Commit Graph

66 Commits (f0fa9324d83ea1bd57f0b702e3b419f7194169cb)

Author SHA1 Message Date
Thomas Bruederli 4a408843b0 Protect download urls against CSRF using unique request tokens (#1490642)
Send X-Frame-Options headers with every HTTP response
9 years ago
Aleksander Machniak 10e5192a2b Fix path traversal vulnerability in setting a skin (#1490620) 9 years ago
dsoares 234fd19505 Replace deprecated call to Q within array_map() 9 years ago
Aleksander Machniak 93e64008a6 Small code improvements 9 years ago
Aleksander Machniak 252cc4c4ac Password: Allow temporarily disabling the plugin functionality with a notice 9 years ago
Aleksander Machniak a958748947 CS fixes 10 years ago
Thomas Bruederli 0bd99db08d Localize common error messages; improve explanation for CSRF check failures 10 years ago
Aleksander Machniak 681ba6fc3c Improve system security by using optional special URL with security token
Allows to define separate server/path for image/js/css files
Fix bugs where CSRF attacks were still possible on some requests
10 years ago
Thomas Bruederli 8d526c4938 Fix skin path handling in plugin context (#1488967):
The plugin skin directories are removed again from the search path after parsing of a plugin template has finished.
10 years ago
Aleksander Machniak 1ffab0ad4a Fix possible issues in skin/skin_path config handling (#1490125) 10 years ago
Thomas Bruederli 8ef203827f Make noshow attribute for roundcube:label tags actually work as supposed 10 years ago
Aleksander Machniak d01f9fc7f5 Add option (disabled_actions) to disable UI elements/actions (#1489638) 10 years ago
Aleksander Machniak ef51ae6d19 Reset also page header/footer on "dummy frames" - to prevent js error e.g. if some script depends on jQuery 11 years ago
Aleksander Machniak 19138ef7a9 Make sure set_env and add_label commands are always sent first - other commands might depend on them.
Fixes loading message in managesieve filters frame.
11 years ago
Thomas Bruederli 99cdca46b7 Merge branch 'dev-accessibility'
Conflicts:
	program/include/rcmail_output_html.php
	program/js/app.js
	program/js/treelist.js
	program/lib/Roundcube/html.php
	skins/larry/styles.css
	skins/larry/templates/compose.html
11 years ago
Thomas Bruederli d58c39126f Some more improvemements on content structure, text representation and keyboard navigation within the mail view 11 years ago
Thomas Bruederli 22a2c5e0ee Localize title and summary attributes; make message count display box a live area 11 years ago
Aleksander Machniak 2441264d00 Improved folders sorting by name - use Intl.Collator if supported 11 years ago
Aleksander Machniak ffc74814c1 Optimize "empty" framed pages size (#1489792) 11 years ago
Aleksander Machniak 8f57ce136b Code improvements 11 years ago
Aleksander Machniak 7079110c61 Allow data-* attributes (#1489860) 11 years ago
Thomas Bruederli ea0866a1ad Improve keyboard navigation on compose screen: define tabindex groups + enable keyboard controls of contacts list widget 11 years ago
Thomas Bruederli 184ed2efe2 Declare content language for proper text-to-speech support 11 years ago
Thomas Bruederli b0ce5c62af Make skin meta/hierarchy information accessible for plugins (#1488831) 11 years ago
Thomas Bruederli e8bcf08c72 1. Prepare core and Larry skin for improved accessibility
2. Implement full keyboard navigation in main mail view
11 years ago
Thomas Bruederli b34d679075 Specify licenses in all javascript files and blocks to please LibreJS 11 years ago
Aleksander Machniak 5be6dcf0e2 Remove useless debug_level=8 and javascripts's rcube_console 11 years ago
Aleksander Machniak 904fec7505 Add id for login submit button (#1489676) - make it skin independent 11 years ago
Aleksander Machniak 5e8da2b5c9 Added toolbar button to move message in message view 11 years ago
Thomas Bruederli 9ba4967a73 Create class documentation with latest phpdoc utility 11 years ago
Aleksander Machniak 0301d9347f CS fixes 11 years ago
Aleksander Machniak c562a31681 Improved minified files handling, added css minification (#1486988) 11 years ago
Aleksander Machniak 538e64c572 Fix Closure-compiler warnings, small code improvements 11 years ago
Thomas Bruederli e46d060a4a Fix errors in error page :-) 11 years ago
Thomas Bruederli 59cdb433a6 Avoid duplicate elements with the same id in HTML. Fixes broken icons in classic skin. 11 years ago
Thomas Bruederli 98b7b548a2 Merge branch 'dev-canned-responses'
Conflicts (resolved):
	skins/classic/includes/settingstabs.html
	skins/larry/includes/settingstabs.html
11 years ago
Aleksander Machniak e2f90dbd4e Do not add css files to the page when body is empty, e.g. upload iframes 11 years ago
Thomas Bruederli c49c35ca0f Generate settings tabs with a template object 'settingstabs' and let plugins register themselves there using the 'settings_actions' hook 11 years ago
Thomas Bruederli 0933d66b59 Keep current selection on IE browsers by adding unselectable=on to link elements 11 years ago
PhilW fb4474aca9 only call config->get() once 11 years ago
PhilW d81d69377a use template file name rather than special attribute 11 years ago
PhilW a77504aeac allow different logos for different functions (eg. normal and print) 11 years ago
Dennis1993 8df6bb9b1f Update rcmail_output_html.php
added required Attribute to Login fields
11 years ago
Thomas Bruederli deb2b8d080 Allow to load config files for different environments (#1487311); keep (non-default) filename in URLs throughout the webmail app 11 years ago
Aleksander Machniak b7addfc77c Use absolute paths in is_dir() checks to prevent open_basedir related warnings 12 years ago
Aleksander Machniak 39b905b7a8 Canonize boolean ini_get() results (#1489189) 12 years ago
Aleksander Machniak 76f4f7970d Fix resolving /this/ in file_callback() 12 years ago
Aleksander Machniak 3863a9d2c5 Added user preference to open all popups as standard windows 12 years ago
Aleksander Machniak f790b44335 Small code improvements 12 years ago
Andy Wermke 58e3a504b9 Removed parse_expression() & added error logging to eval_expression(). 12 years ago