CHANGELOG Roundcube Webmail =========================== RELEASE 1.1.10 -------------- - Fix file disclosure vulnerability caused by insufficient input validation [CVE-2017-16651] (#6026) RELEASE 1.1.9 ------------- - Fix regression in LDAP fuzzy search where it always used prefix search instead (#5713) - Fix bug where base_dn setting was ignored inside group_filters (#5720) - Password: Fix security issue in virtualmin and sasl drivers [CVE-2017-8114] RELEASE 1.1.8 ------------- - Fix bug where mail content frame couldn't be reset in some corner cases (#5608) - Fix regression where groups with email address were resolved to its members' addresses - Fix so group/addressbook selection is retained on page refresh - Fix bug where signature couldn't be added above the quote in Firefox 51 (#5628) - Fix so microseconds macro (u) in log_date_format works (#1490446) - Fix XSS issue in handling of a style tag inside of an svg element RELEASE 1.1.7 ------------- - Fix vulnerability in handling of mail()'s 5th argument RELEASE 1.1.6 ------------- - Searching in both contacts and groups when LDAP addressbook with group_filters option is used - Use contact_search_name format in popup on results in compose contacts search - Fix missing localization of HTML editor when assets_dir != INSTALL_PATH - Fix handling of blockquote tags with mixed case on html2text conversion (#5363) - Fix message list multi-select/deselect issue (#5219) - Fix bug where contact search menu fields where always unchecked in Larry skin - Fix XSS issue in href attribute on area tag (#5240) - Fix bug where message list columns could be in wrong order after column drag-n-drop and list sorting - Don't create multipart/alternative messages with empty text/plain part (#5283) - Wash position:fixed style in HTML mail for better security (#5264) - Fix error causing empty INBOX listing in Firefox when using an URL with user:password specified (#5400) RELEASE 1.1.5 ------------- - Plugin API: Add html2text hook - Plugin API: Added addressbook_export hook - Fix missing emoticons on html-to-text conversion - Fix random "access to this resource is secured against CSRF" message at logout (#4956) - Fix missing language name in "Add to Dictionary" request in HTML mode (#4951) - Enable use of TLSv1.1 and TLSv1.2 for IMAP (#4955) - Fix XSS issue in SVG images handling (#4949) - Fix (again) security issue in DBMail driver of password plugin [CVE-2015-2181] (#4958) - Fix bug where Archive/Junk buttons were not active after page jump with select=all mode (#4961) - Fix bug in long recipients list parsing for cases where recipient name contained @-char (#4964) - Fix additional_message_headers plugin compatibility with Mail_Mime >= 1.9 (#4966) - Hide DSN option in Preferences when smtp_server is not used (#4967) - Protect download urls against CSRF using unique request tokens (#4957) - newmail_notifier: Refactor desktop notifications - Fix so contactlist_fields option can be set via config file - Fix so SPECIAL-USE assignments are forced only until user sets special folders (#4782) - Fix performance in reverting order of THREAD result - Fix converting mail addresses with @www. into mailto links (#5197) RELEASE 1.1.4 ------------- - Add workaround for https://bugs.php.net/bug.php?id=70757 (#4931) - Fix duplicate messages in list and wrong count after delete (#4925) - Fix so Installer requires PHP5 - Make brute force attacks harder by re-generating security token on every failed login (#4913) - Slow down brute-force attacks by waiting for a second after failed login (#4913) - Fix .htaccess rewrite rules to not block .well-known URIs (#4943) - Fix mail view scaling on iOS (#4915) - Fix so database_attachments::cleanup() does not remove attachments from other sessions (#4907) - Fix responses list update issue after response name change (#4917) - Fix bug where message preview was unintentionally reset on check-recent action (#4921) - Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#4905) - Fix redundant blank lines when using HTML and top posting (#4927) - Fix redundant blank lines on start of text after html to text conversion (#4928) - Fix HTML sanitizer to skip in output (#4932) - Fix invalid LDAP query in ACL user autocompletion (#4934) - Fix regression in displaying contents of message/rfc822 parts (#4937) - Fix handling of message/rfc822 attachments on replies and forwards (#4938) - Fix PDF support detection in Firefox > 19 (#4941) - Fix path traversal vulnerability (CWE-22) in setting a skin (#4945) - Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#4944) RELEASE 1.1.3 ------------- - Fix closing of nested menus (#4854) - Fix so E_DEPRECATED errors from PEAR libs are ignored by error_reporting change (#4770) - Fix compatibility with PHP 5.3 in rcube_ldap class (#4842) - Get rid of Mail_mimeDecode package dependency (#4836) - Fix "Importing..." message does not hide on error (#4840) - Fix SQL error on logout when using session_storage=php (#4839) - Update to jQuery 2.1.4 (#5165) - Fix Compose action in addressbook for results from multiple addressbooks (#4834) - Fix bug where some messages in multi-folder search couldn't be viewed/printed/downloaded (#4843) - Fix unintentional messages list page change on page switch in compose addressbook (#4844) - Fix race-condition in saving user preferences and loading plugin config (#4845) - Fix so plain text signature field uses monospace font (#4848) - Fix so links with href == content aren't added to links list on html to text conversion (#4847) - Fix handling of non-break spaces in html to text conversion (#4849) - Fix self-reply detection issues (#4852) - Fix multi-folder search result sorting by arrival date (#4858) - Fix so *-request@ addresses in Sender: header are also ignored on reply-all (#4860) - Update to TinyMCE 4.1.10 (#5164) - Fix draft removal after a message is sent and storing sent message is disabled (#4869) - Fix so imap folder attribute comparisons are case-insensitive (#4868) - Fix bug where new messages weren't added to the list in search mode - Fix wrong positioning of message list header on page scroll in Webkit browsers (#4646) - Fix some javascript errors in rare situations (#4853) - Fix error when using back button after sending an email (#4628) - Fix removing signature when switching to identity with an empty sig in HTML mode (#4872) - Disable links list generation on html-to-text conversion of identities or composed message (#4850) - Fix "washing" of style elements wrapped into many lines - Fix so input field (e.g. search box) does not loose focus on list load (#4862) - Fix so css of one html part does not apply to other text parts on message display (#4887) - Fix handling of plus character in mailto: links (#4891) - Fix so adding CC/BCC recipients from the sidebar unhides compose form fields in Classic skin (#4874) - Fix so gc.sh script removes also expired sessions from sql database (#4893) - Fix support for Mozilla-based browsers, e.g. Pale Moon (#4895) - Fix various issues with Turkish (and similar) locales (#4896) - Fix so In-Reply-To header is set also for MDN receipts (#4897) - Fix missing HTTP_X_FORWARDED_FOR address in generated Received header - Fix XSS issue in drag-n-drop file uploads (#4900) - Fix issue where Content-Length of some attachments could be set to wrong value causing browser errors (#4877) RELEASE 1.1.2 ------------- - Add new plugin hook 'identity_create_after' providing the ID of the inserted identity (#4807) - Add option to place signature at bottom of the quoted text even in top-posting mode [sig_below] - Fix handling of %-encoded entities in mailto: URLs (#4799) - Fix zipped messages downloads after selecting all messages in a folder (#4797) - Fix vpopmaild driver of password plugin - Fix PHP warning: Non-static method PEAR::setErrorHandling() should not be called statically (#4798) - Fix tables listing routine on mysql and postgres so it skips system or other database tables and views (#4796) - Fix message list header in classic skin on window resize in Internet Explorer (#4732) - Fix so text/calendar parts are listed as attachments even if not marked as such (#4795) - Fix lack of signature separator for plain text signatures in html mode (#4802) - Fix font artifact in Google Chrome on Windows (#4803) - Fix bug where forced extwin page reload could exit from the extwin mode (#4801) - Fix bug where some unrelated attachments in multipart/related message were not listed (#4805) - Fix mouseup event handling when dragging a list record (#4808) - Fix bug where preview_pane setting wasn't always saved into user preferences (#4809) - Fix bug where messages count was not updated after message move/delete with skip_deleted=false (#4814) - Fix security issue in contact photo handling (#4817) - Fix possible memcache/apc cache data consistency issues (#4820) - Fix bug where imap_conn_options were ignored in IMAP connection test (#4822) - Fix bug where some files could have "executable" extension when stored in temp folder (#4815) - Fix attached file path unsetting in database_attachments plugin (#4823) - Fix issues when using moduserprefs.sh without --user argument (#4825) - Fix potential info disclosure issue by protecting directory access (#4816) - Fix blank image in html_signature when saving identity changes (#4833) - Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#4827) - Fix XSS vulnerability in _mbox argument handling (#4837) RELEASE 1.1.1 ------------- - ACL: Allow other plugins to adjust the list of permissions and groups to edit - Add possibility to print contact information (of a single contact) - Add possibility to configure max_allowed_packet value for all database engines (#4772) - Improved handling of storage errors after message is sent - Update to TinyMCE 4.1.9 - Unified request* event arguments handling, added support for _unlock and _action parameters - Security: Generate random hash for the per-user local storage prefix (#4768) - Fix refreshing of drafts list when sending a message which was saved in meantime (#4745) - Fix saving/sending emoticon images when assets_dir is set - Fix PHP fatal error when visiting Vacation interface and there's no sieve script yet (#4778) - Fix setting max packet size for DB caches and check packet size also in shared cache - Fix needless security warning on BMP attachments display (#4771) - Fix handling of some improper constructs in format=flowed text as per the RFC3676[4.5] (#4773) - Fix performance of rcube_db_mysql::get_variable() - Fix missing or not up-to-date CATEGORIES entry in vCard export (#4766) - Fix fatal errors on systems without mbstring extension or mb_regex_encoding() function (#4769) - Fix cursor position on reply below the quote in HTML mode (#4759) - Fix so "over quota" errors are displayed also in message compose page - Fix duplicate entries supression in autocomplete result (#4776) - Fix "Non-static method PEAR::isError() should not be called statically" errors (#4770) - Fix parsing invalid HTML messages with BOM after (#4777) - Fix duplicate entry on timezones list in rcube_config::timezone_name_from_abbr() (#4779) - Fix so localized folder name is displayed in multi-folder search result (#4750) - Fix javascript error after creating a folder which is a subfolder of another one (#4781) - Fix bug where subject of sent/saved message was removed if mbstring wasn't installed (#4780) - Fix missing vcard_attachment icon on messages list (#4783) - Fix storing signatures with big images in MySQL database (#4785) - Fix Opera browser detection in javascript (#4786) - Fix so search filter, scope and fields are reset on folder change - Fix rows count when messages search fails (#4760) - Fix bug where spellchecking in HTML editor do not work after switching editor type more than once (#4789) - Fix bug where TinyMCE area height was too small on slow network connection (#4788) - Fix backtick character handling in sql queries (#4790) - Fix redirct URL for attachments loaded in an iframe when behind proxy (#4724) - Fix menu container references to point to the actual
s for printing (#2118) - Fix incorrect word wrapping in outgoing plaintext multibyte messages (#2062) - Fix double footer in HTML message with embedded images - Fix TNEF implementation bug (#2107) - Fix incorrect row id parsing for LDAP contacts list (#2116) - Fix 'mode' parameter in sqlite DSN (#2106) RELEASE 0.2.1 ------------------ - Use US-ASCII as failover when Unicode searching fails (#2097) - Fix errors handling in IMAP command continuations (#2097) - Fix FETCH result parsing for servers returning flags at the end of result (#2098) - Fix datetime columns defaults in mysql's DDL (#2012) - Fix attaching more than nine inline images (#2094) - Support 'UNICODE-1-1-UTF-7' alias for UTF-7 encoding (#2093) - Fix mime-type detection using a hard-coded map (#1735) - Don't return empty string if charset conversion failed (#2092) - Disable concurrent autocomplete query results display (#2082) - Fix new lines stripped from message footer (#2088) - Fix IE problem with mouse click autocomplete (#2080) - Fix html body washing on reply/forward + fix attachments handling (#2034) - Fix multiple recipients input parsing (#2077) - Fix replying to message with html attachment (#2034) - Use default_charset for messages without specified charset (#2027, #1484961) - Support non-standard "GMT-XXXX" literal in date header (#2074) - Added TNEF support to decode MS Outlook attachments (winmail.dat) - Fix "value continuation" MIME headers by adding required semicolon (#2073) - Fix pressing select all/unread multiple times (#2069) - Fix selecting all unread does not honor new messages (#2070) - Fix some base64 encoded attachments handling (#2071) - Support NGINX as IMAP backend: better BAD response handling (#2066) - Performance fix: don't fetch attachment parts headers twice to parse filename - Fix checking for recent messages on various IMAP servers (#2055) - Performance fix: Don't fetch quota and recent messages in "message view" mode - Fix displaying of alternative-inside-alternative messages (#2061) - Fix MDNSent flag checking, use arbitrary keywords (asterisk) flag (#2059) - Fix creation