Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-02-28 05:14:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,344 Commits 72 Branches 205 Tags
editorconfig-javascript
Commit Graph

48 Commits

Author SHA1 Message Date
Aleksander Machniak
ca10951ab9 Fix regression causing inline SVG images to be missing in mail preview (#9644) 2024-09-29 14:00:19 +02:00
Aleksander Machniak
cd0bde2d5b Fix regression where printing/scaling/rotating image attachments was broken (#9571) 2024-08-08 13:54:32 +02:00
Aleksander Machniak
e12e273c0c More tests 2024-08-04 10:28:16 +02:00
Aleksander Machniak
78cc630987 - Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] 
Credits to Oskar Zeino-Mahmalat (https://www.sonarsource.com)
 2024-08-04 10:26:40 +02:00
Aleksander Machniak
5c603344fe Code improvements 2024-04-01 11:50:56 +02:00
Aleksander Machniak
2f5f3bd0de Code improvements 2024-03-24 10:29:31 +01:00
Michael Voříšek
d18406a8bd Fix binary operator spaces CS (#9330) 
* align_single_space_minimal for assign

* assign operators grouping is not supported by PHP CS Fixer

* binary_operator_spaces = single_space

* fix anonymous function on single line

* align comments manually
 2024-02-02 07:53:34 +01:00
Aleksander Machniak
6f8fc03fe8 Solve some phpstan errors 2024-01-24 14:20:21 +01:00
Michael Voříšek
4ee79b9e84 fix "explicit_string_variable" (#9315) 2024-01-22 08:05:59 +01:00
Michael Voříšek
b1a0067e5d Fix more CS (#9303) 
* fix "class_attributes_separation"

* fix "ternary_to_null_coalescing"

* fix "no_extra_blank_lines"

* fix "php_unit_data_provider_name" - use snake_case

* fix remaining "function data_" manually

* move "php_unit_test_case_static_method_calls" to a better place in cnf

* fix 3.47.1 CS
 2024-01-20 08:22:32 +01:00
Michael Voříšek
6a53a1d853 Fix CS (whitespace, visibility) (#9297) 
* Fix "method_argument_space"

* Fix "control_structure_continuation_position"

* Fix "new_with_parentheses"

* Fix "blank_line_before_statement"

* Fix "visibility_required"

* Fix some "array_indentation"

* Fix some "array_indentation" - unify all "rcube::raise_error" calls

* rm useless eslint ignores and add rules counts

* sort eslint ignores

* fix eslint ignores grammar

* Revert "Fix "blank_line_before_statement""

* fix CS 3.46.0
 2024-01-04 14:26:35 +01:00
Michael Voříšek
2643be3eaa Fix single quotes CS (#9283) 
* Fix "single_quote"

* fix "escape_implicit_backslashes"

* fix typo from f363481c

* fix single quotes in JS

* fix some minor JS CS

* fix CS v3.45.0
 2023-12-31 16:36:55 +01:00
Michael Voříšek
3e458fa5fd Refer native constants unambiguously (#9275) 
* Fix "native_constant_invocation" CS

* "self_accessor" was fixed in 9269 PR

* "php_unit_strict" was fixed in 9268 PR
 2023-12-23 17:02:19 +01:00
Michael Voříšek
e7d7e62146 Modernize more basic CS II (#9254) 
* fix "integer_literal_case"

* fix "phpdoc_separation"

* fix "phpdoc_var_without_name"

* fix "operator_linebreak"

* fix "no_alias_language_construct_call"

* fix "list_syntax"

* fix "concat_space"

* fix "array_syntax"

* fix "binary_operator_spaces"

* fix "binary_operator_spaces" relaxed

* fix "phpdoc_types_order"

* fix "phpdoc_trim"

* fix "native_type_declaration_casing"

* fix "method_chaining_indentation"

* fix "phpdoc_no_package"

* fix "elseif"

