fe0dc4eef8
Bump version to 1.1.12 and copyright to 2018
8 years ago
0c9074f286
Fix regression where IMAP commands with '*' uidset argument wasn't working
8 years ago
d4475e58db
Bump version to 1.1.11
8 years ago
498ff0a283
Fix possible IMAP command injection vulnerability ( #6229 )
...
[CVE-2018-9846]
8 years ago
5d889cca13
Fix bug in remote content blocking on HTML image and style tags ( #6178 )
8 years ago
a5dac2e694
Small improvement in log_dir handling
8 years ago
bb9db12a79
Fix parse error from last commit
8 years ago
a5e4578482
Don't ignore (global) userlogins/sendmail logs in per_user_logging mode
8 years ago
7f992eac3d
Bump version + add CVE ID
8 years ago
4181f29608
Bump version to 1.1.9
9 years ago
bcdba37a82
Fix bug where base_dn setting was ignored inside group_filters ( #5720 )
9 years ago
6b16e0d593
Fix regression in LDAP fuzzy search where it always used prefix search instead ( #5713 )
9 years ago
2a2b04eb2a
Remove redundant spaces from generated contact names
9 years ago
f1483204c7
Bump version to 1.1.8
9 years ago
d6ddd31a1b
Better fix for XSS in style tags ( 9b5eee294)
9 years ago
9b5eee2946
Fix XSS issue in handling of a style tag inside of an svg element
9 years ago
11b65a905f
Make sure date_create_from_format() exists
...
Only for Roundcube 1.1 (this function does not exist on PHP < 5.3)
9 years ago
7536739c7a
Fix bug where microsecond format in logged date didn't work in some cases
9 years ago
6c6b299d2a
Fix so microseconds macro (u) in log_date_format works ( #1490446 )
9 years ago
4c1394cf2d
Bump version to 1.1.7
9 years ago
45a3e81653
Fix vulnerability in handling of mail()'s 5th argument
9 years ago
802d119153
Bump version to 1.1.6
9 years ago
93cb7b1fea
Support contact+group searches in all relevant places (T1360)
...
Before the search worked only in Addressbook, not also in Compose.
The point of the change is also to align group searches with contact searches
in that it now uses the same set of attributes. Previously groups
in Compose were searched by name only.
Conflicts:
program/lib/Roundcube/rcube_addressbook.php
program/lib/Roundcube/rcube_contacts.php
program/steps/mail/search_contacts.inc
10 years ago
3f10f9a2e6
Fix regression where LDAP results could be counted incorrectly when using VLV
...
... broken by d08bd0a51f
10 years ago
425e31dc27
Wash position:fixed style in HTML mail for better security ( #5264 )
10 years ago
4fa70856b9
Fix handling of blockquote tags with mixed case on html2text conversion ( #5363 )
...
Conflicts:
CHANGELOG
10 years ago
d10c591a61
Merge pull request #5330 from urc/patch-1
...
Do not mask fatal error when unable to load PEAR class
10 years ago
f85227358a
Avoid PHP fatal error
...
After last change to file `rcube_ldap.php`, my roundcube instance was getting this error:
```
PHP Fatal error: Cannot use object of type Net_LDAP3_Result as array in ...
```
In
```php
protected function extended_search($count = false)
```
`$result = $this->ldap->search()` returns a LDAP object (whatever package we use).
If the search returns no results (and if `$is_extended_search` is false), then it gets to line 971 trying to do a `usort()` and then a `count()` on an object, instead of an array.
10 years ago
ac592fd169
Searching in both contacts and groups when LDAP addressbook with group_filters option is used
...
Conflicts:
CHANGELOG
program/steps/addressbook/search.inc
10 years ago
3e508e9587
Do not mask fatal error
...
A failure to load PEAR consistutes a fatal PHP error, and @-loading it prevents that error from being logged, making debugging problems with loading the PEAR class really difficult. It should therefore be loaded without the @ sign, allowing the fatal error to end up in the logs, if it occurs.
10 years ago
7d14065baa
Fix XSS issue in href attribute on area tag ( #5240 , #5241 )
...
Conflicts:
CHANGELOG
10 years ago
25bc871ee7
Bump version to 1.1.5
10 years ago
848410042c
Fix converting mail addresses with @www. into mailto links ( #5197 )
10 years ago
c91d4975ff
Make sure an email address is valid when replacing it with mailto: link
10 years ago
d54eb6c951
CS fixes
10 years ago
55d90b2f62
mailbox/listing: Make server response for large mailbox listing faster when using threaded view
...
Symptom
=======
When using roundcube with mailboxes with over 60k messages, list
view was way faster than viewing in threaded view.
Mailbox index view timing: ~360 ms
Mailbox threaded view timing: ~800 ms
Resolution
==========
Use native PHP array manipulation functions instead of rolling custom
string data reversal implementation using strpos() and substr() in a
'while' loop.
This optimization is already present in index view handler, but was missing
from threaded view.
Results after optimization
==========================
Both average out around ~360 ms response time.
10 years ago
473dc0b86d
Fix so SPECIAL-USE assignments are forced only until user sets special folders ( #4782 )
...
The old behaviour where SPECIAL-USE has always a prio can be bringed back
by setting lock_special_folders=false and adding it to dont_override.
10 years ago
86bc1f95ea
Require Net_Socket >= 1.0.12 (because of timeout=0 bugfix)
...
Conflicts:
INSTALL
10 years ago
2bfce1ae20
Refer to Github issues instead of Trac
10 years ago
7c04110698
Fix so contactlist_fields option can be set via config file
10 years ago
699af1e520
Protect download urls against CSRF using unique request tokens ( #1490642 )
...
Send X-Frame-Options headers with every HTTP response
Conflicts:
plugins/enigma/enigma.js
plugins/enigma/lib/enigma_ui.php
program/lib/Roundcube/rcube_message.php
10 years ago
3e55a2d9cb
Fix bug in long recipients list parsing for cases where recipient name contained @-char ( #1490653 )
10 years ago
4de4438340
Fix regression where xml mode could be used to parse xhtml messages causing empty result
10 years ago
768e3e1b09
Improved SVG cleanup code
10 years ago
847c771d9e
Refactor wash_attribs() - fix regressions
10 years ago
3e4b7cd19d
Extend rcube_washtml with SVG support
10 years ago
3f6fbdcc6d
Fix random "access to this resource is secured against CSRF" message at logout ( #1490641 )
...
- this is when openssl module is not installed
10 years ago
8a53588940
Make TLS method for IMAP parameterisable.
10 years ago
f8911c2a7f
Enable use of TLSv1.1 and TLSv1.2 for IMAP.
10 years ago
f2ff464002
Bump version to 1.1.4; update Changelog
10 years ago
Thomas Bruederli