Commit Graph

1204 Commits (fa34e5ebcd1ca116a91204e6d4c74a9f29ea79fc)

Author SHA1 Message Date
Aleksander Machniak 186f21c4c1 Avoid Referer leaking by using Referrer-Policy:same-origin header (#6385)
Added 'common_headers' hook
6 years ago
Aleksander Machniak c8d133a6a0 Merge branch 'master' into dev/elastic 6 years ago
Aleksander Machniak b126941846 Fix session issue on long running requests (#6470) 6 years ago
Stefanos Petrakis 8ab1e4fbc3 Fix multiple VCard field search (#6466) 6 years ago
Aleksander Machniak 0a0ac045fe Fix bug where valid content between HTML comments could have been skipped in some cases (#6464) 6 years ago
Aleksander Machniak 255638cc44 Update changelog, require Net_SMTP 1.8.1 for GSSAPI support 6 years ago
urusha 75f37f8b0f SMTP GSSAPI support (#6417)
* krb_authentication support for smtp_connect
* smtp GSSAPI support
6 years ago
Aleksander Machniak 2dcf50019c Merge branch 'master' into dev/elastic 6 years ago
Aleksander Machniak e38b477b99 Fix including plugin scripts (regression) 6 years ago
Aleksander Machniak 2c12274d38 Fix style/navigation on error page depending on authentication state (#6362) 6 years ago
Aleksander Machniak 4310046993 Remove redundant trim() 6 years ago
Aleksander Machniak c28242f63c Log errors caused by low pcre.backtrack_limit when sending a mail message (#6433) 6 years ago
Aleksander Machniak 03fef0d6ca New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419) 6 years ago
Aleksander Machniak 796e5a17e6 Removed referer_check option (#6440) 6 years ago
Aleksander Machniak eaa81a5b61 Fix so invalid smtp_helo_host is never used, fallback to localhost (#6408) 6 years ago
Allan Klaus 6a49ba5aa2 Added exec_hook to send error to an external error tracking tool (#6198) 6 years ago
Aleksander Machniak 5cdb54221f Fix listing the same attachment multiple times on forwarded messages 6 years ago
Aleksander Machniak 24e3977d74 Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398) 6 years ago
Aleksander Machniak 19332495b0 Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383) 6 years ago
Aleksander Machniak 988ed7e565 Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374) 6 years ago
Aleksander Machniak 4f2b795cd2 Fix doc for 3rd argument of rcube::deliver_message() (#6353) 6 years ago
Aleksander Machniak cba1605949 Add http_only argument to rcube_utils::setcookie() 6 years ago
Aleksander Machniak 086e781b8f Fix bug where some HTML comments could have been malformed by HTML parser (#6333) 6 years ago
Aleksander Machniak fd7d7faabd Improve checking folder delete rights according to RFC 4314 7 years ago
Aleksander Machniak 58e514970e Add option to hide folders in share/other-user namespace or outside of the personal namespace root (#5073) 7 years ago
Aleksander Machniak 5e3868eb10 Fix so attachment without Content-ID is not an inline attachment (#5905) 7 years ago
Aleksander Machniak e9d38e847c Re-add setting error_log=syslog when log_driver=syslog 7 years ago
Aleksander Machniak 3d0b2cd3ce Pass PEAR errors to rcube::raise_error(), small CS improvements 7 years ago
Aleksander Machniak 12b1b54792 Fix bug where after "mark all folders as read" action message counters were not reset (#6307)
also fixed one PHP 7.2 warning
7 years ago
Aleksander Machniak 6691756ea1 Fix bug where unicode contact names could have been broken/emptied or caused DB errors (#6299) 7 years ago
Aleksander Machniak 30ab2eec5f Remove function_exists() checks for mbstring functions 7 years ago
Aleksander Machniak 4b97f40af9 Get rid of debug_level (#6298) 7 years ago
Aleksander Machniak 71eec07d25 Fix regression where some non-inline attachments could be not listed (#6291) 7 years ago
Aleksander Machniak 430c000e32 Support skin localization (#5853) 7 years ago
