Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-04 07:14:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,344 Commits 72 Branches 205 Tags
editorconfig-javascript
Commit Graph

2129 Commits

Author SHA1 Message Date
Aleksander Machniak
d81b8447fb Fix empty output from HTML5 parser when content contains XML tag (#7624) 2020-09-23 15:15:02 +02:00
Aleksander Machniak
1cc9d4f566 Bump minimum PHP version to 5.5, bump guzzle version (#7616) 2020-09-23 11:00:57 +02:00
Aleksander Machniak
f0084b6f54 Fix empty space on mail printouts in Chrome (#7604) 2020-09-23 10:49:16 +02:00
Aleksander Machniak
d30f039e5a Use PDO::ATTR_CLIENT_VERSION when PDO::ATTR_DRIVER_VERSION does not exist (#7564) 2020-09-20 14:45:43 +02:00
Michael Steininger
6345982655 Add $lang argument to read_localization (#7599) 2020-09-20 11:13:15 +02:00
Aleksander Machniak
9713ce364c Automatically collected recipients and trusted senders (#6904) 
Added configurable Collected Recipients addressbook source (#4971)
Added configurable Trusted Senders addressbook source (#5046)
Added 'contact_exists' hook
 2020-09-20 10:00:08 +02:00
Aleksander Machniak
7d3d806411 Fix PHP Fatal error: Cannot access protected property rcube_message::$body (#7588) 2020-09-05 08:46:01 +02:00
Aleksander Machniak
5264534c46 Fix bug where some parts of a message could have been missing in a reply/forward body (#7568) 2020-08-30 10:56:13 +02:00
Aleksander Machniak
77bc3f2427 Fix incorrect PDO::lastInsertId() use in sqlsrv driver (#7564) 2020-08-28 09:41:19 +02:00
Aleksander Machniak
e476211230 Fix error when dealing with message/rfc822 attachments using Gmail IMAP (#6854) 2020-08-23 10:18:10 +02:00
Aleksander Machniak
535816db22 Describe all() method on more detail (#6219) 2020-08-23 09:39:55 +02:00
Aleksander Machniak
b7d4596aa9 Fix regression (#7557) 2020-08-16 16:32:18 +02:00
Aleksander Machniak
bf15b5ed92 Fix regression 2020-08-16 12:28:04 +02:00
Aleksander Machniak
a5c2b4360c Fixes in context of undefined variables, and code style 2020-08-15 12:13:31 +02:00
Aleksander Machniak
d445f8ad12 Fix importing birthday dates from Gmail vCards (BDAY:YYYYMMDD) 2020-08-12 11:25:44 +02:00
Thomas B
9020797d0d Merge pull request #7425 from thomascube/pr-xoauth2 
Add OAuth/XOauth support
 2020-08-10 21:40:01 +02:00
Aleksander Machniak
ec4cc29c88 Fix cross-site scripting (XSS) via HTML messages with malicious svg or math content 2020-08-09 18:02:16 +02:00
Achim Leitner
8e0ee8b1c4 Fix: Keep children of object tag (#6453) 
The HTML tag <object> optionally has embedded (child) tags that serve as an
alternative (fallback) HTML representation for the object. Of course, the
object and its parameters are considered harmful in HTML mail, but the
alternative representation is meant for exactly this kind of situation. They
should display the object contents without loading possibly insecure code.

- By ignoring <object> tags, roundcube also removes all their child nodes
- As <object> is not in the list of allowed $html_elements and <param> gets
  cleaned through $void_elements, they get ignored anyway, without removing the
  valuable child nodes.