of folders with '&' sign in name - Fix parsing of email addresses without angle brackets (#2048) - Save spellcheck corrections when switching from plain to html editor (and spellchecking is on) - Fix large search results on server without SORT capability (#2031) - Get rid of preg_replace() with eval modifier and create_function usage (#2042) - Bring backand tags in HTML messages - Fix XSS vulnerability through background attributes [CVE-2009-0413] - Fix problems with backslash as IMAP hierarchy delimiter (#1116) - Secure vcard export by getting rid of preg's 'e' modifier use (#2045) - Fix authentication when submitting form with existing session (#2037) - Allow absolute URLs to images in HTML messages/sigs (#2029) - Fix message body which contains both inline attachments and emotions - Fix SQL query execution errors handling in rcube_mdb2 class (#1907) - Fix address names with '@' sign handling (#2022) - Improve messages display performance - Fix messages searching with 'to:' modifier RELEASE 0.2-STABLE ------------------ - Fix mark popup in IE 7 (#1785) - Fix line-break issue when copy & paste in Firefox (#1832) - Fix autocomplete "unknown server error" (#2008) - Fix STARTTLS before AUTH in SMTP connection (#1415) - Support multiple quota values in QUOTAROOT resonse (#1999) - Only abbreviate file name for IE < 7 browsers (#1548) - Performance: allow setting imap rootdir and delimiter before connect (#1628) - Fix sorting of folders with more than 2 levels (#1953) - Fix search results page jumps in LDAP addressbook (#1689) - Fix empty line before the signature in IE (#1769) - Fix horizontal scrollbar in preview pane on IE (#1228) - Add Robots meta tag in login page and installer (#1385) - Added 'show_images' option, removed 'addrbook_show_images' (#1977) - Option to check for new mails in all folders (#1053) - Don't set client busy when checking for new messages (#1706) - Allow UTF-8 folder names in config (#1960) - Add junk_mbox option configuration in installer (#1960) - Do serverside addressbook queries for autocompletion (#1925) - Allow setting attachment col position in 'list_cols' option - Allow override 'list_cols' via skin (#1958) - Fix 'cache' table cleanup on session destroy (#1913) - Increase speed of session destroy and garbage clean up - Fix session timeout when DB server got clock skew (#1890) - Fix handling of some malformed messages (#1099) - Speed up raw message body handling - Better HTML entities conversion in html2text (#1916) - Fix big memory consumption and speed up searching on servers without SORT capability - Fix setting locale to tr_TR, ku and az_AZ (#1872) - Use SORT for searching on servers with SORT capability - Added message status filter - Fix empty file sending (#1801) - Improved searching with many criterias (calling one SEARCH command) - Fix HTML editor initialization on IE (#1731) - Add warning when switching editor mode from html to plain (#1888) - Make identities list scrollable (#1930) - Fix problem with numeric folder names (#1922) - Added BYE response simple support to prevent from endless loops in imap.inc (#777) - Fix unread message unintentionally marked as read if read_when_deleted=true (#1819) - Remove port number from SERVER_NAME in smtp_helo_host (#1915) - Don't send disposition notification receipts for messages marked as 'read' (#1918) - Added 'keep_alive' and 'min_keep_alive' options (#1777) - Added option 'identities_level', removed 'multiple_identities' - Allow deleting identities when multiple_identities=false (#1840) - Added option focus_on_new_message (#1789) - Fix html2text class autoloading on Windows (#1904) - Fix html signature formatting when identity save error occurred (#1833) - Add feedback and set busy when moving folder (#1897) - Fix 'Empty' link visibility for some languages e.g. Slovak (#1889) - Fix messages count bar overlapping (#1703) - Fix adding signature in drafts compose mode (#1884) - Fix iil_C_Sort() to support very long and/or divided responses (#1713) - Fix matching case sensitivity when setting identity on reply (#1881) - Prefer default identity on reply - Fix imap searching on ISMail server (#1870) - Add css class for flagged messages (#1868) - Write username instead of id in sendmail log (#1879) - Fix htmlspecialchars() use for PHP version < 5.2.3 (#1877) - Fix js keywords escaping in json_serialize() for IE/Opera (#1874) - Added bin/killcache.php script (#1839) - Add support for SJIS, GB2312, BIG5 in rc_detect_encoding() - Fix vCard file encoding detection for non-UTF-8 strings (#1820) - Add 'skip_deleted' option in User Preferences (#1850) - Minimize "inline" javascript scripts use (#1838) - Fix css class setting for folders with names matching defined classes