Aleksander Machniak 1247a8dd7d Fix bug where some forbidden characters on Cyrus-IMAP were not prevented from use in folder names 7 years ago
Aleksander Machniak 0716d499bc Fix bug where some escape sequences in html styles could bypass security checks 7 years ago
Edgaras L c236c22c41 Parse all quotas from GETQUOTAROOT (#6280) 7 years ago
Aleksander Machniak c0b9025215 Remove sample PHP configuration from .htaccess and .user.ini files (#5850)
Moved to https://github.com/roundcube/roundcubemail/wiki/Installation#php-configuration
7 years ago
Aleksander Machniak 63d3ad11fb Use Masterminds/HTML5 parser for HTML5 support (#5761) 7 years ago
Aleksander Machniak e79838aaac Enigma: Disable autofill for new keypair password 7 years ago
Aleksander Machniak dd3ea4ed2b Fix extracting codepage 7 years ago
Aleksander Machniak 8a6a9e86ae Fix handling of forwarded messages inside of a TNEF message (#5632) 7 years ago
Aleksander Machniak a889f55c31 Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244) 7 years ago
Aleksander Machniak b2bebe531a Fix bug where usernames without domain part could be malformed or converted to lower-case on logon (#6224) 7 years ago
Aleksander Machniak 8df6d7c3e4 Fix regression in compressMessageSet() (#6235) 7 years ago
Aleksander Machniak 8b0540d402 Fix possible IMAP command injection and type juggling vulnerabilities (#6229) 7 years ago
Aleksander Machniak df3878501c Fix PHP 7.2: count(): Parameter must be an array in enchant-based spellchecker (#6234) 7 years ago
Aleksander Machniak 73ea8f94d0 Use htmlspecialchars() with charset argument, simplify some code 7 years ago
Aleksander Machniak f36e23b778 Fix parsing date strings (e.g. from a Date: mail header) with comments (#6216) 7 years ago
Aleksander Machniak 2196f50437 Support redis_debug in the redis session driver 7 years ago
Aleksander Machniak 0f3ad342f7 Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() (#6212) 7 years ago
Aleksander Machniak a451ad6599 Fix handling encoding of HTML tags in "inline" JSON output (#6207) 7 years ago
Aleksander Machniak 981cd8726d Remove holes in cache index keys - makes the serialized representation shorter 7 years ago
Aleksander Machniak 1058924e21 Move some framework classes to sub-directories 7 years ago
Aleksander Machniak d07b032bcd Refactor cache code with separate engine-specific classes 7 years ago
Aleksander Machniak fa06d37901 Merge branch 'feature/add_redis_as_cache' of https://github.com/ledgr/roundcubemail into ledgr-feature/add_redis_as_cache 7 years ago
Aleksander Machniak 6bfebc5e32 Add sanity check when auto-unsubscribing non-existing folders 7 years ago
Aleksander Machniak 1556eb01c7 Use JSON_UNESCAPED_UNICODE only on PHP >= 7.1.0 (#6187) 7 years ago
laodc 672e57ea48 Patched bug where rcube_db::quote() was causing an infinite connection loop. (#6175)
As rcube_db::quote() checks to see if the connection is up before quoting, this would cause the class to try connect again, as rcube_db::$dbh was not being set until AFTER conn_configure was completed, causing a loop.

So updated rcube_db::$dbh in the rcube::conn_create() function instead allowing access to the new object straight away.

It's needed for edeb5d7.
7 years ago
Aleksander Machniak a1be62b19d Remove redundant trim() 7 years ago
Aleksander Machniak 9d2b303b51 Fix bug in remote content blocking on HTML image and style tags (#6178) 7 years ago
Aleksander Machniak b46cd5de1d Fix PHP Warning: exif_read_data(...): Illegal IFD size (#6169) 7 years ago
Edgaras Lukoševičius e371469664 Add Redis as cache backend 7 years ago
laodc edeb5d7ab4 Add support for PostgreSQL schemas in DSN (#6150)
If schema is set in the dsn, set search_path to the schema value.

