Commit Graph

812 Commits (ef721fc430fbb19da13060105577bf7605606b81)

Author SHA1 Message Date
Felix Eckhofer ef721fc430 Add config variable 'proxy_whitelist'
HTTP headers X_FORWARDED_* and X_REAL_IP are only evaluated when
received from an IP listed in proxy_whitelist. Furthermore, only the
last non-trusted IP from X-Forwarded-For is used in place of the real
ip.

Without this, an attacker can easily spoof the headers and control the
result of the ip or ssl check.

This fixes several problems with [3a4c9f42], [4d480b36] and [a520f331] as
mentioned in #1489729.
11 years ago
Aleksander Machniak bee1e18966 Skip IMAP SORT request if folder is empty 11 years ago
Aleksander Machniak 8cc567c004 Drop support for PHP < 5.3.7 11 years ago
Aleksander Machniak 65f59fa3c6 Bump version number to 1.1-git 11 years ago
Thomas Bruederli 3980579602 Avoid useless connection attempts if host is empty 11 years ago
Thomas Bruederli 143ceff0d8 Implement ArrayAccess interface for conveniently accessing rcube_result_set as array 11 years ago
Thomas Bruederli 532c10669b Support structured data for autocompletion results; map 'type' attribute to CSS class for autocomplete list items 11 years ago
Aleksander Machniak 32c612c112 Fix some PDO::MYSQL_* constants (wrongly described in PHP manual before 5.3.21) 11 years ago
Aleksander Machniak 2b8f033bcb Improvement in handling invalid email address strings 11 years ago
Thomas Bruederli 128fd9861a Declare LOGIN commands to be anonymized in debug logging 11 years ago
Aleksander Machniak 5e8da2b5c9 Added toolbar button to move message in message view 11 years ago
Aleksander Machniak 03de1329ef Fix invalid X-Draft-Info on forwarded message draft (#1489587) 11 years ago
Thomas Bruederli ce20194266 Add setter for user object to rcube class; we already have getters for various user properties there 11 years ago
Aleksander Machniak 517c9f9a8d Fix directories check in Installer on Windows (#1489576)
Added rcube_utils::is_absolute_path() method
11 years ago
Thomas Bruederli eecd9ce0f9 Fix infinite loop when converting invalid html to plaintext (#1489566) 11 years ago
Thomas Bruederli 774deaded1 Don't EVER log passwords 11 years ago
Aleksander Machniak 03f1691d47 Fixed Opera > 15 detection (#1489562) 11 years ago
Aleksander Machniak 3b1d410b4e Fix confusing intersect/filter methods naming/behaviour.
Removed rcube_result_index::intersect() method.
Changed rcube_result_index::filter() to filter in the same way as
rcube_result_thread::filter(), which means it actually does array_intersect().
Added tests scripts for rcube_result_index class.
11 years ago
Aleksander Machniak 5140c31064 Remove quotes around addressee name in case they are encoded.
Some clients encode quotes with name using base64/quoted-printable
encoding. Quotes were removed only for unencoded strings. Now also
encoded names are handled this way.
So, recipient/sender strings are displayed without quotes around
and e.g. saving to addressbook does not save these redundant quotes.
11 years ago
Aleksander Machniak c0dda0556c Allow single quote in style attribute values.
E.g. "font-family: 'Tahoma'" should not be removed.
11 years ago
Aleksander Machniak 357f9c831a Support SMTP socket context options via new config option 'smtp_conn_options' 11 years ago
Thomas Bruederli 5740b10bf8 Merge branch 'master' of github.com:roundcube/roundcubemail 11 years ago
Aleksander Machniak 531c4d896c Merge branch 'master' of github.com:roundcube/roundcubemail 11 years ago
Aleksander Machniak d924ebebf7 Fix compatibility with PHP 5.2 in html.php file (#1489514) 11 years ago
Thomas Bruederli 3786a48aeb * New option that write logs to per-user directories. (Debug) logs will only be written if a directory for the current user exists.
* The 'write_log' plugin hook now also supports the return property 'dir' to let plugins specify the log directory.
11 years ago
Aleksander Machniak 1fd6c43e19 Improve parse_thread so it uses much less recursive calls 11 years ago
Thomas Bruederli c5f6352710 Don't log error if no plugin config is found in global directories 11 years ago
Thomas Bruederli 8fc49e51a4 Use the right base_dn for listing records of the selected group 11 years ago
Thomas Bruederli aa581c2912 Fall back to load plugin config from global config directories only if no local config file exists 11 years ago
Takika d073a66db3 Load plugin config file from any configured path
Try to load plugin_name.inc.php config file from any pre-configured config path (rcube_config::path array) so webmail admins can move plugin configurations out of www root.
11 years ago
Thomas Bruederli e59471fcb9 Make sure prefs always is a valid array (otherwise causes fatal errors if language if not set) 11 years ago
Aleksander Machniak 4957530dec Fix an obvious mistake in search_once() casing wrong result when called
with empty 2nd argument (which also is not what should happen, should we return error?)
11 years ago
Aleksander Machniak 7a3c0c96c4 Use '0' instead of 0, to fix possible issue. 11 years ago
Aleksander Machniak 172302e2cf Small perf. improvement 11 years ago
Aleksander Machniak 0301d9347f CS fixes 11 years ago
Aleksander Machniak c7250749ab Fix issue where deprecated syntax for HTML lists was not handled properly (#1488768) 11 years ago
Aleksander Machniak 3e98f8be71 Add some code for S/MIME signatures verification, update Crypt_GPG package 11 years ago
Aleksander Machniak ac0fc383fd Fix so message flags modified by another client are applied on the list on refresh (#1485186) 11 years ago
Aleksander Machniak 6b2b2eca5f Remove deprecated functions (these listed in bc.php file) usage 11 years ago
Aleksander Machniak 54029ea959 Fix broken text/* attachments when forwarding/editing a message (#1489426) 11 years ago
Aleksander Machniak f6d23a8dce Fix PHP warning when 1st argument of parse_host() is not a string (#1489486) 11 years ago
Aleksander Machniak a520f331c1 Fix handling of X-Forwarded-For header with multiple addresses (#1489481) 11 years ago
Aleksander Machniak d19c0f9f30 In normalize_string() replace 4-byte unicode characters with '?' character.
These are not supported in default utf-8 charset on mysql,
the chance we'd need them in searching is very low.
11 years ago
Aleksander Machniak 029f7a157d Clarify update() result description, return boolean when ID didn't change 11 years ago
Aleksander Machniak 18b40c1a32 Fix issue where groups were not deleted when "Replace entire addressbook" option on contacts import was used (#1489420) 11 years ago
Aleksander Machniak 38bf401cf8 Fix performance of listing writeable folders (#1489451) 11 years ago
Thomas Bruederli ce6050cbbb Display version from composer.json even if not intstalled 11 years ago
Aleksander Machniak 5f31429de5 Fix preparation of message object before saving into the cache.
The bug cased e.g. displaying HTML content as plain text for messages
with Content-Type: text/html.
11 years ago
Aleksander Machniak 38f1f56920 Exec config_get hook also in rcube_config::all() (#1485981) 11 years ago
Aleksander Machniak ffec857b69 Fix handling of invalid closing tags in HTML messages (#1489446) 11 years ago