* fix PHP CS Fixer config itself too

* fix "native_type_declaration_casing"
 2023-12-17 13:14:45 +01:00
Michael Voříšek
ca8b17d191 Modernize more basic CS (#9258) 
* fix "yoda_style"

* fix "is_null"

* rm useless rule ignores

* add full "PhpCsFixer:risky" ruleset

* fix "implode_call"

* fix "no_alias_functions"

* fix "array_push"

* fix "long_to_shorthand_operator"

* fix "ternary_to_elvis_operator"

* fix "logical_operators"

* fix "fopen_flags"

* rename "returns" phpdoc tags to "return"

* fix "php_unit_construct"

* fix "function_to_constant"

* fix "php_unit_data_provider_return_type"

* fix "php_unit_set_up_tear_down_visibility"

* some safe "string_length_to_empty"

* fix "phpdoc_align"

* fix "phpdoc_no_alias_tag"

* fix "trailing_comma_in_multiline"

---------

Co-authored-by: Aleksander Machniak <alec@alec.pl>
 2023-12-17 09:51:11 +01:00
Michael Voříšek
a8707ae220 Fix and assert basic CS using CI (#9246) 
* Assert CS using CI

* fix "single_blank_line_at_eof"

* fix "statement_indentation"

* fix "switch_case_semicolon_to_colon"

* fix "control_structure_braces"

* fix "statement_indentation"

* fix "no_whitespace_in_blank_line"

* fix "no_trailing_whitespace_in_comment"

* fix "no_trailing_whitespace"

* fix "single_space_around_construct"

* fix "spaces_inside_parentheses"

* fix "ternary_operator_spaces"

* fix "trim_array_spaces"

* fix "whitespace_after_comma_in_array"

* fix "cast_spaces"

* fix "unary_operator_spaces"

* fix "no_trailing_comma_in_singleline"

* fix "ordered_imports"

* fix "no_unused_imports"

* Check composer.json format

* fix CI job name

* file header comments are not phpdoc

* fix "phpdoc_indent"

* fix "braces_position"

* fix "phpdoc_types"

* fix "no_blank_lines_after_class_opening"

* fix "no_multiple_statements_per_line"

* fix "multiline_comment_opening_closing"

* fix "single_line_empty_body"

* fix "non_printable_character"

* fix "phpdoc_trim_consecutive_blank_line_separation"

* fix "include"

* fix "no_mixed_echo_print"

