Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-03 06:44:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,418 Commits 72 Branches 205 Tags
message-render-iframe
Commit Graph

33 Commits

Author SHA1 Message Date
Pablo Zmdl
16f9de14e1 WIP: reduce artifacts of testing in source code dir 
Note: This breaks tests that download files
 2025-06-17 14:42:52 +02:00
Pablo Zmdl
5c10569ada Allow fallback to embed.min.css 2025-05-07 13:47:35 +02:00
Pablo Zmdl
dd7a9e1416 Regain lost _mimewarning URL param 2025-05-07 13:43:24 +02:00
Pablo Zmdl
0a6dcf1db4 Two comments 2025-05-07 13:42:58 +02:00
Pablo Zmdl
550d5d35ab Don't htmlify text/plain parts if displayed as attachment 2025-04-30 12:48:21 +02:00
Pablo Zmdl
cb9fb1439c Don't include jquery-ui in iframed message content iframe 2025-04-30 12:48:21 +02:00
Pablo Zmdl
f8b07cd50a fixup: fix showing text/* attachments 2025-04-30 12:48:21 +02:00
Pablo Zmdl
a36613c536 WIP styling 2025-04-29 17:55:10 +02:00
Pablo Zmdl
d583ccc1c3 re-fix iframed email content styling 2025-04-29 17:47:44 +02:00
Pablo Zmdl
696cfa9ecb Fix styles for iframed email content parts 2025-04-28 12:52:32 +02:00
Pablo Zmdl
a0076ca889 Use styles.css, not embed.css for iframed html parts 2025-04-28 10:16:53 +02:00
Pablo Zmdl
b2345fc80e WIP: use .message-(html)part only on iframed html elem 2025-04-28 08:45:20 +02:00
Pablo Zmdl
06314ef989 Fix styling for iframed email content 2025-04-28 08:16:40 +02:00
Pablo Zmdl
3a9ad6b3e3 Remove rcmail_html_page 
The calling code replaced the $rcmail->output on the fly, which makes is
hardly testable.
Also that class was used only in the class `rcmail_action_mail_get`, and
it's a pretty thin layer on top of `rcmail_output_html`, which is not
necessary.
 2025-04-24 15:12:49 +02:00
Pablo Zmdl
1019b462d3 Render each mime part in an individual, sandboxed iframe 
This includes a new "message loading" notice without meta refresh (which
requires unsafe-inline in a CSP, which we want to avoid)
 2025-04-24 15:12:49 +02:00
Aleksander Machniak
f7d8852d17 Use str_starts_with() where applicable 2025-03-30 11:32:38 +02:00
Pablo Zmdl
6d51c21931 Exit through sendExit() (#9784) 
That way it's testable.
 2025-02-19 17:55:04 +01:00
Aleksander Machniak
78cc630987 - Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] 
Credits to Oskar Zeino-Mahmalat (https://www.sonarsource.com)
 2024-08-04 10:26:40 +02:00
Michael Voříšek
6a5f9ee7ce Add override method attributes (#9272) 2024-06-02 15:57:56 +02:00
Michael Voříšek
d18406a8bd Fix binary operator spaces CS (#9330) 
* align_single_space_minimal for assign

* assign operators grouping is not supported by PHP CS Fixer

* binary_operator_spaces = single_space

* fix anonymous function on single line

* align comments manually
 2024-02-02 07:53:34 +01:00
Michael Voříšek
4ee79b9e84 fix "explicit_string_variable" (#9315) 2024-01-22 08:05:59 +01:00
Michael Voříšek
6a53a1d853 Fix CS (whitespace, visibility) (#9297) 
* Fix "method_argument_space"

* Fix "control_structure_continuation_position"

* Fix "new_with_parentheses"

* Fix "blank_line_before_statement"

* Fix "visibility_required"

* Fix some "array_indentation"

* Fix some "array_indentation" - unify all "rcube::raise_error" calls

* rm useless eslint ignores and add rules counts

* sort eslint ignores

* fix eslint ignores grammar

* Revert "Fix "blank_line_before_statement""

* fix CS 3.46.0
 2024-01-04 14:26:35 +01:00
Michael Voříšek
2643be3eaa Fix single quotes CS (#9283) 
* Fix "single_quote"

* fix "escape_implicit_backslashes"

* fix typo from f363481c

* fix single quotes in JS

* fix some minor JS CS

* fix CS v3.45.0
 2023-12-31 16:36:55 +01:00
Michael Voříšek
3e458fa5fd Refer native constants unambiguously (#9275) 
* Fix "native_constant_invocation" CS

