 8df6d7c3e4 Fix regression in compressMessageSet() (#6235) 7 years ago
Aleksander Machniak 8b0540d402 Fix possible IMAP command injection and type juggling vulnerabilities (#6229) 7 years ago
Aleksander Machniak df3878501c Fix PHP 7.2: count(): Parameter must be an array in enchant-based spellchecker (#6234) 7 years ago
Aleksander Machniak 73ea8f94d0 Use htmlspecialchars() with charset argument, simplify some code 7 years ago
Aleksander Machniak f36e23b778 Fix parsing date strings (e.g. from a Date: mail header) with comments (#6216) 7 years ago
Aleksander Machniak 2196f50437 Support redis_debug in the redis session driver 7 years ago
Aleksander Machniak 0f3ad342f7 Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() (#6212) 7 years ago
Aleksander Machniak a451ad6599 Fix handling encoding of HTML tags in "inline" JSON output (#6207) 7 years ago
Aleksander Machniak 981cd8726d Remove holes in cache index keys - makes the serialized representation shorter 7 years ago
Aleksander Machniak 1058924e21 Move some framework classes to sub-directories 7 years ago
Aleksander Machniak d07b032bcd Refactor cache code with separate engine-specific classes 7 years ago
Aleksander Machniak fa06d37901 Merge branch 'feature/add_redis_as_cache' of https://github.com/ledgr/roundcubemail into ledgr-feature/add_redis_as_cache 7 years ago
Aleksander Machniak 6bfebc5e32 Add sanity check when auto-unsubscribing non-existing folders 7 years ago
Aleksander Machniak 1556eb01c7 Use JSON_UNESCAPED_UNICODE only on PHP >= 7.1.0 (#6187) 7 years ago
laodc 672e57ea48 Patched bug where rcube_db::quote() was causing an infinite connection loop. (#6175)
As rcube_db::quote() checks to see if the connection is up before quoting, this would cause the class to try connect again, as rcube_db::$dbh was not being set until AFTER conn_configure was completed, causing a loop.

So updated rcube_db::$dbh in the rcube::conn_create() function instead allowing access to the new object straight away.

It's needed for edeb5d7.
7 years ago
Aleksander Machniak a1be62b19d Remove redundant trim() 7 years ago
Aleksander Machniak 9d2b303b51 Fix bug in remote content blocking on HTML image and style tags (#6178) 7 years ago
Aleksander Machniak b46cd5de1d Fix PHP Warning: exif_read_data(...): Illegal IFD size (#6169) 7 years ago
Edgaras Lukoševičius e371469664 Add Redis as cache backend 7 years ago
laodc edeb5d7ab4 Add support for PostgreSQL schemas in DSN (#6150)
If schema is set in the dsn, set search_path to the schema value.

Example:

$config['db_dsnw'] = 'pgsql://user:pass@localhost/dbname?schema=exampleschema';
7 years ago
Aleksander Machniak 4793ec753a Remove double-quotes in filename* parameter of the Content-Disposition of downloads (#5857) 7 years ago
Aleksander Machniak 55e99398e1 Fix possible information leak - add more strict sql error check on user creation (#6125) 7 years ago
Aleksander Machniak ce338164e3 Fix bug where contacts search could skip some records (#6130) 7 years ago
Richard Hillmann 59bbf6c081 Fix preg_match in guess_type function (#6123) 7 years ago
Aleksander Machniak b172fb505c Improve trusted_host_patterns code 7 years ago
Aleksander Machniak 4a5ca74724 Merge branch 'trusted-host-patterns' of https://github.com/dsoares/roundcubemail into dsoares-trusted-host-patterns 7 years ago
Daniel Kesselberg a8d5547163 Update idn convertion methods (#6115)
* Add more test cases
* Update phpdoc
7 years ago
Aleksander Machniak 63a7d2313f Improve SMTPUTF8 support and fix relaxed email validation issues 7 years ago
Aleksander Machniak 5665344673 Merge branch 'smtputf8' of https://github.com/jprjr/roundcubemail into jprjr-smtputf8 7 years ago
Aleksander Machniak a2875cdda9 - Fix searching contacts by address in LDAP source (#6084) 7 years ago
Aleksander Machniak c0959bd619 Sanity checks for header data length in FETCH (#6087)
Where we know what expected data length is we truncate the input.
7 years ago
Aleksander Machniak 3cdc8af297 Fix possible performance issue when parsing malformed and long Date header (#6087) 7 years ago
johndoh 05d1b1947e Check for minified CSS files (#6089) 7 years ago
Aleksander Machniak 3488531b26 Fix PHP Warning: Use of undefined constant INTL_IDNA_VARIANT_UTS46 on servers without php-intl extension 7 years ago
Georgeto 161038ee87 Support additional connect parameters in PostgreSQL database wrapper (#6071)
Most notably this change enables you to specify whether or with what
priority a secure SSL TCP/IP connection will be negotiated with the
database server.
7 years ago
Aleksander Machniak 61a6666eee Small CS fixes 7 years ago
Aleksander Machniak ca39a4e093 Fix PHP warning "idn_to_utf8(): INTL_IDNA_VARIANT_2003 is deprecated" with PHP 7.2 (#6075) 7 years ago
Aleksander Machniak 36638ec0c2 Fix untagged COPYUID responses handling - again (#5982) 7 years ago
Aleksander Machniak 9ce8948294 Get rid of the 2nd argument of include_stylesheet()
.. make the optional behavior default now.
7 years ago
Aleksander Machniak 1cf72fa2b6 Allow plugins to include Less files (#6051) 7 years ago
Aleksander Machniak c6b2d8bead Merge branch 'dev-elastic' 7 years ago
Aleksander Machniak 4cb7713520 Fix checking table columns when there's more schemas/databases in postgres/mysql (#6047) 7 years ago
Aleksander Machniak a6c37b7735 Fix broken long filenames when using imap4d server - workaround server bug (#6048) 7 years ago
Aleksander Machniak eed4be3ba6 Display value of the SMTP message size limit in the error message (#6032) 7 years ago
Aleksander Machniak 4dc1f3b757 Use configured log_file_ext also for errors thrown by PHP (#6035) 7 years ago
Aleksander Machniak 910c735b87 Merge branch 'master' into dev-elastic 7 years ago
Aleksander Machniak a0374f3c45 Fix mangled non-ASCII characters in links in HTML messages (#6028) 7 years ago
Aleksander Machniak 23af0b7f36 Merge branch 'master' into dev-elastic 7 years ago
dsoares 5282cbaff9 Check against trusted_host_patterns in rcube_utils::parse_host() 7 years ago
Aleksander Machniak 0f4f85e097 Skip redundant INSERT query on successful logon when using PHP7
Since PHP 7.0 session_regenerate_id() will cause the old session data update.
This is redundant INSERT query and also produces a record for the session
we don't need anymore.
7 years ago
Aleksander Machniak ef0982f1b8 Merge branch 'master' into dev-elastic 7 years ago
dsoares 50a9c8f777 Add option trusted_host_patterns 7 years ago
JohnDoh 515d496808 Replace display_version with display_product_info (#5904) 7 years ago
Aleksander Machniak e21ab984bc Skip <span> wrappers in html_table that is a <ul> list 7 years ago
Aleksander Machniak d815525c6a Merge branch 'master' into dev-elastic 7 years ago
Brendan Braybrook 4574870adc fix: unknown content-disposition type should be treated as attachment (#6002) 7 years ago