Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-03 06:44:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,418 Commits 72 Branches 205 Tags
message-render-iframe
Commit Graph

156 Commits

Author SHA1 Message Date
Pablo Zmdl
16f9de14e1 WIP: reduce artifacts of testing in source code dir 
Note: This breaks tests that download files
 2025-06-17 14:42:52 +02:00
Pablo Zmdl
5c10569ada Allow fallback to embed.min.css 2025-05-07 13:47:35 +02:00
Pablo Zmdl
dd7a9e1416 Regain lost _mimewarning URL param 2025-05-07 13:43:24 +02:00
Pablo Zmdl
0a6dcf1db4 Two comments 2025-05-07 13:42:58 +02:00
Pablo Zmdl
550d5d35ab Don't htmlify text/plain parts if displayed as attachment 2025-04-30 12:48:21 +02:00
Pablo Zmdl
cb9fb1439c Don't include jquery-ui in iframed message content iframe 2025-04-30 12:48:21 +02:00
Pablo Zmdl
f8b07cd50a fixup: fix showing text/* attachments 2025-04-30 12:48:21 +02:00
Pablo Zmdl
a36613c536 WIP styling 2025-04-29 17:55:10 +02:00
Pablo Zmdl
d583ccc1c3 re-fix iframed email content styling 2025-04-29 17:47:44 +02:00
Pablo Zmdl
696cfa9ecb Fix styles for iframed email content parts 2025-04-28 12:52:32 +02:00
Pablo Zmdl
a0076ca889 Use styles.css, not embed.css for iframed html parts 2025-04-28 10:16:53 +02:00
Pablo Zmdl
65f4397a5e Fix styling for iframed email content parts 2025-04-28 10:16:13 +02:00
Pablo Zmdl
b2345fc80e WIP: use .message-(html)part only on iframed html elem 2025-04-28 08:45:20 +02:00
Pablo Zmdl
06314ef989 Fix styling for iframed email content 2025-04-28 08:16:40 +02:00
Pablo Zmdl
3a9ad6b3e3 Remove rcmail_html_page 
The calling code replaced the $rcmail->output on the fly, which makes is
hardly testable.
Also that class was used only in the class `rcmail_action_mail_get`, and
it's a pretty thin layer on top of `rcmail_output_html`, which is not
necessary.
 2025-04-24 15:12:49 +02:00
Pablo Zmdl
08dc83b918 Replace REMOTE_OBJECTS with an attribute on the body element 
We need the information in the browser, because the
remote-objects-message is now rendered independently from the message
contents, and we need it for each message part.
 2025-04-24 15:12:49 +02:00
Pablo Zmdl
1019b462d3 Render each mime part in an individual, sandboxed iframe 
This includes a new "message loading" notice without meta refresh (which
requires unsafe-inline in a CSP, which we want to avoid)
 2025-04-24 15:12:49 +02:00
Aleksander Machniak
f7d8852d17 Use str_starts_with() where applicable 2025-03-30 11:32:38 +02:00
Aleksander Machniak
94fd5a0f80 CS fixes (for the new fixer version rules) 2025-02-23 11:51:27 +01:00
Pablo Zmdl
6d51c21931 Exit through sendExit() (#9784) 
That way it's testable.
 2025-02-19 17:55:04 +01:00
Pablo Zmdl
46d25161dc Test message rendering (#9460) 2024-12-19 19:01:25 +01:00
Michael Voříšek
efcdce84ba Keep phpstan strict rules testing (#9424) 
* Revert "Get rid of phpstan/phpstan-strict-rules"

This reverts commit ff59ade31a.

* drop phpstan baseline

* fix foreach phpstan issue

* adjust for rebase

* fix method call case

* ignore one phpstan error even after isset
 2024-11-20 08:13:16 +01:00
Aleksander Machniak
e36dd3a500 Fix PHP warning (#9611) 2024-09-07 08:52:52 +02:00
Aleksander Machniak
ae1d028b89 Silence the new phpstan error 2024-08-21 11:11:33 +02:00
Aleksander Machniak
78cc630987 - Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] 
Credits to Oskar Zeino-Mahmalat (https://www.sonarsource.com)
 2024-08-04 10:26:40 +02:00
Aleksander Machniak
40a4a71b67 Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] 
Credits to Oskar Zeino-Mahmalat (https://www.sonarsource.com)
 2024-08-04 10:25:49 +02:00
Aleksander Machniak
7b68ad13c2 Fix bug where "with attachment" filter could fail on some fts engines (#9514) 2024-07-21 13:54:56 +02:00
Pablo Zmdl
8f9f1f12cd Filter "real" attachments by being referenced (#9472) 
* Filter "real" attachments by being referenced

This changes the way in which attachments are determined to be shown as
such ("standalone"), or not ("inline").
In theory this should be determined by their Content-Disposition, but in
reality this often doesn't work.
Now we check if the Content-ID or Content-Location of the attachment is
actually being used in other parts of the message. If not, the
attachment is considered to be "standalone".