Example:

$config['db_dsnw'] = 'pgsql://user:pass@localhost/dbname?schema=exampleschema';
7 years ago
Aleksander Machniak 4793ec753a Remove double-quotes in filename* parameter of the Content-Disposition of downloads (#5857) 7 years ago
Aleksander Machniak 55e99398e1 Fix possible information leak - add more strict sql error check on user creation (#6125) 7 years ago
Aleksander Machniak ce338164e3 Fix bug where contacts search could skip some records (#6130) 7 years ago
Richard Hillmann 59bbf6c081 Fix preg_match in guess_type function (#6123) 7 years ago
Aleksander Machniak b172fb505c Improve trusted_host_patterns code 7 years ago
Aleksander Machniak 4a5ca74724 Merge branch 'trusted-host-patterns' of https://github.com/dsoares/roundcubemail into dsoares-trusted-host-patterns 7 years ago
Daniel Kesselberg a8d5547163 Update idn convertion methods (#6115)
* Add more test cases
* Update phpdoc
7 years ago
Aleksander Machniak 63a7d2313f Improve SMTPUTF8 support and fix relaxed email validation issues 7 years ago
Aleksander Machniak 5665344673 Merge branch 'smtputf8' of https://github.com/jprjr/roundcubemail into jprjr-smtputf8 7 years ago
Aleksander Machniak a2875cdda9 - Fix searching contacts by address in LDAP source (#6084) 7 years ago
Aleksander Machniak c0959bd619 Sanity checks for header data length in FETCH (#6087)
Where we know what expected data length is we truncate the input.
7 years ago
Aleksander Machniak 3cdc8af297 Fix possible performance issue when parsing malformed and long Date header (#6087) 7 years ago
johndoh 05d1b1947e Check for minified CSS files (#6089) 7 years ago
Aleksander Machniak 3488531b26 Fix PHP Warning: Use of undefined constant INTL_IDNA_VARIANT_UTS46 on servers without php-intl extension 7 years ago
Georgeto 161038ee87 Support additional connect parameters in PostgreSQL database wrapper (#6071)
Most notably this change enables you to specify whether or with what
priority a secure SSL TCP/IP connection will be negotiated with the
database server.
7 years ago
Aleksander Machniak 61a6666eee Small CS fixes 7 years ago
Aleksander Machniak ca39a4e093 Fix PHP warning "idn_to_utf8(): INTL_IDNA_VARIANT_2003 is deprecated" with PHP 7.2 (#6075) 7 years ago
Aleksander Machniak 36638ec0c2 Fix untagged COPYUID responses handling - again (#5982) 7 years ago
Aleksander Machniak 9ce8948294 Get rid of the 2nd argument of include_stylesheet()
.. make the optional behavior default now.
7 years ago
Aleksander Machniak 1cf72fa2b6 Allow plugins to include Less files (#6051) 7 years ago
Aleksander Machniak c6b2d8bead Merge branch 'dev-elastic' 7 years ago
Aleksander Machniak 4cb7713520 Fix checking table columns when there's more schemas/databases in postgres/mysql (#6047) 7 years ago
Aleksander Machniak a6c37b7735 Fix broken long filenames when using imap4d server - workaround server bug (#6048) 7 years ago
Aleksander Machniak eed4be3ba6 Display value of the SMTP message size limit in the error message (#6032) 7 years ago
Aleksander Machniak 4dc1f3b757 Use configured log_file_ext also for errors thrown by PHP (#6035) 7 years ago
Aleksander Machniak 910c735b87 Merge branch 'master' into dev-elastic 7 years ago
Aleksander Machniak a0374f3c45 Fix mangled non-ASCII characters in links in HTML messages (#6028) 7 years ago
Aleksander Machniak 23af0b7f36 Merge branch 'master' into dev-elastic 7 years ago
dsoares 5282cbaff9 Check against trusted_host_patterns in rcube_utils::parse_host() 7 years ago
Aleksander Machniak 0f4f85e097 Skip redundant INSERT query on successful logon when using PHP7
Since PHP 7.0 session_regenerate_id() will cause the old session data update.