Co-authored-by: root <root@coreboso-kolab.coreboso.de>
 2020-08-07 11:06:14 +02:00
Aleksander Machniak
3e2f076628 Fix bug in conversion of email addresses to mailto links in plain text messages (#7526) 2020-08-07 10:03:56 +02:00
Aleksander Machniak
60ccb25bd5 Fix detecting special folders on servers with both SPECIAL-USE and LIST-STATUS (#7525) 2020-07-31 14:36:57 +02:00
Aleksander Machniak
ef9b375ef6 Fix paging of search results on IMAP servers with no SORT capability (#7462) 
And simplify some code around.
 2020-07-30 13:23:37 +02:00
Aleksander Machniak
17deadfe56 Fix handling links without defined protocol (#7454) 2020-07-29 15:17:48 +02:00
Aleksander Machniak
0d9bffa878 Fix incorrect rewriting of internal links in HTML content (#7512) 2020-07-29 14:19:02 +02:00
Michael Stilkerich
25e42439d2 Fix inconsistencies in phpdoc type annotations (#7474) 2020-07-25 09:59:01 +02:00
Aleksander Machniak
0ccb351380 Fix regression in DB cache (#7499) 2020-07-21 20:15:05 +02:00
Aleksander Machniak
d7d7ca046f Cache refactoring (#6312) (#6781) 2020-07-18 13:51:47 +02:00
Aleksander Machniak
e2c25a1949 Fix support for an error as a string in message_before_send hook (#7475) 2020-07-18 08:24:44 +02:00
Aleksander Machniak
1e1ea25b6c Added special value 'email' to login_username_filter, it changes also logon input type (#7179) 2020-07-03 12:56:17 +02:00
Aleksander Machniak
32a7709ddf Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace 
Credits to SSD Secure Disclosure (https://ssd-disclosure.com/)
 2020-07-03 11:29:50 +02:00
Aleksander Machniak
bb3975adbe Fix insert_or_update() broken on SQLite/MSSQL/Oracle (#7465) 2020-07-02 08:41:50 +02:00
Aleksander Machniak
b22f1c9a1b Add skip-empty option to get_edit_field() (#7444) 2020-06-27 10:29:40 +02:00
Thomas Bruederli
1e6a2f4f49 Basic support for OAuth2 user login and IMAP/SMTP authentication 
- Add "Login with XXX" button to login screen if oauth is configured
- Perform OAuth login procedure and get an access token
- Implement XOAUTH2 authentication type for IAMP and SMTP

Requires a patched and not yet released version of Net_SMTP.
 2020-06-16 08:17:52 +02:00
Aleksander Machniak
9ee1f4b636 Merge branch 'master' of github.com:roundcube/roundcubemail 2020-06-13 13:00:11 +02:00
Aleksander Machniak
30610e867e Merge branch 'fix_encode' of https://github.com/shirosaki/roundcubemail into shirosaki-fix_encode 
Refactor the new code
 2020-06-13 12:53:31 +02:00
johndoh
9dbe666d4c Allow skins to define which layout options they support (#7235) 2020-06-13 09:25:50 +02:00
Kent Varmedal
b4dabff26c Add newline when writing logs to stdout (#7418) 
Add newline on the end of the line when printing to stdout.
 2020-06-13 07:48:13 +02:00
Aleksander Machniak
e9c592a6e8 Fix bug where subfolders of special folders could have been duplicated on folder list 2020-06-08 20:35:19 +02:00
Aleksander Machniak
4e00237cc4 Allow opening application/octet-stream attachments according to filename extension (#6821) 2020-06-07 10:45:33 +02:00
Aleksander Machniak
46d3cae2ff Security: Fix cross-site scripting (XSS) via malicious XML attachment 2020-05-30 08:35:33 +02:00
Aleksander Machniak
bda02002de Security: Better fix for CVE-2020-12641 2020-05-30 08:34:11 +02:00
Aleksander Machniak
da2bb8af6d Fix error when user-configured skin does not exist anymore (#7271) 
We fallback to the system skin not the default one.
 2020-05-23 09:44:00 +02:00
Aleksander Machniak
f6586c7cf7 Fix PHP warning: count(): Parameter must be an array or an object... in ID command handler (#7392) 2020-05-19 07:57:35 +02:00
johndoh
34a0af8964 Allow array in smtp_host config (#7296) 2020-05-16 14:05:28 +02:00
Aleksander Machniak
35c29be9b2 Remove use of ext-iconv 2020-05-03 18:33:20 +02:00
Aleksander Machniak
c39081b6a1 Fix bug in extracting required plugins from composer.json that led to spurious error in log (#7364) 2020-05-01 18:55:14 +02:00
Aleksander Machniak
219e353ac1 Fix local file inclusion (and code execution) via crafted 'plugins' option 2020-04-26 08:02:53 +02:00
Aleksander Machniak
4951d6603a Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings 2020-04-26 08:02:03 +02:00
Aleksander Machniak
87e4cd0cf2 Fix XSS issue in handling of CDATA in HTML messages 2020-04-26 07:59:47 +02:00
Aleksander Machniak
b35b5a1a26 Fix typo 2020-04-22 12:36:51 +02:00
Aleksander Machniak
bf34e8cf9c Fix performance issue of parsing big HTML messages by disabling HTML5 parser for these (#7331) 2020-04-22 12:33:34 +02:00