names (#1772) - Fix race conditions when changing mailbox - Fix spellchecking when switching to html editor (#1779) - Fix compose window width/height (#1807) - Allow calling msgimport.sh/msgexport.sh from any directory (#1837) - Localized filesize units (#1760) - Better handling of "no identity" and "no email in identity" situations (#1592) - Added 'mime_param_folding' option with possibility to choose long/non-ascii attachment names encoding eg. to be readable in MS Outlook/OE (#1743) - Added "advanced options" feature in User Preferences - Fix unread counter when displaying cached massage in preview panel (#1720) - Fix htmleditor spellchecking on MS Windows (#1808) - Fix problem with non-ascii attachment names in Mail_mime (#1700, #1576) - Fix language autodetection (#1812) - Fix button label in folders management (#1816) - Fix collapsed folder not indicating unread msgs count of all subfolders (#1814) - Fix handling of apostrophes in filenames decoded according to rfc2231 RELEASE 0.2-BETA ---------------- - Made config files location configurable (#1664) - Reduced memory footprint when forwarding attachments (#1764) - Allow and use spellcheck attribute for input/textarea fields (#1545) - Added icons for forwarded/forwarded+replied messages (#1691) - Added Reply-To to forwarded emails (#1739) - Display progress message for folders create/delete/rename (#1774) - Smart Tags and NOBR tag support in html messages (#1780, #1748) - Redesign of the identities settings (#836) - Add config option to disable creation/deletion of identities (#1139) - Added 'sendmail_delay' option to restrict messages sending interval (#1135) - Added vertical splitter for folders list resizing - Added possibility to view all headers in message view - Fixed splitter drag/resize on Opera (#1626) - Fixed quota img height/width setting from template (#1396) - Refactor drag & drop functionality. Don't rely on browser events anymore (#1108) - Insert "virtual" folders in subscription list (#1333) - Added link to open message in new window - Enable export of address book contacts as vCard - Add feature to import contacts from vcard files (#395) - Respect Content-Location headers in multipart/related messages according to RFC2110 (#1464) - Allowed max. attachment size now indicated in compose screen (#1523) - Also capture backspace key in list mode (#1186) - Allow application/pgp parts to be displayed (#1309) - Correctly handle options in mailto-links (#1671) - Immediately save sort_col/sort_order in user prefs (#1698) - Truncate very long (above 50 characters) attachment filenames when displaying - Allow to auto-detect client language if none set (#1095) - Auto-detect the client timezone (user configurable) - Add RFC2231 header value continuations support for attachment filenames + hack for servers that not support that feature - Fix Reply-To header displaying (#1738) - Mark form buttons that provide the most obvious operation (mainaction) - Added option 'quota_zero_as_unlimited' (#1206) - Added PRE handling in html2text class (#1301) - Added folder hierarchy collapsing - Added options to use syslog instead of log file (#1389) - Added Logging & Debugging section in Installer - Fix In-Reply-To and References headers when composing saved draft message (#1718) - Fix html message charset conversion for charsets with underline (#1717) - Fix buttons status after contacts deletion (#1675) - Fix escaping of To: and From: fields when building message body for reply or forward in the HTML editor (#1432) - Use current mailbox name in template (#1690) - Better fix for skipping untagged responses (#1694) - Added pspell support patch by Kris Steinhoff (#781) - Enable spellchecker for HTML editor (#1589) - Respect spellcheck_uri in tinyMCE spellchecker (#941) - Case insensitive contacts searching using PostgreSQL (#1692) - Make default imap folders configurable for each user (#1558) - Save outgoing mail to selectable folder (#1324581) - Fix hiding of mark menu when clicking th button again (#1463) - Use long date format in print mode (#1643) - Updated TinyMCE to version 3.1.0.1 - Re-enable autocomplete attribute for login form (#1661) - Check PERMANENTFLAGS before saving $MDNSent flag (#1478, #1485163) - Added flag column on messages list (#1220) - Patched Mail/MimePart.php (http://pear.php.net/bugs/bug.php?id=14232) - Allow trash/junk subfolders to be purged (#1568) - Store compose parameters in session and redirect to a unique URL - Fixed CRAM-MD5 authentication (#1364) - Fixed forwarding messages with one HTML attachment (#1103) - Fixed encoding of message/rfc822 attachments and image/pjpeg handling (#1439) - Added option to select skin in user preferences - Added option to configure displaying