2e3648b24f
Fix bug where some HTML comments could have been malformed by HTML parser ( #6333 )
6 years ago
d9eed3625b
Fix bug where some escape sequences in html styles could bypass security checks
7 years ago
c278b8796f
Fix bug where usernames without domain part could be malformed or converted to lower-case on logon ( #6224 )
7 years ago
60902de521
Fix parsing date strings (e.g. from a Date: mail header) with comments ( #6216 )
7 years ago
f55724d1e8
Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() ( #6212 )
7 years ago
24dcdb5414
Fix bug in remote content blocking on HTML image and style tags ( #6178 )
7 years ago
46faac4a6e
Fix mangled non-ASCII characters in links in HTML messages ( #6028 )
7 years ago
972be07a41
Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview ( #5580 )
7 years ago
2359f30b96
Modify links in html messages during Washtml DOM traversal
...
This is a more safe approach than using regex and mitigates
possible vulnerabilities using malformed html markup.
7 years ago
74e0852db2
Escape textarea contents in Washtml
7 years ago
39fa590bad
Fix bug where HTML messages with @media styles could moddify style of page body ( #5811 )
7 years ago
dade481658
Fix bug where comment notation within style tag would cause the whole style to be ignored ( #5747 )
8 years ago
ce61c8210e
Added test for rcube_db::parse_dsn()
8 years ago
89a4134064
Add support for DelSp=Yes messages ( #5702 )
8 years ago
522565b400
Add tests for XSS vulnerabilities in style tags
8 years ago
0b385dc946
Skip iconv for problematic ISO-2022-JP strings ( #5668 )
...
We sometimes get broken character encodings such as:
Subject: =?iso-2022-jp?B?GyRCLWo7M3l1OSk2SBsoQgo=?=
This actually is not a strict ISO-2022-JP string, but a CP50220 string
that is a variant of ISO-2022-JP with extended characters proposed by
Microsoft. Iconv can not handle these encodings well.
8 years ago
e08f22ef28
Fix bug where external content in src attribute of input/video tags was not secured ( #5583 )
8 years ago
7340360e79
Fix bug where image data URIs in css style were treated as evil/remote in mail preview ( #5580 )
8 years ago
bbab6a6db7
Identicon plugin
...
https://kolabian.wordpress.com/2016/12/02/contact-identicons/
8 years ago
dd714b33a8
replace old trac links ( #5514 )
8 years ago
0485275a75
Merge branch 'dev/drop-legacy-browsers'
8 years ago
94f8ce3334
Make html::parse_attrib_string() more robust
...
Fixes PHP Error: Expression parse error on: ($app->config->get('preview_pane',rcube_utils::get_boolean('')) == true ? ' checked=checked' : ')
8 years ago
829442a4cd
Removed legacy_browsr plugin
8 years ago
dcabc1d814
Merge remote-tracking branch 'upstream/master'
...
Conflicts:
tests/Framework/Washtml.php
8 years ago
906cf101c3
Better time handling in rcube_utils::clean_datestr()
8 years ago
ed35267b9b
Managesieve: Fix parsing of vacation date-time with non-default date_format ( #5372 )
...
Added new method rcube_utils::format_datestr() to convert date_format date
into ISO date format.
8 years ago
d91bad5975
Fix handling of blockquote tags with mixed case on html2text conversion ( #5363 )
8 years ago
bf5b3072c4
Fix MathML test on older PHP versions
8 years ago
edfd9da42a
Support MathML in HTML message preview ( #5182 )
8 years ago
6737e293bb
Wash position:fixed style in HTML mail for better security ( #5264 )
9 years ago
afd090672c
Small performance optimization
9 years ago
ca9ad75d96
Add some more tests for HREF attribute washing
9 years ago
6652367d65
Fix XSS issue in href attribute on area tag ( #5240 , #5241 )
9 years ago
a0f38f5fd8
Small code style improvements
9 years ago
e8ab3d96bd
Fix converting mail addresses with @www. into mailto links ( #5197 )
9 years ago
ed1d212ae2
Improved SVG cleanup code
9 years ago
cbe701ac4a
Fix rcube_utils::words_match() to work with mixed/invalid/binary content (T844)
9 years ago
9234903287
Fix HTML sanitizer to skip <!-- node type X --> in output ( #1490583 )
9 years ago
26086981a2
Improve randomness of security tokens ( #1490529 )
9 years ago
a63f14ec40
Emoticons-related code refactoring
...
- Emoticons: All emoticons-related functionality is handled by the plugin now
- Emoticons: Added option to switch on/off emoticons in compose editor (#1485732 )
- Emoticons: Added option to switch on/off emoticons in plain text messages
- Plugin API: Added disabled_plugins an disabled_buttons options in html_editor hook
- Plugin API: Added html2text hook
9 years ago
7a42173a16
Simplify rcube_utils::check_ip()
9 years ago
f4c512336d
Fix "washing" of style elements wrapped into many lines
9 years ago
1b39d9a6c7
PHP7: Fixed some E_WARNING errors that previously were E_STRICT
9 years ago
1b8ca08e5b
Added GSSAPI/Kerberos authentication plugin - krb_authentication
9 years ago
2d73205ec8
Skip rcube_ldap_generic test if Net_LDAP3 is not available
9 years ago
8447bae77c
Require Mbstring and OpenSSL extensions ( #1490415 ) - remove redundant code
10 years ago
f7427f151e
Get rid of Mail_mimeDecode package dependency ( #1490416 )
10 years ago
25c8fe4eeb
Fix handling of non-break spaces in html to text conversion ( #1490436 )
10 years ago
ff40683404
Fix so links with href == content aren't added to links list on html to text conversion ( #1490434 )
10 years ago
c5ca818118
Adapt washtml test to pass with different versions of iconv (i.e. on CentOS7)
10 years ago
Aleksander Machniak