Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-03 06:44:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,344 Commits 72 Branches 205 Tags
editorconfig-javascript
Commit Graph

2657 Commits

Author SHA1 Message Date
Aleksander Machniak
4e6f3019f5 Enigma: Handle encrypted/signed content inside message/rfc822 attachments 2016-03-25 13:25:44 +01:00
Aleksander Machniak
3a13b5dab8 CS fixes 2016-03-14 09:18:53 +01:00
Aleksander Machniak
0c9e55b0c9 Fix PHP warning when defaults.inc.php is not readable 2016-03-14 08:41:28 +01:00
Thomas Bruederli
4a408843b0 Protect download urls against CSRF using unique request tokens (#1490642) 
Send X-Frame-Options headers with every HTTP response
 2016-03-06 14:31:07 +01:00
Aleksander Machniak
10e5192a2b Fix path traversal vulnerability in setting a skin (#1490620) 2015-12-22 12:40:36 +01:00
Aleksander Machniak
69a1e4f7b1 rcube_parse_host() -> rcube_utils::parse_host() 2015-11-25 08:52:59 +01:00
Aleksander Machniak
7476410a04 Add missing deprecation warning 2015-11-17 09:36:43 +01:00
Thomas Bruederli
458a6b26e8 Load bc.inc in script startup 2015-11-16 22:47:28 +01:00
Thomas Bruederli
32695c333c Restore bc.inc which now logs a warning when calling deprecated functions 2015-11-16 22:43:15 +01:00
Aleksander Machniak
a15d877ba8 Added brute-force attack prevention via login rate limit (#1490566) 2015-11-11 18:53:43 +01:00
Aleksander Machniak
454b0b1ca9 Remove deprecated rcmail and rcube_imap methods 2015-11-05 09:17:28 +01:00
Aleksander Machniak
2aa9ee56fd Fix so disabling emoticons plugin really removes emoticons button from HTML editor 2015-10-27 17:18:23 +01:00
dsoares
234fd19505 Replace deprecated call to Q within array_map() 2015-10-26 16:13:14 +00:00
Aleksander Machniak
74ce01efc7 Q() -> rcube::Q() 2015-10-23 08:02:57 +02:00
Aleksander Machniak
a5c03db798 Security: Added options to validate username/password on logon (#1490500) 2015-10-18 09:37:46 +02:00
Aleksander Machniak
c1bbf0d0b6 After failed login wait a second to slow down brute-force attacks (#1490549) 2015-10-17 13:37:11 +02:00
Aleksander Machniak
fddfd8e6d7 Remove backward compatibility "layer" of bc.php (#1490534) 2015-10-16 19:51:28 +02:00
Aleksander Machniak
df0b4f3437 Make sure an email address is valid when replacing it with mailto: link 2015-09-15 12:52:18 +02:00
Aleksander Machniak
26086981a2 Improve randomness of security tokens (#1490529) 2015-09-08 17:38:19 +02:00
Aleksander Machniak
e2f605d44d Fallback to C locale 2015-09-04 10:13:25 +02:00
Aleksander Machniak
3c29c7e858 Fix various issues with Turkish (and similar) locales (#1490519) 2015-09-04 10:09:47 +02:00
Aleksander Machniak
c4daf3f14f Fix regression in converting signatures to text, fixed PHP warning in html2text() call 2015-08-30 18:41:13 +02:00
Aleksander Machniak
a63f14ec40 Emoticons-related code refactoring 
- Emoticons: All emoticons-related functionality is handled by the plugin now
- Emoticons: Added option to switch on/off emoticons in compose editor (#1485732)
- Emoticons: Added option to switch on/off emoticons in plain text messages
- Plugin API: Added disabled_plugins an disabled_buttons options in html_editor hook
- Plugin API: Added html2text hook
 2015-08-29 07:52:57 +02:00
Aleksander Machniak
1b39d9a6c7 PHP7: Fixed some E_WARNING errors that previously were E_STRICT 2015-08-08 09:32:24 +02:00
Aleksander Machniak
93e64008a6 Small code improvements 2015-08-05 09:30:51 +02:00
Aleksander Machniak
08bb20f261 Don't use deprecated functions/constants (from bc.inc) 2015-08-02 20:16:46 +02:00