of attached images below the message body - Added option to display images in messages from known senders (#1204) - User preferences grouped in more fieldsets - Fix corrupted MIME headers of messages in Sent folder (#1587) - Fixed bug in MDB2 package: http://pear.php.net/bugs/bug.php?id=14124 - Use keypress instead of keydown to select list's row (#1362) - Don't call expunge and don't remove message row after message move if flag_for_deletion is set to true (#1505) RELEASE 0.2-ALPHA ----------------- - Added option to disable autocompletion from selected LDAP address books (#1445) - TLS support in LDAP connections: 'use_tls' property (#1581) - Fixed removing messages from search set after deleting them (#1583) - imap.inc: Fixed iil_C_FetchStructureString() to handle many literal strings in response (#1483) - Support for subfolders in default/protected folders (#1250) - Disallowed delimiter in folder name (#1351) - Support " and \ in folder names - Escape \ in login (#1214) - Better HTML sanitization with the DOM-based washtml script (#1276) - Fixed sorting of folders with non-ascii characters - Fixed Mysql DDL for default identities creation (#1554) - In Preferences added possibility to configure 'read_when_deleted', 'mdn_requests', 'flag_for_deletion' options - Made IMAP auth type configurable (#683) - Fixed empty values with FROM_UNIXTIME() in rcube_mdb2 (#1540) - Fixed attachment list on IE 6/7 (#1355) - Fixed JavaScript in compose.html that shows cc/bcc fields if populated - Make password input fields of type password in installer (#1417) - Don't attempt to delete cache entries if enable_caching is FALSE (#1537) - Optimized messages sorting on servers without sort capability (#1535) - Corrected message headers decoding when charset isn't specified and improved support for native languages (#1536, #1534) - Expanded LDAP configuration options to support LDAP server writes. - Installer: encode special characters in DB username/password (#1529) - Fixed management of folders with national characters in names (#1526, #1504) - Fixed identities saving when using MDB2 pgsql driver (#1525) - Fixed BCC header reset (#1501) - Improved messages list performance - patch from Justin Heesemann - Append skin_path to images location only when it starts with '/' sign (#1398) - Fix IMAP response in message body when message has no body (#1479) - Fixed non-RFC dates formatting (#1429) - Fixed typo in set_charset() (#1498) - Decode entities when inserting HTML signature to plain text message (#1497) - HTML editing is now working with PHP5 updates and TinyMCE v3.0.6 - Fixed signature loading on Windows (#1169) - Added language support to HTML editing (#1401) - Fixed remove signature when replying (#446) - Fixed problem with line with a space at the end (#1440) - Fixed tag filtering (#1066) - Fixed tag filtering (#1075) - Added sections (fieldset+label) in Settings interface - Mark as read in one action with message preview (#1486) - Deleted redundant quota reads (#1486) - Added options for empty trash and expunge inbox on logout (#707) - Removed lines wrapping when displaying message - Fixed month localization - Changed codebase to PHP5 with autoloader RELEASE 0.1.1 ------------- - Clear selection when selecting single item (#1461) - Remove hard-coded image size in skin templates (#1423) - Database schema improvements (dropped unnecessary indexes) - Fixed creating a new folder with a comma in its name (#1263) - Fixed sorting of messages when default mailbox is empty (#1020) - Improve message previewpane - less loading (#1019) - Fixed login form autoompletion (#1378) - Fixed virtuser_query option for mdb2 backend (#1409) - Fixed attachment resoting from Drafts when message body was empty (#1144) - Fixed usage of ob_gzhandler (#1390) - Fixed message part window in IE6 (#1211) - Fixed decoding of mime-encoded strings (#938) - Fixed some iconv/mb_string problems (#1202) - Correctly quote mailbox name when using in URL (#1016) - Fixed "headers already sent" errors (#1399) RELEASE 0.1-STABLE ------------------ - Added interactive installer script - Fix folder adding/renaming inspired by #1349 - Localize folder name in page title (#1338) - Fix code using wrong variable name (#818) - Allow to send mail with BCC recipients only - condense TinyMCE toolbar down to one line, removing table buttons (#1306) - Add function to mark the selected messages as read/unread (#641) - Also do charset decoding as suggested in RFC 2231 (fix #1022) - Show message count in folder list and hint when creating a subfolder - Distinguish ssl and tls for imap connections (#1252) - Added some charset aliases to fix typical mis-labelling (#1185) - Remember decision to display images for a certain