Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-03 06:44:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,418 Commits 72 Branches 205 Tags
message-render-iframe
Commit Graph

56 Commits

Author SHA1 Message Date
Pablo Zmdl
08dc83b918 Replace REMOTE_OBJECTS with an attribute on the body element 
We need the information in the browser, because the
remote-objects-message is now rendered independently from the message
contents, and we need it for each message part.
 2025-04-24 15:12:49 +02:00
Pablo Zmdl
1019b462d3 Render each mime part in an individual, sandboxed iframe 
This includes a new "message loading" notice without meta refresh (which
requires unsafe-inline in a CSP, which we want to avoid)
 2025-04-24 15:12:49 +02:00
Aleksander Machniak
f7d8852d17 Use str_starts_with() where applicable 2025-03-30 11:32:38 +02:00
Aleksander Machniak
e36dd3a500 Fix PHP warning (#9611) 2024-09-07 08:52:52 +02:00
Aleksander Machniak
40a4a71b67 Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] 
Credits to Oskar Zeino-Mahmalat (https://www.sonarsource.com)
 2024-08-04 10:25:49 +02:00
Aleksander Machniak
7b68ad13c2 Fix bug where "with attachment" filter could fail on some fts engines (#9514) 2024-07-21 13:54:56 +02:00
Michael Voříšek
6a5f9ee7ce Add override method attributes (#9272) 2024-06-02 15:57:56 +02:00
Aleksander Machniak
9ca8aa6680 Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences 
Reported by Huy Nguyễn Phạm Nhật.
 2024-05-19 10:15:30 +02:00
Aleksander Machniak
cfd108399e Simplify use of rcube::raise_error() 2024-05-17 15:43:17 +02:00
Aleksander Machniak
e086c2c97c Code improvements 2024-04-07 09:20:52 +02:00
Aleksander Machniak
a1f39f47b7 Fix phpstan errors 2024-02-10 19:20:04 +01:00
Michael Voříšek
332c165d28 Fix some basic JS CS (#9328) 
* fix "nonblock-statement-body-position" (fixed already)

* fix "comma-dangle"

* fix "no-regex-spaces"

* fix "new-parens"

* fix "object-curly-newline"

* fix "object-property-newline"

* fix "spaced-comment" semimanually

* fix "no-constant-condition" manually

* fix "unicorn/no-hex-escape"

* fix "unicorn/escape-case"

* fix "quote-props"

* fix "no-whitespace-before-property" - fix bug/typo

* fix "unicorn/empty-brace-spaces"

* fix "keyword-spacing"

* fix "dot-notation"

* fix "no-return-assign" manually

* fix "padding-line-between-statements"

* fix "key-spacing"

* fix "no-else-return" semimanually

* fix some "no-undef"

* fix case cs

* Revert "fix "padding-line-between-statements""

* improve switch/case format I.

* improve switch/case format II.

regex: (^ *(break|return).*)\n *(\n)

* fix safe "eqeqeq"

* fix "radix"

* fix v3.49.0 CS (static providers)

* fix "string_implicit_backslashes" in php files

* fix comments align

* fix test static providers

* fix stan

* disable "final_internal_class" rule
 2024-02-06 08:28:19 +01:00
Michael Voříšek
d18406a8bd Fix binary operator spaces CS (#9330) 
* align_single_space_minimal for assign

* assign operators grouping is not supported by PHP CS Fixer

* binary_operator_spaces = single_space

* fix anonymous function on single line

* align comments manually
 2024-02-02 07:53:34 +01:00
Aleksander Machniak
34500a4fa4 Fix "missing return statement" phpstan errors 2024-01-27 19:07:52 +01:00
Michael Voříšek
4ee79b9e84 fix "explicit_string_variable" (#9315) 2024-01-22 08:05:59 +01:00
Michael Voříšek
b1a0067e5d Fix more CS (#9303) 
* fix "class_attributes_separation"

* fix "ternary_to_null_coalescing"

* fix "no_extra_blank_lines"

* fix "php_unit_data_provider_name" - use snake_case

* fix remaining "function data_" manually

* move "php_unit_test_case_static_method_calls" to a better place in cnf

* fix 3.47.1 CS
 2024-01-20 08:22:32 +01:00
Michael Voříšek
6a53a1d853 Fix CS (whitespace, visibility) (#9297) 
* Fix "method_argument_space"

* Fix "control_structure_continuation_position"

* Fix "new_with_parentheses"

* Fix "blank_line_before_statement"

* Fix "visibility_required"

* Fix some "array_indentation"

* Fix some "array_indentation" - unify all "rcube::raise_error" calls

* rm useless eslint ignores and add rules counts

* sort eslint ignores

* fix eslint ignores grammar

* Revert "Fix "blank_line_before_statement""