This is redundant INSERT query and also produces a record for the session
we don't need anymore.
7 years ago
Aleksander Machniak ef0982f1b8 Merge branch 'master' into dev-elastic 7 years ago
dsoares 50a9c8f777 Add option trusted_host_patterns 7 years ago
JohnDoh 515d496808 Replace display_version with display_product_info (#5904) 7 years ago
Aleksander Machniak e21ab984bc Skip <span> wrappers in html_table that is a <ul> list 7 years ago
Aleksander Machniak d815525c6a Merge branch 'master' into dev-elastic 7 years ago
Brendan Braybrook 4574870adc fix: unknown content-disposition type should be treated as attachment (#6002) 7 years ago
Aleksander Machniak 5e08a6ac59 Handle remote stylesheets the same as remote images, ask the user to allow them (#5994)
Fixes the issue where remote stylesheet could have been blocked
if the message contained no remote images and user have no way to
allow that content.
7 years ago
Aleksander Machniak 3196d656db Fix css conflicts in user interface and e-mail content (#5891)
... by adding prefix to element/class identifiers
Also cleaned up some code and removed global variable use.
7 years ago
Aleksander Machniak 403d8453c8 Fix issue caused by non-default session.cookie_lifetime setting (#5961) 7 years ago
Aleksander Machniak f8fc01b800 Fix so untagged COPYUID responses are also supported according to RFC6851 (#5982) 7 years ago
Aleksander Machniak 5d3add78aa Add Message-ID to the sendmail log (#5871) 7 years ago
Aleksander Machniak 117c150b2f Fix bug where mail search could return empty result on servers without SORT capability (#5973) 7 years ago
Aleksander Machniak 3c1b78af48 Merge branch 'master' into dev-elastic 7 years ago
Aleksander Machniak 4223bed7e8 Add html_button class 7 years ago
Aleksander Machniak 5d16751ed8 Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 7 years ago
Thomas Bruederli 3723f3f178 Fix rcube_utils::random_bytes() to not throw exception for length=0 7 years ago
Lukas Erlacher 130f0cde3e Add host to IMAP login error
This simplifies debugging authentication failures in multi-host setups.
7 years ago
Aleksander Machniak 72fe97ddfc Fix bug where HTML messages could have been rendered empty on some systems (#5957)
Consistently use $nodeName instead of $tagName property.
7 years ago
Aleksander Machniak ee6b5e9e58 Fix PHP 7.2 error: count(): Parameter must be an array or an object that implements Countable 7 years ago
Aleksander Machniak fa3eb6813f Ignore rewind() warnings (#5950) 7 years ago
Aleksander Machniak 3a77c906a1 Merge branch 'master' into dev-elastic 7 years ago
Aleksander Machniak 7fc626d527 Changed defaults for smtp_user (%u), smtp_pass (%p) and smtp_port (587) 7 years ago
Aleksander Machniak cdcbad1879 Handle inline images also inside multipart/mixed messages (#5905) 7 years ago
Aleksander Machniak 2d608a799c Fix decoding message/rtf822 part body/size
When e.g. an encrypted message has one of it's sub-parts a part that is message/rfc822
part we need it's body and size, because it will be listed on the attachments list
and also can be downloaded.