message during session (#1310) - Truncate attachment filenames to 55 characters due to an IE bug (#1313) - Make sending of read receipts configurable - Respect config when localize folder names (#1280) - Also respect receipt and priority settings when re-opening a draft message - Remember search results (closes #722), patch by the_glu - Add Received header on outgoing mail - Upgrade to TinyMCE 2.1.3 - Allow inserting image attachments into HTML messages while composing (#1179) - Implement Message-Disposition-Notification (Receipts) - Fix overriding of session vars when register_globals is on (#1255) - Fix bug with case-sensitive folder names (#973) - Don't create default folders by default - Fixed some potential security risks (audited by Andris) - Only show new messages if they match the current search (#925) - Switch to/from when searcing in Sent folder (#1177) - Correctly read the References header (#1236) - Unset old cookie before sending a new value (#1232) - Correctly decode attachments when downloading them (#1235 and #1484642) - Suppress IE errors when clearing attachments form (#1043) - Log error when login fails due to auto_create_user turned off - Filter linked/imported CSS files (closes #844) - Improve message compose screen (closes #1060) - Select next row after removing one from list (#1063) RELEASE 0.1-RC2 --------------- - Enable drag-&-dropping of folders to a new parent and allow to create subfolders (#637) - Suppress IE errors when clearing attachments form (#1043) - Set preferences field in user table to NULL (#1062) - Log error when login fails due to auto_create_user turned off - Filter linked/imported CSS files (closes #844) - Improve message compose screen (closes #1060) - Select next row after removing one from list (#1063) - Make smtp HELO/EHLO hostname configurable (#851) - IPv6 Compatability (#1023), Patch #1484373 - Unlock interface when message sending fails (#1188) - Eval PHP code in template includes (if configured) - Show message when folder is empty. Mo more static text in table (#1068) - Only display unread count in page title when new messages arrived - Fixed wrong delete button tooltip (#785) - Fixed charset encoding bug (#1091) - Applied patch for LDAP version (#1175) - Improved XHTML validation - Fix message list selection (#1174) - Better fix lowercased usernames (#1120) - Update pngbehavior Script as suggested in #1134 - Fixed moving/deleting messages when more than 1 is selected - Applied patch for LDAP contacts listing by Glen Ogilvie - Applied patch for more address fields in LDAP contacts (#1074) - Add alternative for getallheaders() (fix #1146) - Identify mailboxes case-sensitive - Sort mailbox list case-insensitive (closes #1032) - Fix display of multipart messages from Apple Mail (closes #823) - Protect AJAX request from being fetched by a foreign site (XSS) - Make autocomplete for loginform configurable by the skin template - Fix compose function from address book (closes #1089) - Added //IGNORE to iconv call (patch #1086, closes #821) - Check if mbstring supports charset (#1003 and #1004) - Prefer iconv over mbstring (as suggested in #1004) - Check filesize of template includes (#1079) - Fixed bug with buttons not dimming/enabling properly after switching folders - Fixed compose window becoming unresponsive after saving a draft (#1132) - Re-enabled "Back" button in compose window now that bug #1132 is fixed - Fixed unresponsive interface issue when downloading attachments (#1138) - Lowered status message time from 5 to 3 seconds to improve responsiveness - Raised .htaccess upload_max_filesize from 2M to 5M to differ from default php.ini - Increased "mailboxcontrols" mail.css width from 160 to 170px to fix non-english languages (#1140) - Fix status message bug #1114 with regard to #1041 - Fix address adding bug reported by David Koblas - Applied socket error patch by Thomas Mangin - Pass-by-reference workarround for PHP5 in sendmail.inc - Fixed buggy imap_root settings (closes #1056) - Prevent default events on subject links (#1071) - Use HTTP-POST requests for actions that change state RELEASE 0.1-RC1 --------------- - Use global filters and bind username/ for Ldap searches (#909) - Hide quota display if imap server does not support it - Hide address groups if no LDAP servers configured - Add link to message subjects (closes #982) - Better SQL query for contact listing/search (closes #1051) - Fixed marking as read in preview pane (closes #1048) - CSS hack to display attachments correctly in IE6 - Wrap message body text (closes #901) - LDAP access is back in address book (closes #864) - Added search function for contacts - New Template parsing and output encoding - Fixed bugs #884 and #793 - Fixed