* fix CS 3.46.0
 2024-01-04 14:26:35 +01:00
Michael Voříšek
2643be3eaa Fix single quotes CS (#9283) 
* Fix "single_quote"

* fix "escape_implicit_backslashes"

* fix typo from f363481c

* fix single quotes in JS

* fix some minor JS CS

* fix CS v3.45.0
 2023-12-31 16:36:55 +01:00
Michael Voříšek
3e458fa5fd Refer native constants unambiguously (#9275) 
* Fix "native_constant_invocation" CS

* "self_accessor" was fixed in 9269 PR

* "php_unit_strict" was fixed in 9268 PR
 2023-12-23 17:02:19 +01:00
Michael Voříšek
28c778b7a0 Modernize more CS III (#9270) 
* fix "single_trait_insert_per_statement"

* fix "empty_loop_condition"

* fix "backtick_to_shell_exec"

* fix "phpdoc_to_comment"

* fix "no_empty_statement"

* fix "heredoc_to_nowdoc"

* fix "class_reference_name_casing"

* fix "align_multiline_comment"

* fix "heredoc_indentation"

* fix "constant_case"

* fix "single_line_comment_style"

* fix "no_null_property_initialization"

* fix "standardize_increment"

* fix "no_unneeded_control_parentheses"

* fix missing NL after "<?php"

* fix php in *.sh files too

* fix trailing spaces from all text files

* fix "explicit_indirect_variable"

* Revert "fix "align_multiline_comment""

This reverts commit 42e584f8e3.

* fix "align_multiline_comment" properly

* Revert "fix trailing spaces from all text files" - diff files only

* Revert "Revert "fix trailing spaces from all text files" - diff files only"

This reverts commit 2101c2a3a3.

* rm useless "setup-php" config
 2023-12-18 07:46:51 +01:00
Michael Voříšek
e7d7e62146 Modernize more basic CS II (#9254) 
* fix "integer_literal_case"

* fix "phpdoc_separation"

* fix "phpdoc_var_without_name"

* fix "operator_linebreak"

* fix "no_alias_language_construct_call"

* fix "list_syntax"

* fix "concat_space"

* fix "array_syntax"

* fix "binary_operator_spaces"

* fix "binary_operator_spaces" relaxed

* fix "phpdoc_types_order"

* fix "phpdoc_trim"

* fix "native_type_declaration_casing"

* fix "method_chaining_indentation"

* fix "phpdoc_no_package"

* fix "elseif"

* fix PHP CS Fixer config itself too

* fix "native_type_declaration_casing"
 2023-12-17 13:14:45 +01:00
Michael Voříšek
ca8b17d191 Modernize more basic CS (#9258) 
* fix "yoda_style"

* fix "is_null"

* rm useless rule ignores

* add full "PhpCsFixer:risky" ruleset

* fix "implode_call"

* fix "no_alias_functions"

* fix "array_push"

* fix "long_to_shorthand_operator"

* fix "ternary_to_elvis_operator"

* fix "logical_operators"

* fix "fopen_flags"

* rename "returns" phpdoc tags to "return"

* fix "php_unit_construct"

* fix "function_to_constant"

* fix "php_unit_data_provider_return_type"

* fix "php_unit_set_up_tear_down_visibility"

* some safe "string_length_to_empty"

* fix "phpdoc_align"

* fix "phpdoc_no_alias_tag"

* fix "trailing_comma_in_multiline"

---------

Co-authored-by: Aleksander Machniak <alec@alec.pl>
 2023-12-17 09:51:11 +01:00
Michael Voříšek
a8707ae220 Fix and assert basic CS using CI (#9246) 
* Assert CS using CI

* fix "single_blank_line_at_eof"

* fix "statement_indentation"

* fix "switch_case_semicolon_to_colon"

* fix "control_structure_braces"

* fix "statement_indentation"

* fix "no_whitespace_in_blank_line"

* fix "no_trailing_whitespace_in_comment"

* fix "no_trailing_whitespace"

* fix "single_space_around_construct"

* fix "spaces_inside_parentheses"

* fix "ternary_operator_spaces"

* fix "trim_array_spaces"

* fix "whitespace_after_comma_in_array"

* fix "cast_spaces"

* fix "unary_operator_spaces"

* fix "no_trailing_comma_in_singleline"

* fix "ordered_imports"

* fix "no_unused_imports"

* Check composer.json format

* fix CI job name

* file header comments are not phpdoc

* fix "phpdoc_indent"

* fix "braces_position"

* fix "phpdoc_types"

* fix "no_blank_lines_after_class_opening"

* fix "no_multiple_statements_per_line"