* "self_accessor" was fixed in 9269 PR

* "php_unit_strict" was fixed in 9268 PR
 2023-12-23 17:02:19 +01:00
Michael Voříšek
e7d7e62146 Modernize more basic CS II (#9254) 
* fix "integer_literal_case"

* fix "phpdoc_separation"

* fix "phpdoc_var_without_name"

* fix "operator_linebreak"

* fix "no_alias_language_construct_call"

* fix "list_syntax"

* fix "concat_space"

* fix "array_syntax"

* fix "binary_operator_spaces"

* fix "binary_operator_spaces" relaxed

* fix "phpdoc_types_order"

* fix "phpdoc_trim"

* fix "native_type_declaration_casing"

* fix "method_chaining_indentation"

* fix "phpdoc_no_package"

* fix "elseif"

* fix PHP CS Fixer config itself too

* fix "native_type_declaration_casing"
 2023-12-17 13:14:45 +01:00
Michael Voříšek
ca8b17d191 Modernize more basic CS (#9258) 
* fix "yoda_style"

* fix "is_null"

* rm useless rule ignores

* add full "PhpCsFixer:risky" ruleset

* fix "implode_call"

* fix "no_alias_functions"

* fix "array_push"

* fix "long_to_shorthand_operator"

* fix "ternary_to_elvis_operator"

* fix "logical_operators"

* fix "fopen_flags"

* rename "returns" phpdoc tags to "return"

* fix "php_unit_construct"

* fix "function_to_constant"

* fix "php_unit_data_provider_return_type"

* fix "php_unit_set_up_tear_down_visibility"

* some safe "string_length_to_empty"

* fix "phpdoc_align"

* fix "phpdoc_no_alias_tag"

* fix "trailing_comma_in_multiline"

---------

Co-authored-by: Aleksander Machniak <alec@alec.pl>
 2023-12-17 09:51:11 +01:00
Michael Voříšek
a8707ae220 Fix and assert basic CS using CI (#9246) 
* Assert CS using CI

* fix "single_blank_line_at_eof"

* fix "statement_indentation"

* fix "switch_case_semicolon_to_colon"

* fix "control_structure_braces"

* fix "statement_indentation"

* fix "no_whitespace_in_blank_line"

* fix "no_trailing_whitespace_in_comment"

* fix "no_trailing_whitespace"

* fix "single_space_around_construct"

* fix "spaces_inside_parentheses"

* fix "ternary_operator_spaces"

* fix "trim_array_spaces"

* fix "whitespace_after_comma_in_array"

* fix "cast_spaces"

* fix "unary_operator_spaces"

* fix "no_trailing_comma_in_singleline"

* fix "ordered_imports"

* fix "no_unused_imports"

* Check composer.json format

* fix CI job name

* file header comments are not phpdoc

* fix "phpdoc_indent"

* fix "braces_position"

* fix "phpdoc_types"

* fix "no_blank_lines_after_class_opening"

* fix "no_multiple_statements_per_line"

* fix "multiline_comment_opening_closing"

* fix "single_line_empty_body"

* fix "non_printable_character"

* fix "phpdoc_trim_consecutive_blank_line_separation"

* fix "include"

* fix "no_mixed_echo_print"

---------

Co-authored-by: Aleksander Machniak <alec@alec.pl>
 2023-12-16 15:37:43 +01:00
Aleksander Machniak
a20445fcc5 Fix potential HTTP protocol version mismatch (#8982) 2023-05-07 16:37:17 +02:00
anton-labunsky
f1e44f7681 Fix SIGBUS raised in ImageMagick (#8511) 
Use unique filename for temporary file, when image thumbnail is rendered.
 2023-01-01 12:49:45 +01:00
Aleksander Machniak
7a269a2b84 Replace get_input_value() with get_input_string() where appropriate 2021-09-13 19:31:49 +02:00
Aleksander Machniak
bdb3165b14 Fix XSS issue in handling attachment filename extension in mimetype mismatch warning (#8193) 2021-08-31 19:18:52 +02:00
Aleksander Machniak
c9a0af7645 Fix displaying inline images with incorrectly declared content-type (#8158) 2021-08-15 09:59:21 +02:00
Aleksander Machniak
545a1569f1 Steps -> Actions refactoring (#7688) 
* Move action handling code to rcmail class
* Add rcmail_action class
* Add action aliases
* Get rid of $OUTPUT global
* Move some methods from rcmail to rcmail_action
* PHP8 compat. fixes
* Add framework for testing actions
* Fix obvious code mistakes
 2020-11-01 11:25:38 +01:00