ec045b0a24
Revert r4609 and use stateless request tokens; no need to save them in session and thus no keep-alive necessary; fixes #1487829
14 years ago
32b11d325e
Keep session alive while showing login page (request token is stored in session data)
14 years ago
4cfe66f42f
- small code cleanup
14 years ago
c294eaa3f2
- Performance improvement: Remove redundant DELETE query (for old session deletion) on login
14 years ago
de62f02eed
Also check referer on logout action
14 years ago
a77cf2292b
Add optional referer check to prevent CSRF in GET requests
14 years ago
784a425e07
protect login form submission from CSRF using a request token
14 years ago
cf2da2f9aa
Improve session validity check with changing auth cookies; reduce writes to DB; better phpdoc
14 years ago
32234d71d3
Better fix for login redirect, don't force mail task
14 years ago
68d2d54100
- Move action files map from index.php to steps' func.inc files
14 years ago
88007cf060
Fix login redirect issues ( #1487686 )
14 years ago
f5e7b35307
Bumbed version; Roundcube development is not Switzerland only
14 years ago
c3be8ed64c
Make sure an existing session is killed/replaced when submitting login form
14 years ago
af3c045ecf
- New Folder Manager UI
...
- Fix invalid Request when creating a folder (#1487443 )
- Add folder size and quota indicator in folder manager (#1485780 )
- Add possibility to move a subfolder into root folder (#1486791 )
14 years ago
5f560ee7a0
- Plugin API: Add 'pass' argument in 'authenticate' hook ( #1487134 )
14 years ago
6d99f99576
- Handle situation when $IMAP object isn't initialized on log in
14 years ago
8fcc3e1ad6
- Improved IMAP errors handling
14 years ago
249db18585
- Fix "Server Error! (Not Found)" when using utils/save-pref action ( #1487023 )
14 years ago
e019f2d0f2
- s/RoundCube/Roundcube/
14 years ago
614c642a4b
- Fix list_cols is not updated after column dragging ( #1486999 )
...
- Improved save-pref action and moved to separate file in utils task directory
- Improved http_post/http_request to support first argument in form 'task/action'
14 years ago
4859fedb92
Fix unit tests + update version
14 years ago
b25dfd0913
- removed PHP closing tag
15 years ago
05a631a43c
Allow plugins to register their own tasks
15 years ago
3544558f2d
- Add HTTP_X_REAL_IP and HTTP_X_FORWARDED_FOR to successful logins log ( #1486441 )
15 years ago
aa12df20e4
Add server-side plugin hooks to address group functions + better action names
15 years ago
c0297f4172
Asynchronously expand contact groups + skip count queries in autocompletion mode + check for the existance of contactgroups table
15 years ago
3baa72a62f
Implement group renaming/deleting + use more consistent names for commands and actions ( #1486587 )
15 years ago
a61bbb24aa
Added basic contact groups feature
15 years ago
f52c936f4d
Merged devel-threads branch (r3066:3364) back into trunk
15 years ago
929a508d80
- Improve performance by avoiding unnecessary updates to the session table ( #1486325 )
15 years ago
64608bf2ef
- Password: Make passwords encoding consistent with core, add 'password_charset' global option ( #1486473 )
15 years ago
7481dd903e
- don't set task for login_after hook
15 years ago
48bc52e835
- Fix imap_init hook broken in r3258 ( #1486493 )
15 years ago
9b94eb6415
- Fix setting task name according to auth state. So, any action before user
...
is authenticated is assigned to 'login' task instead of 'mail'. Now binding
plugins to 'login' task is possible and realy usefull. It's also possible
to bind to all tasks excluding 'login'.
15 years ago
10eedbe75a
- add file/line definitions to raise_error() calls
15 years ago
76c94b6ba8
- Fix 'force_https' to specified port when URL contains a port number ( #1486411 )
15 years ago
5818e44345
- Fix $_SERVER['HTTPS'] check for SSL forcing on IIS ( #1486243 ) + fix port check
15 years ago
f5d61d845f
Revert r3038 and allow to specify the port as value of force_https
15 years ago
b5713396f1
- fix last commit
15 years ago
ccc80d1ca8
- Fix login page loading into an iframe when session expires ( #1485952 )
15 years ago
65c0a0e591
- Option 'force_https' replaced by 'force_https' plugin
...
- added option 'force_https_port' in 'force_https' plugin (#1486091 )
15 years ago
161c28dffc
- Fix wrong headers for IE on servers without $_SERVER['HTTPS'] ( #1485926 )
...
- Force IE style headers for attachments in non-HTTPS session, 'use_https' option (#1485655 )
15 years ago
7ef47e59a9
Add some arguments to the logout_after hook
15 years ago
d002607852
Implemented logout_after plugin hook
15 years ago
0ddf59aeb4
Fix spell check ( #1486036 )
15 years ago
4463648451
Allow a plugin to disable the cookie check
15 years ago
826ceecab8
Don't check request token on login
16 years ago
564a2ba793
- Help plugin
...
- support 'dummy' task (for plugins)
16 years ago
5499336fef
Use global request tokens and automatically protect all POST requests
16 years ago
e48a10a0d7
Add option to enforce https connections
16 years ago
thomascube