* Consider all mime-parts to check if message is empty

Previously only `parts` and `body` were checked, so mime-parts that were
classified into `attachments` and `inline_parts` didn't count – thus
messages that contained only those parts were shown blank.
 2024-07-21 13:12:57 +02:00
Aleksander Machniak
8653e4726a Make phpstan happy 2024-07-17 20:51:21 +02:00
Aleksander Machniak
a8218b1eeb Fix bug where some messages could get malformed in an import from a MBOX file (#9510) 2024-07-17 20:34:55 +02:00
Michael Voříšek
6a5f9ee7ce Add override method attributes (#9272) 2024-06-02 15:57:56 +02:00
Aleksander Machniak
9ca8aa6680 Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences 
Reported by Huy Nguyễn Phạm Nhật.
 2024-05-19 10:15:30 +02:00
Aleksander Machniak
cfd108399e Simplify use of rcube::raise_error() 2024-05-17 15:43:17 +02:00
Michael Voříšek
a30e0ad438 Infer file/line location in rcube::raise_error() from backtrace (#9422) 
* \n\s+'file' => __FILE__,

* \n\s+'line' => __LINE__,

* 'line' => __LINE__, 'file' => __FILE__,

* 'file' => __FILE__, 'line' => __LINE__,

* rest

* more

* improve cs

* more cs

* revert rcube_utils::preg_error changes

* impl file/line from backtrace

* Revert "revert rcube_utils::preg_error changes"
 2024-04-21 11:48:35 +02:00
Aleksander Machniak
ff59ade31a Get rid of phpstan/phpstan-strict-rules 2024-04-21 11:33:51 +02:00
Aleksander Machniak
c7af820d3e Use draft settings (like DSN) on "Edit as new" (#9349) 2024-04-14 10:11:12 +02:00
Aleksander Machniak
e086c2c97c Code improvements 2024-04-07 09:20:52 +02:00
Aleksander Machniak
8adb052d35 Code improvements, PHPDoc fixes 2024-03-30 14:17:34 +01:00
Aleksander Machniak
58d28297a3 Code improvements, PHPDoc fixes 2024-03-29 16:18:20 +01:00
Aleksander Machniak
a1f39f47b7 Fix phpstan errors 2024-02-10 19:20:04 +01:00
Aleksander Machniak
966274d835 Fix phpstan errors 2024-02-09 21:11:50 +01:00
Michael Voříšek
332c165d28 Fix some basic JS CS (#9328) 
* fix "nonblock-statement-body-position" (fixed already)

* fix "comma-dangle"

* fix "no-regex-spaces"

* fix "new-parens"

* fix "object-curly-newline"

* fix "object-property-newline"

* fix "spaced-comment" semimanually

* fix "no-constant-condition" manually

* fix "unicorn/no-hex-escape"

* fix "unicorn/escape-case"

* fix "quote-props"

* fix "no-whitespace-before-property" - fix bug/typo

* fix "unicorn/empty-brace-spaces"

* fix "keyword-spacing"

* fix "dot-notation"

* fix "no-return-assign" manually

* fix "padding-line-between-statements"

* fix "key-spacing"

* fix "no-else-return" semimanually

* fix some "no-undef"

* fix case cs

* Revert "fix "padding-line-between-statements""

* improve switch/case format I.

* improve switch/case format II.

regex: (^ *(break|return).*)\n *(\n)

* fix safe "eqeqeq"

* fix "radix"

* fix v3.49.0 CS (static providers)

* fix "string_implicit_backslashes" in php files

* fix comments align

* fix test static providers

* fix stan

* disable "final_internal_class" rule
 2024-02-06 08:28:19 +01:00
Michael Voříšek
d18406a8bd Fix binary operator spaces CS (#9330) 
* align_single_space_minimal for assign

* assign operators grouping is not supported by PHP CS Fixer

* binary_operator_spaces = single_space

* fix anonymous function on single line

* align comments manually
 2024-02-02 07:53:34 +01:00
Aleksander Machniak
34500a4fa4 Fix "missing return statement" phpstan errors 2024-01-27 19:07:52 +01:00
Aleksander Machniak
a73a53c8ef Replace deprecated methods use 2024-01-27 09:58:01 +01:00
Michael Voříšek
ff2d721680 Fix more CS whitespace (#9318) 
* fix "no_useless_else" manually

* fix some "blank_line_before_statement"

* two manual changes

* Revert "fix some "blank_line_before_statement""

This reverts commit 2cc857c00e.

* fix some "blank_line_before_statement" using patched fixer (after "}" only)

* fix continue/break too
 2024-01-25 19:17:29 +01:00
Michael Voříšek
4ee79b9e84 fix "explicit_string_variable" (#9315) 2024-01-22 08:05:59 +01:00
Michael Voříšek
b1a0067e5d Fix more CS (#9303) 
* fix "class_attributes_separation"

* fix "ternary_to_null_coalescing"

* fix "no_extra_blank_lines"

* fix "php_unit_data_provider_name" - use snake_case

* fix remaining "function data_" manually

* move "php_unit_test_case_static_method_calls" to a better place in cnf

* fix 3.47.1 CS
 2024-01-20 08:22:32 +01:00
Aleksander Machniak
5761336253 Cleanup some uses of rcube_result_set, avoid calling ->next() 2024-01-17 19:27:09 +01:00
Michael Voříšek
6a53a1d853 Fix CS (whitespace, visibility) (#9297) 
* Fix "method_argument_space"

* Fix "control_structure_continuation_position"

* Fix "new_with_parentheses"

* Fix "blank_line_before_statement"

* Fix "visibility_required"

* Fix some "array_indentation"

* Fix some "array_indentation" - unify all "rcube::raise_error" calls

* rm useless eslint ignores and add rules counts

* sort eslint ignores

* fix eslint ignores grammar

* Revert "Fix "blank_line_before_statement""

* fix CS 3.46.0
 2024-01-04 14:26:35 +01:00