* fix "multiline_comment_opening_closing"

* fix "single_line_empty_body"

* fix "non_printable_character"

* fix "phpdoc_trim_consecutive_blank_line_separation"

* fix "include"

* fix "no_mixed_echo_print"

---------

Co-authored-by: Aleksander Machniak <alec@alec.pl>
 2023-12-16 15:37:43 +01:00
Aleksander Machniak
d08d167884 Code improvements for latest changes regarding #9077, #7556 2023-10-08 10:36:18 +02:00
vladimirdulov
e7360d87b1 Make mail search scope configurable (#9077, #7556) 
Co-authored-by: Vladimir D <vladimir@brandlight.org>
 2023-10-08 10:24:28 +02:00
Aleksander Machniak
9427ec1d35 Mouse-over menu on messages list (#7141) 2023-06-23 21:04:17 +02:00
Aleksander Machniak
dbcdedfc69 Fix PHP8 warnings when using list_flags and list_cols properties by plugins (#8998) 2023-05-07 09:22:32 +02:00
Aleksander Machniak
864e0710a3 Fix PHP8 warning (#8647) 2022-08-09 19:10:33 +02:00
Aleksander Machniak
185f958102 Disable email address spoofchecking on messages list 
.. do it only when opening the message, that's when we can display the warning.
 2022-07-09 18:11:37 +02:00
Aleksander Machniak
a2aa107f1a Don't list images attached to multipart/related part as attachments (#7184) 2022-04-10 10:11:56 +02:00
Aleksander Machniak
f429b26810 Fix various PHP8 warnings (#8392) 2022-01-11 19:04:24 +01:00
Aleksander Machniak
a5fd211712 Improve/Fix wrapping of plain text messages on preview and reply (#6974, #8391, #8378, #8289) 
In short, we always wrap, but we detect patches/diffs in the text and make them unwrappable.
 2022-01-09 16:29:09 +01:00
Aleksander Machniak
61b334f6b1 Fix bug with show_images setting where option 1 and 3 were swapped (#8268) 2021-10-29 12:48:07 +02:00
Aleksander Machniak
a94c2a3c05 Fix so session's search scope is not used if search is not active (#8199) 2021-10-19 19:21:40 +02:00
Aleksander Machniak
df7d8f1178 Improve auto-wrapping of plain text messages on preview and reply (#6974) 
- fix auto-wrapping of some specific cases
- do not auto-wrap non-format=flowed content on preview
- do not auto-wrap content on reply
 2021-10-15 10:44:02 +02:00
Aleksander Machniak
d6c2e9c3f5 Move wrap_and_quote() method to rcmail_action_mail_compose 2021-10-10 10:01:21 +02:00
Aleksander Machniak
f2688ba492 Use ?? operator where applicable 2021-09-21 19:12:06 +02:00
Aleksander Machniak
7a269a2b84 Replace get_input_value() with get_input_string() where appropriate 2021-09-13 19:31:49 +02:00
Aleksander Machniak
a0253db816 Fix bug where "from my contacts" and "from trusted senders" values were mixed up (#8177) 2021-08-26 08:05:03 +02:00
Aleksander Machniak
766189f524 Fix PHP 8.1 deprecation warnings 2021-07-31 08:38:47 +02:00
Justin Sleep
cd302c0654 Detect all variants of @ in suspicious emails (#8139) 2021-07-18 08:55:16 +02:00
Aleksander Machniak
02c7ddf9c1 Consider also full-width variant of @ when deciding about suspicious sender name 2021-07-16 13:18:39 +02:00
Aleksander Machniak
12ea080af8 Show suspicious email warning only when the email address is suspicious not the name 2021-07-16 13:16:16 +02:00
Josh Soref
203f456620 Spelling (#8001) 2021-04-18 08:43:18 +02:00
Aleksander Machniak
b913d2fbde Add IDN homograph attack (spoofing) detection [CVE-2019-15237] (#6891) 2021-03-21 09:25:57 +01:00
Aleksander Machniak
6722ba0da3 Fix bug where the list page wasn't reset when changing a folder on mail view page (#7932) 2021-03-13 08:17:43 +01:00
Aleksander Machniak
79b5343563 Fix handling of address groups in email headers by ignoring their names (#7663) 2021-02-06 16:41:50 +01:00
Aleksander Machniak
a9e50951ee Fix PHP warnings/notices 2021-01-14 19:18:53 +01:00
Aleksander Machniak
65c9d08e01 PHP8 fixes 2020-12-20 17:22:18 +01:00
Aleksander Machniak
ffe8a0c940 Elastic: Display email size on the list of messages (#7162) 2020-12-20 16:12:52 +01:00