Commit Graph

211 Commits (e44e51561d2329e8f1e9ec88901d3c757f067303)

Author SHA1 Message Date
thomascube de62f02eed Also check referer on logout action 14 years ago
thomascube a77cf2292b Add optional referer check to prevent CSRF in GET requests 14 years ago
thomascube 784a425e07 protect login form submission from CSRF using a request token 14 years ago
thomascube cf2da2f9aa Improve session validity check with changing auth cookies; reduce writes to DB; better phpdoc 14 years ago
thomascube 32234d71d3 Better fix for login redirect, don't force mail task 14 years ago
alecpl 68d2d54100 - Move action files map from index.php to steps' func.inc files 14 years ago
thomascube 88007cf060 Fix login redirect issues (#1487686) 14 years ago
thomascube f5e7b35307 Bumbed version; Roundcube development is not Switzerland only 14 years ago
thomascube c3be8ed64c Make sure an existing session is killed/replaced when submitting login form 14 years ago
alecpl af3c045ecf - New Folder Manager UI
- Fix invalid Request when creating a folder (#1487443)
- Add folder size and quota indicator in folder manager (#1485780)
- Add possibility to move a subfolder into root folder (#1486791)
14 years ago
alecpl 5f560ee7a0 - Plugin API: Add 'pass' argument in 'authenticate' hook (#1487134) 14 years ago
alecpl 6d99f99576 - Handle situation when $IMAP object isn't initialized on log in 14 years ago
alecpl 8fcc3e1ad6 - Improved IMAP errors handling 14 years ago
alecpl 249db18585 - Fix "Server Error! (Not Found)" when using utils/save-pref action (#1487023) 14 years ago
alecpl e019f2d0f2 - s/RoundCube/Roundcube/ 14 years ago
alecpl 614c642a4b - Fix list_cols is not updated after column dragging (#1486999)
- Improved save-pref action and moved to separate file in utils task directory
- Improved http_post/http_request to support first argument in form 'task/action'
14 years ago
thomascube 4859fedb92 Fix unit tests + update version 15 years ago
alecpl b25dfd0913 - removed PHP closing tag 15 years ago
thomascube 05a631a43c Allow plugins to register their own tasks 15 years ago
alecpl 3544558f2d - Add HTTP_X_REAL_IP and HTTP_X_FORWARDED_FOR to successful logins log (#1486441) 15 years ago
thomascube aa12df20e4 Add server-side plugin hooks to address group functions + better action names 15 years ago
thomascube c0297f4172 Asynchronously expand contact groups + skip count queries in autocompletion mode + check for the existance of contactgroups table 15 years ago
thomascube 3baa72a62f Implement group renaming/deleting + use more consistent names for commands and actions (#1486587) 15 years ago
thomascube a61bbb24aa Added basic contact groups feature 15 years ago
thomascube f52c936f4d Merged devel-threads branch (r3066:3364) back into trunk 15 years ago
alecpl 929a508d80 - Improve performance by avoiding unnecessary updates to the session table (#1486325) 15 years ago
alecpl 64608bf2ef - Password: Make passwords encoding consistent with core, add 'password_charset' global option (#1486473) 15 years ago
alecpl 7481dd903e - don't set task for login_after hook 15 years ago
alecpl 48bc52e835 - Fix imap_init hook broken in r3258 (#1486493) 15 years ago
alecpl 9b94eb6415 - Fix setting task name according to auth state. So, any action before user
is authenticated is assigned to 'login' task instead of 'mail'. Now binding
  plugins to 'login' task is possible and realy usefull. It's also possible 
  to bind to all tasks excluding 'login'.