7 years ago
Aleksander Machniak 1235dcf321 Encode JSON with JSON_UNESCAPED_SLASHES and JSON_UNESCAPED_UNICODE options 7 years ago
Thomas Bruederli 919338d4ba Escape textarea contents in Washtml 7 years ago
Aleksander Machniak 1c24c69a3b Fix path for css file existence check in include_stylesheet() 7 years ago
Aleksander Machniak 4a71847c98 Fix bug where last character of a filename extracted from TNEF could be truncated (#5799) 7 years ago
Aleksander Machniak 69f50b122d Add a way to include plugin stylesheets optionally only if the file exists 7 years ago
Aleksander Machniak fc1a0a1f65 Fix bug where messages count was not updated after delete when imap_cache is set (#5872) 7 years ago
Aleksander Machniak 76adb49454 Support for IMAP folders that cannot contain both folders and messages (#5057) 7 years ago
Aleksander Machniak b97e3b5cd7 Don't ignore (global) userlogins/sendmail logs in per_user_logging mode 7 years ago
Aleksander Machniak e04f72d018 Fix PHP 7.2 warnings on count() use (#5845) 7 years ago
Aleksander Machniak 97bf251dc6 Don't use create_function() deprecated in PHP 7.2 7 years ago
Aleksander Machniak 86a4d78369 Merge branch 'dev-elastic' 7 years ago
Aleksander Machniak 05ea5a5548 Add ignore_errors option to rcube_db, so error logging can be disabled temporarily
Use ignore_errors to make sure the DDL upgrade errors are printed only once.
7 years ago
Aleksander Machniak 9d63b80873 Fix bug where errors were not printed when using bin/update.sh (#5834)
Don't pass errors to rcmail_install::raise_error() in CLI mode.
7 years ago
Aleksander Machniak a8278d61cf Update changelog, CS fixes 7 years ago
Aleksander Machniak 8b7c7dd5a9 Merge branch 'issue-logfilename' of https://github.com/remicollet/roundcubemail into remicollet-issue-logfilename 7 years ago
Aleksander Machniak 21e7d873ce Fix so links over images are not removed in plain text signatures converted from HTML (#4473) 7 years ago
Aleksander Machniak 6a83c3cc18 Fix fatal error when using DMY- or MDY-based date format in PostgreSQL (#5808) 7 years ago
Aleksander Machniak 1fcf7bfab3 Fix bug where HTML messages with @media styles could moddify style of page body (#5811) 7 years ago
Aleksander Machniak f0431c7475 Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length (#5788) 7 years ago
Aleksander Machniak 0bef84c410 Fix decoding non-ascii attachment names from TNEF attachments (#5646, #5799) 7 years ago
Remi Collet 6ca4eab399 add 'log_file_ext' configuration option 7 years ago
Aleksander Machniak bcc6405552 Fix various issues when downloading files with names containing non-ascii chars, use RFC 2231 (#5772) 7 years ago
Thomas Bruederli 3bc8a30314 Translate old 'preview_pane' setting into new 'layout' property 8 years ago
Aleksander Machniak 27a621818d Make sure rcube_utils::resolve_url() does not add port 80 to the url
...which might have happened with reverse proxies
8 years ago
Aleksander Machniak 7c001260fa Simplified code to parse METADATA responses 8 years ago
Aleksander Machniak 76170baac0 Fix bug where it wasn't possible to set timezone to auto-detected value (#5782) 8 years ago
Aleksander Machniak 6ad4ebe431 Fix SQL syntax error on MariaDB 10.2 (#5774) 8 years ago
Aleksander Machniak bb67757b5c Removed global $CONFIG variable 8 years ago
Aleksander Machniak 9a63e40faf Accept an array as $input argument of decode_address_list()
... to support a common case and to prevent from PHP warnings.
8 years ago
Aleksander Machniak 336a0cd87b strncasecmp() -> strcasecmp() 8 years ago
Aleksander Machniak f7809af6e4 Support AUTHENTICATE LOGIN for IMAP connections (#5563)
Add imap_auth_type=IMAP to force use of LOGIN instead of AUTHENTICATE LOGIN.
In imap_auth_type=CHECK mode prefer LOGIN over AUTHENTICATE LOGIN (for performance reasons).
8 years ago
Aleksander Machniak 253aac5d9e Fix var name 8 years ago