---------

Co-authored-by: Aleksander Machniak <alec@alec.pl>
 2023-12-16 15:37:43 +01:00
Michael Voříšek
5425d1a84a Fix invalid phpdocs (#9252) 
* fix missing return type in phpdoc
* fix "phpdoc_scalar"
* Fix phpdoc variable names typos
* fix wrong phpdoc tags
 2023-12-10 16:20:50 +01:00
Aleksander Machniak
cd87dd013f Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download 
Thanks to rehme.infosec for reporting the issues.
 2023-11-04 17:52:00 +01:00
Aleksander Machniak
f2688ba492 Use ?? operator where applicable 2021-09-21 19:12:06 +02:00
Aleksander Machniak
15f8643542 Remove redundant PHP version checks, bump min. version in the installer 2021-08-01 17:47:32 +02:00
Aleksander Machniak
f74bc3fd80 Fix bug where invalid non-unicode characters in JSON output could make the UI unresponsive (#7955) 2021-03-27 09:19:18 +01:00
Aleksander Machniak
8b83d29f24 PHP8 fixes, do not require specific error_reporting setting anymore 2020-12-19 10:01:10 +01:00
Aleksander Machniak
3bbb01fe13 PHP8 fixes, regression fixes 2020-12-13 12:14:15 +01:00
Aleksander Machniak
f4ed1024dc PHP8 fixes, CS fixes, short array syntax, tests 2020-12-02 20:15:00 +01:00
Aleksander Machniak
545a1569f1 Steps -> Actions refactoring (#7688) 
* Move action handling code to rcmail class
* Add rcmail_action class
* Add action aliases
* Get rid of $OUTPUT global
* Move some methods from rcmail to rcmail_action
* PHP8 compat. fixes
* Add framework for testing actions
* Fix obvious code mistakes
 2020-11-01 11:25:38 +01:00
Aleksander Machniak
f95212d626 PHP8: More warnings fixed 2020-10-11 15:24:30 +02:00
Aleksander Machniak
b22f1c9a1b Add skip-empty option to get_edit_field() (#7444) 2020-06-27 10:29:40 +02:00
Aleksander Machniak
57c67db029 Remove year(s) from copyright headers + some cleanup 2019-04-16 10:42:45 +02:00
Aleksander Machniak
fe5b4fd81d fputs() -> fwrite() 2019-01-23 18:35:38 +01:00
Aleksander Machniak
d3c65d752b Remove useless "return null;" at the end of function block 2018-12-27 11:03:47 +01:00
Aleksander Machniak
186f21c4c1 Avoid Referer leaking by using Referrer-Policy:same-origin header (#6385) 
Added 'common_headers' hook
 2018-10-21 11:39:39 +02:00
Aleksander Machniak
a451ad6599 Fix handling encoding of HTML tags in "inline" JSON output (#6207) 2018-03-07 17:40:12 +01:00
Aleksander Machniak
1556eb01c7 Use JSON_UNESCAPED_UNICODE only on PHP >= 7.1.0 (#6187) 2018-02-21 10:55:14 +01:00
Aleksander Machniak
4793ec753a Remove double-quotes in filename* parameter of the Content-Disposition of downloads (#5857) 2018-01-14 10:10:20 +01:00
Aleksander Machniak
1235dcf321 Encode JSON with JSON_UNESCAPED_SLASHES and JSON_UNESCAPED_UNICODE options 2017-08-22 09:41:44 +02:00
Aleksander Machniak
bcc6405552 Fix various issues when downloading files with names containing non-ascii chars, use RFC 2231 (#5772) 2017-06-26 16:27:10 +02:00
Aleksander Machniak
f43f5bf93f Use JSON_PRETTY_PRINT in devel_mode 
This effectively makes PHP 5.4 a real requirement
 2016-10-18 10:42:49 +02:00
Aleksander Machniak
58c036116b Support type=password in rcube_output::get_edit_field() 2016-06-12 16:34:12 +02:00
Thomas Bruederli
4a408843b0 Protect download urls against CSRF using unique request tokens (#1490642) 
Send X-Frame-Options headers with every HTTP response
 2016-03-06 14:31:07 +01:00
Aleksander Machniak
a958748947 CS fixes 2015-06-07 15:26:33 +02:00
Aleksander Machniak
ba5c53e5c3 Send X-UA-Compatible as HTTP header instead of meta tag 2014-06-09 14:16:35 +02:00
Thomas Bruederli
b0ce5c62af Make skin meta/hierarchy information accessible for plugins (#1488831) 2014-05-01 09:05:29 +02:00
Zou Guangxian
49311c55dd * fixed: modsecurity warning: AppDefect: Cache-Control Response Header Missing 'no-store' flag. http://websecuritytool.codeplex.com/wikipage?title=Checks#http-cache-control-header-no-store 2013-05-04 23:15:28 +08:00
Aleksander Machniak
d2534c63f2 Cleanup, remove file paths from doc 2012-12-18 09:07:00 +01:00
Aleksander Machniak
63f130782c Small fixes to last commits 2012-11-27 12:42:42 +01:00
Thomas Bruederli
60226a75d8 Separate the very application-specific output classes from the Roundcube framework; add autoloader for rmail* classes 2012-11-27 12:13:33 +01:00
Aleksander Machniak
a92beb6bdb Define RCUBE_CHARSET in place of RCMAIL_CHARSET for naming consistency 2012-11-27 08:43:43 +01:00
Aleksander Machniak
ba6f21caeb Framework files moved to lib/Roundcube 2012-11-21 19:52:03 +01:00