Commit Graph

416 Commits (d85f30bec431061c9cb7117c66d6f16a6066f339)

Author SHA1 Message Date
Aleksander Machniak 195dc11855 Support host-specific imap_conn_options/smtp_conn_options/managesieve_conn_options (#5136) 8 years ago
Aleksander Machniak 95df255af4 Added max_message_size option enforced when attaching files to a composed message (#4993) 8 years ago
Aleksander Machniak 9debc38724 Drop mail_header_delimiter option, since we don't use mail() we don't need it 8 years ago
Aleksander Machniak ee895a2c96 Remove PHP mail() support, smtp_server is required now (#5340) 8 years ago
Alexandre Perrin 96af4b2e23 default config: fix use_secure_urls comment
rewrite regexp was missed by part of 26086981a2.
9 years ago
Aleksander Machniak 4bb44c3d90 Enigma: added option to force users to use signing/encryption 9 years ago
Sean McBride 4ca97c3ea4 Issue #5186: improve comments about ‘password_charset’ setting 9 years ago
Aleksander Machniak 791ee65d2e Fix so contactlist_fields option can be set via config file 9 years ago
Aleksander Machniak a15d877ba8 Added brute-force attack prevention via login rate limit (#1490566) 9 years ago
Normal Norway 707712b939 fixed typo 9 years ago
Aleksander Machniak a5c03db798 Security: Added options to validate username/password on logon (#1490500) 9 years ago
Aleksander Machniak c8c4cafb1f Add possibility to define date format in write operations for ldap attributes (#1488741) 9 years ago
Aleksander Machniak 90c82ebf13 Clarify DSN for SQLite on Windows (#1490547) 9 years ago
Aleksander Machniak 2c6951b9cb Add hint about configuration 9 years ago
Aleksander Machniak e4c66080a8 Improved encrypt/decrypt methods with option to choose the cipher_method (#1489719) 9 years ago
Aleksander Machniak 399a2d68b6 Make optional adding of standard signature separator - sig_separator (#1487768) 9 years ago
Aleksander Machniak 5eb9c70b60 Added method to determine IMAP server vendor, for future use 9 years ago
Aleksander Machniak 4ceff8f353 Make optional hidding of folders with name starting with a dot - imap_skip_hidden_folders (#1490468) 9 years ago
Aleksander Machniak 6ca1e6add1 Add option to enable HTML editor always, except when replying to plain text messages (#1489365) 9 years ago
Aleksander Machniak 44708ec647 Implemented memcache_debug and apc_debug options for cache operations tracking 10 years ago
Thomas Bruederli 585ee9e181 Improve directory protection for Apache 2.4 10 years ago
Thomas Bruederli 012555c1ce Add .htaccess files to deny access to config, temp, logs + describe how to protect access to these directories in the INSTALL instructions (#1490378) 10 years ago
Thomas Bruederli 0f63418b7e Use Net_LDAP3::domain_root_dn() to resolve the domain DN for the %dc variable; replaces PR #268 10 years ago
Aleksander Machniak 09225a41ec Add option to place signature at bottom of the quoted text even in top-posting mode [sig_below] 10 years ago
Thomas B. 2755471f33 Merge pull request #257 from corbosman/session_refactor
Merging session refactor into master
10 years ago
Aleksander Machniak 2a31f6dbd7 Reset default db_max_allowed_packet, fix max packet size detection 10 years ago
Aleksander Machniak 8f485469c7 Add possibility to configure max_allowed_packet value for all database engines (#1490283) 10 years ago
corbosman 4df4ab5007 session refactor and add redis driver 10 years ago
Thomas Bruederli de3fc1afaf Describe memcache connection configuration options in defaults 10 years ago
David Routhieau d491463df2 Fix config file sample tiny typo 10 years ago
Aleksander Machniak 681ba6fc3c Improve system security by using optional special URL with security token
Allows to define separate server/path for image/js/css files
Fix bugs where CSRF attacks were still possible on some requests
10 years ago
Andriy Yurchuk 402c1bff01 Clarify temp/logs directories permissions 10 years ago
Thomas Bruederli 507dad3354 Clarify spell check settings in default config 10 years ago
Thomas Bruederli acf8d67c96 Add 'sig_max_lines' config option to defaults (#1490071) 10 years ago
Thomas Bruederli 44b47dfb35 Add config/preference option to disable saving messages in localStorage (#1489979) 10 years ago
Victor Benincasa aecdf0644d Remove $config['default_folders'] from config tips
Remove $config['default_folders'] from config tips as this option was removed on commit dc0b500.
Related ticket: http://trac.roundcube.net/ticket/1489737
10 years ago
Thomas Bruederli 561f5e0a22 Describe new config options 10 years ago
Aleksander Machniak d01f9fc7f5 Add option (disabled_actions) to disable UI elements/actions (#1489638) 10 years ago
Aleksander Machniak 36d004e3d0 Added 'contact_search_name' option to define autocompletion entry format 11 years ago
Aleksander Machniak 3cc1afa1c2 Support images in HTML signatures (#1488676)
This enables image button and file browser in html editor for signatures
11 years ago
Aleksander Machniak cd01dc027b Add option to set default message list mode - default_list_mode (#1487312) 11 years ago
Aleksander Machniak 109bcce470 Add config option to specify IMAP connection socket parameters - imap_conn_options (#1489948) 11 years ago
Aleksander Machniak 769829a0ce Add notes about messages_cache setting requirements (#1489946) 11 years ago
Aleksander Machniak d519008498 Add configurable LDAP_OPT_DEREF option (#1489864) - patch from Stuart C. Naifeh 11 years ago
Aleksander Machniak 2ea27162e8 Add comment about behavior with empty im_*_path 11 years ago
Thomas Bruederli b867bb81e1 Merge branch 'x-forwarded-whitelist' of github.com:tribut/roundcubemail into tribut-x-forwarded-whitelist 11 years ago
Aleksander Machniak 5be6dcf0e2 Remove useless debug_level=8 and javascripts's rcube_console 11 years ago
Aleksander Machniak dc0b500e78 Removed redundant default_folders config option (#1489737)
Implemented IMAP SPECIAL-USE extension support [RFC6154] (#1487830)
11 years ago
Felix Eckhofer ef721fc430 Add config variable 'proxy_whitelist'
HTTP headers X_FORWARDED_* and X_REAL_IP are only evaluated when
received from an IP listed in proxy_whitelist. Furthermore, only the
last non-trusted IP from X-Forwarded-For is used in place of the real
ip.

Without this, an attacker can easily spoof the headers and control the
result of the ip or ssl check.

This fixes several problems with [3a4c9f42], [4d480b36] and [a520f331] as
mentioned in #1489729.
11 years ago
Felix Eckhofer 3fca238554 Fix typo in comment 11 years ago