message moving procedure (closes #1013) - Fixed display of multiple attachments (closes #647) - Fixed check for new messages (closes #1015) - List attachments without filename - New session authentication: Change sessid cookie when login, authentication with sessauth cookie is now configurable. Should close bugs #774 and #1484299 - Correctly translate mailbox names (closes #993) - Quote e-mail address links (closes #1007) - Updated PEAR::Mail_mime package - Accept single quotes for HTML attributes when modifying message body (thanks Jason) - Sanitize input for new users/identities (thanks Colin Alston) - Don't download HTML message parts - Convert HTML parts to plaintext if 'prefer_html' is off - Correctly parse message/rfc822 parts (closes #838) - Also use user_id for unique key in messages table (closes #857) - Hide contacts drop down on blur (closes #946) - Make entries in contacts drop down clickable - Turn off browser autocompletion on login page - Quote in text/html message parts - Hide border around radio buttons - Applied patch for attachment download by crichardson (closes #943) - Fixed bug in Postgres DB handling (closes #852) - Fixed bug of invalid calls to fetchRow() in rcube_db.inc (closes #996) - Fixed array_merge bug (closes #997) - Fixed flag for deletion in list view (closes #987) - Finally support semicolons as recipient separator (closes ##976) - Fixed message headers (subject) encoding - check if safe mode is on or not (closes #990) - Show "no subject" in message list if subject is missing (closes #971) - Solved page caching of message preview (closes #905) - Only use gzip compression if configured (closes #967) - Fixed priority selector issue (#903) - Fixed some CSS issues in default skin (closes #951 and #911) - Prevent from double quoting of numeric HTML character references (closes #978) - Fixed display of HTML message attachments (closes #927) - Applied patch for preview caching (closes #933) - Added error handling for attachment uploads - Use multibyte safe string functions where necessary (closes #798) - Applied security patch to validate the submitted host value (by Kees Cook) - Applied security patch to validate input values when deleting contacts (by Kees Cook) - Applied security patch that sanitizes emoticon paths when attaching them (by Kees Cook) - Applied a patch to more aggressively sanitize a HTML message - Visualize blocked images in HTML messages - Fixed wrong message listing when showing search results (closes #890) - Show remote images when opening HTML message part as attachment - Improve memory usage when sending mail (closes #871) - Mark messages as read once the preview is loaded (closes #1484132) - Include smtp final response in log (closes #862) - Corrected date string in sent message header (closes #887) - Correclty choose "To" column in sent and draft mailboxes (closes #769) - Changed srong tooltips for message browse buttons (closes #757) - Fixed signature delimeter character to be standard (Bug #830) - Fixed XSS vulnerability (Bug #877) - Remove newlines from mail headers (Bug #827) - Selection issues when moving/deleting (Bug #837) - Applied patch of Clement Moulin for imap host auto-selection - ISO-encode IMAP password for plaintext login (Bugs #792 & #723) - Fixed folder name encoding in subscription list (Bug #879) - Fixed JS errors in identity list (Bug #885) - Translate foldernames in folder form (closes #879) - Added first and last buttons to message list, address book and message detail - Pressing Shift-Del bypasses Trash folder - Enable purge command for Junk folder - Fetch all aliases if virtuser_query is used instead - Re-enabled multi select of contacts (Bug #817) - Enable contact editing right after creation (Bug #644) - Correct UTF-7 to UTF-8 conversion if mbstring is not available - Fixed IMAP fetch of message body (Bug #819) - Fixed safe_mode problems (Bug #539) - Fixed wrong header encoding (Bug #1483976) - Made automatic draft saving configurable - Fixed JS bug when renaming folders (Bug #799) - Added quota display as image (by Brett Patterson) - Corrected creation of a message-id - New indentation for quoted message text - Improved HTML validity - Fixed URL character set (Ticket #616) - Fixed saving of contact into MySQL from LDAP query results (Ticket #681) - Fixed folder renaming: unsubscribe before rename (Bug #750) - Finalized new message parsing (+ chaching) - Fixed wrong usage of mbstring (Bug #645) - Set default spelling language (Ticket #764) - Added support for Nox Spell Server - Re-built message parsing (Bug #422) Now based on the message structure delivered by the IMAP server. - Fixed some XSS and SQL injection issues - Fixed charset problems with folder renaming