15 years ago
alecpl 10eedbe75a - add file/line definitions to raise_error() calls 15 years ago
alecpl 76c94b6ba8 - Fix 'force_https' to specified port when URL contains a port number (#1486411) 15 years ago
alecpl 5818e44345 - Fix $_SERVER['HTTPS'] check for SSL forcing on IIS (#1486243) + fix port check 15 years ago
thomascube f5d61d845f Revert r3038 and allow to specify the port as value of force_https 15 years ago
alecpl b5713396f1 - fix last commit 15 years ago
alecpl ccc80d1ca8 - Fix login page loading into an iframe when session expires (#1485952) 15 years ago
alecpl 65c0a0e591 - Option 'force_https' replaced by 'force_https' plugin
- added option 'force_https_port' in 'force_https' plugin (#1486091)
15 years ago
alecpl 161c28dffc - Fix wrong headers for IE on servers without $_SERVER['HTTPS'] (#1485926)
- Force IE style headers for attachments in non-HTTPS session, 'use_https' option (#1485655)
15 years ago
thomascube 7ef47e59a9 Add some arguments to the logout_after hook 16 years ago
thomascube d002607852 Implemented logout_after plugin hook 16 years ago
thomascube 0ddf59aeb4 Fix spell check (#1486036) 16 years ago
thomascube 4463648451 Allow a plugin to disable the cookie check 16 years ago
thomascube 826ceecab8 Don't check request token on login 16 years ago
alecpl 564a2ba793 - Help plugin
- support 'dummy' task (for plugins)
16 years ago
thomascube 5499336fef Use global request tokens and automatically protect all POST requests 16 years ago
thomascube e48a10a0d7 Add option to enforce https connections 16 years ago
alecpl 3a2b270c9d - always call logout action as task (#1485919) 16 years ago
alecpl 0ce119869d - use preg functions instead of ereg functions 16 years ago
alecpl d51c93b43e - get rid of some hardcoded action names and move decission about output compression to the user 16 years ago
svncommit f22c2cefb4 Really, really logout (fixes r2467). 16 years ago
thomascube cc97ea0559 Merged branch devel-api (from r2208 to r2387) back into trunk (omitting some sample plugins) 16 years ago
thomascube 48ee693f49 Partially reverted r2339 + fix indentation 16 years ago
svncommit 93adb3fc1b Fixed check-recent [richs] 16 years ago
alecpl 0129d7c914 - Fix authentication when submitting form with existing session (#1485679) 16 years ago
till cbbef379a5 * bumping up copyright (happy new year ;-)) 16 years ago
alecpl 133bb07f78 - performance: skip imap connection for attachments actions
- created attachments.inc file for attachment upload, remove and display actions
16 years ago
alecpl 39cd51aff5 - performance: connect to imap server only when needed
(some mail actions do not require imap connection)
16 years ago
alecpl 7342d7ef8c - re-fix r2095 16 years ago
alecpl b2265aea86 #1485584: display proper warning on login with empty user and pass 16 years ago
alecpl d2993ee4db - added BYE response simple support to prevent from endless loops in imap.inc (#1483956) 16 years ago
svncommit c9ca6ada03 added obscure ASCII encoding aliases, added more error checking to RFC2822 date parsing 16 years ago
thomascube 835ae8516a Fix some recently introduced bugs 16 years ago
thomascube c8a21d646c Killed one more global var + log logins to a separate file (not console) 16 years ago
thomascube 48aff91f7e Moved code block to a more appropriate position + codestyle 16 years ago
svncommit f5aa16541e Add folder hierarchy collapsing. 16 years ago
thomascube 2e3ce3e765 Add rcube name prefixes + codestyle 16 years ago
thomascube 8c72e33d37 Show appropriate error message if config files are missing 17 years ago
thomascube c719f3c1e0 Store compose parameters in session and redirect to a unique URL 17 years ago
thomascube 6ea6c9b96e Simplify step inclusion in controller (index.php) 17 years ago
thomascube 83a7636872 More code cleanup 17 years ago
svncommit 5e0045b128 Add option to log successful logins. 17 years ago
alecpl a6f90e1b2b -fixed disclaimer 17 years ago
thomascube 1854c4525b More code cleanup + oop-ization 17 years ago
alecpl bbf15d8115 - fixed task setting on login 17 years ago
thomascube 197601ef5f Next step: introduce the application class 'rcmail' and get rid of some global vars 17 years ago
thomascube 47124c2279 Changed codebase to PHP5 with autoloader + added some new classes from the devel-vnext branch 17 years ago
alecpl 6d2714b3b3 #1484972: optimization: mark as read in one action with preview, deleted redundant quota reads 17 years ago
alecpl eaa39477bd #1483863: empty trash and expunge inbox on logout 17 years ago
thomascube 967b342039 Disable installer by default; add config option to enable it again 17 years ago
till d7a2878d09 * committed patch from #1484231 17 years ago
till 03fcc16896 * fixing warning reported in #1484851 17 years ago
thomascube 0714b7e09d Add config parameter to disable the installer warning 17 years ago
thomascube 330127a612 Disable PHP notices + check for installer script on login page 17 years ago
till 23b8701079 * changed version ;) 17 years ago
till 8d3e2a54ba * reverting patch from #1484236 17 years ago
svncommit 4315b0086b added ability to insert attached images in HTML editor 17 years ago
thomascube fba1f5ab81 New class rcube_user + send message disposition notification 17 years ago
thomascube fc67251839 Show appropriate warning on connection error 17 years ago
thomascube b9183e5fd4 Use common function to mark the user session as not logged in 17 years ago
till 234c0d0ab0 * changed sessid to roundcube_sessid (#1484475) 17 years ago
till 969cefa581 # fixed: #1484517 17 years ago
thomascube 88f66ec89c Fix bugs introduced with latest changes 18 years ago
thomascube 719a257f0c Some bugfixes, security issues + minor improvements 18 years ago
thomascube 6d969b4d90 Documentation, code style and cleanup 18 years ago
svncommit 8094288d23 fixed html2text in editor 18 years ago
svncommit 570f0bb4a6 fixed HTML->Plain conversion 18 years ago
thomascube 8d07583f39 Use HTTP-POST requests for actions that change application state 18 years ago
thomascube 6ae6e41fb3 Updated description files and version info 18 years ago
thomascube f1154163b0 Merged branch devel-addressbook from r443 back to trunk 18 years ago
thomascube f15c26869c Don't allow empty user names but empty passwords 18 years ago