Aleksander Machniak
9d78c68cbf Fix so imap folder attribute comparisons are case-insensitive (#1490466) 
+ make in_array_nocase() much faster for ASCII strings
 2015-07-29 20:38:21 +02:00
Aleksander Machniak
252cc4c4ac Password: Allow temporarily disabling the plugin functionality with a notice 2015-07-27 10:47:34 +02:00
Aleksander Machniak
8447bae77c Require Mbstring and OpenSSL extensions (#1490415) - remove redundant code 2015-06-28 12:27:48 +02:00
Aleksander Machniak
a958748947 CS fixes 2015-06-07 15:26:33 +02:00
Aleksander Machniak
b782815dac Fix XSS vulnerability in _mbox argument handling (#1490417) 2015-05-30 17:37:06 +02:00
Aleksander Machniak
8042e13af6 Add --config and --type options to moduserprefs.sh script (#1490051) 2015-05-25 08:51:10 +02:00
Aleksander Machniak
3994b3a26c Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402) 2015-05-23 09:42:11 +02:00
Aleksander Machniak
0c08b04778 Fix issues when using moduserprefs.sh without --user argument (#1490399) 2015-05-21 10:19:46 +02:00
Aleksander Machniak
03aa84f784 Fix bug where some files could have "executable" extension when stored in temp folder (#1490377) 2015-05-17 14:52:24 +02:00
Aleksander Machniak
e7620812b0 Installer: Remove system() function use (#1490139) 
Move some functionality of scripts from bin/ into rcmail_utils class
 2015-04-12 09:24:25 +02:00
Thomas Bruederli
0bd99db08d Localize common error messages; improve explanation for CSRF check failures 2015-03-23 18:33:40 +01:00
Aleksander Machniak
216b31dd99 Fix so "over quota" errors are displayed also in message compose page 
This also fixes over quota responses on cyrus imap which uses "Over quota" string and no error identifier.
 2015-02-25 05:24:05 -05:00
Aleksander Machniak
f070da7c27 Fix fatal errors on systems without mbstring extension or mb_regex_encoding() function (#1490280) 2015-02-22 11:47:14 +01:00
Aleksander Machniak
3665d1e8ec Merge pull request #259 from corbosman/plugin_preload 
Plugin preload
 2015-02-19 08:31:43 +01:00
Aleksander Machniak
3779b67a9c Set version number to 1.2-git 2015-02-16 11:22:13 +01:00
Thomas Bruederli
2f8b1036da Bump version and copyright year 2015-02-07 18:33:24 +01:00
corbosman
de89d46be2 Load plugins before sessions have started 
Move the plugin loading phase to before sessions have started allowing plugins to add session drivers.  Plugins that want to use this should define an "onload" method in their plugins. This method does not have access to variables like $task as they are not yet initialised at that time.
 2015-02-04 13:17:51 +01:00
Aleksander Machniak
09d52dbb67 Fix some typos in comments 2015-02-04 10:46:14 +01:00
Thomas Bruederli
be140e827d Don't reset 'plugins' config option when running from update.sh script 2015-02-03 22:43:47 +01:00
Aleksander Machniak
c6efcf5e6d Fix blocked.gif image usage with assets_dir set 2015-01-12 05:44:28 -05:00
Thomas Bruederli
b737021a90 Improve plugin selection in installer; check already selected plugins 2014-12-27 14:53:21 +01:00
Thomas B.
8e7ed506c4 Merge pull request #248 from flanpy/master 
#1489096 : Ability to select plugins to enable in the installer
 2014-12-21 20:25:23 +01:00
Aleksander Machniak
7259529fad Get rid of requests whitelist for security check bypass 2014-12-16 13:34:48 +01:00
Aleksander Machniak
681ba6fc3c Improve system security by using optional special URL with security token 
Allows to define separate server/path for image/js/css files
Fix bugs where CSRF attacks were still possible on some requests
 2014-12-16 13:28:48 +01:00