Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-02 22:34:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,418 Commits 72 Branches 205 Tags
message-render-iframe
Commit Graph

174 Commits

Author SHA1 Message Date
Aleksander Machniak
f7d8852d17 Use str_starts_with() where applicable 2025-03-30 11:32:38 +02:00
Philip Weir
ccede1f272 Update links in comments and config to https where available (#9759) 2025-01-26 13:34:57 +01:00
Aleksander Machniak
c99dcacddb - Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] 
Credits to Oskar Zeino-Mahmalat (https://www.sonarsource.com)
 2024-08-04 10:27:18 +02:00
Michael Voříšek
a30e0ad438 Infer file/line location in rcube::raise_error() from backtrace (#9422) 
* \n\s+'file' => __FILE__,

* \n\s+'line' => __LINE__,

* 'line' => __LINE__, 'file' => __FILE__,

* 'file' => __FILE__, 'line' => __LINE__,

* rest

* more

* improve cs

* more cs

* revert rcube_utils::preg_error changes

* impl file/line from backtrace

* Revert "revert rcube_utils::preg_error changes"
 2024-04-21 11:48:35 +02:00
Aleksander Machniak
15c1228cf3 Code improvements 2024-03-24 08:52:17 +01:00
Aleksander Machniak
91816ca187 Fix phpstan errors 2024-02-10 09:23:12 +01:00
Michael Voříšek
332c165d28 Fix some basic JS CS (#9328) 
* fix "nonblock-statement-body-position" (fixed already)

* fix "comma-dangle"

* fix "no-regex-spaces"

* fix "new-parens"

* fix "object-curly-newline"

* fix "object-property-newline"

* fix "spaced-comment" semimanually

* fix "no-constant-condition" manually

* fix "unicorn/no-hex-escape"

* fix "unicorn/escape-case"

* fix "quote-props"

* fix "no-whitespace-before-property" - fix bug/typo

* fix "unicorn/empty-brace-spaces"

* fix "keyword-spacing"

* fix "dot-notation"

* fix "no-return-assign" manually

* fix "padding-line-between-statements"

* fix "key-spacing"

* fix "no-else-return" semimanually

* fix some "no-undef"

* fix case cs

* Revert "fix "padding-line-between-statements""

* improve switch/case format I.

* improve switch/case format II.

regex: (^ *(break|return).*)\n *(\n)

* fix safe "eqeqeq"

* fix "radix"

* fix v3.49.0 CS (static providers)

* fix "string_implicit_backslashes" in php files

* fix comments align

* fix test static providers

* fix stan

* disable "final_internal_class" rule
 2024-02-06 08:28:19 +01:00
Michael Voříšek
d18406a8bd Fix binary operator spaces CS (#9330) 
* align_single_space_minimal for assign

* assign operators grouping is not supported by PHP CS Fixer

* binary_operator_spaces = single_space

* fix anonymous function on single line

* align comments manually
 2024-02-02 07:53:34 +01:00
Aleksander Machniak
34500a4fa4 Fix "missing return statement" phpstan errors 2024-01-27 19:07:52 +01:00
Michael Voříšek
ff2d721680 Fix more CS whitespace (#9318) 
* fix "no_useless_else" manually

* fix some "blank_line_before_statement"

* two manual changes

* Revert "fix some "blank_line_before_statement""

This reverts commit 2cc857c00e.

* fix some "blank_line_before_statement" using patched fixer (after "}" only)

* fix continue/break too
 2024-01-25 19:17:29 +01:00
Michael Voříšek
4ee79b9e84 fix "explicit_string_variable" (#9315) 2024-01-22 08:05:59 +01:00
Michael Voříšek
b1a0067e5d Fix more CS (#9303) 
* fix "class_attributes_separation"

* fix "ternary_to_null_coalescing"

* fix "no_extra_blank_lines"

* fix "php_unit_data_provider_name" - use snake_case

* fix remaining "function data_" manually

* move "php_unit_test_case_static_method_calls" to a better place in cnf

* fix 3.47.1 CS
 2024-01-20 08:22:32 +01:00
Michael Voříšek
6a53a1d853 Fix CS (whitespace, visibility) (#9297) 
* Fix "method_argument_space"

* Fix "control_structure_continuation_position"

* Fix "new_with_parentheses"

* Fix "blank_line_before_statement"

* Fix "visibility_required"

* Fix some "array_indentation"

* Fix some "array_indentation" - unify all "rcube::raise_error" calls

* rm useless eslint ignores and add rules counts

* sort eslint ignores

* fix eslint ignores grammar

* Revert "Fix "blank_line_before_statement""

* fix CS 3.46.0
 2024-01-04 14:26:35 +01:00
Michael Voříšek
2643be3eaa Fix single quotes CS (#9283) 
* Fix "single_quote"

* fix "escape_implicit_backslashes"

* fix typo from f363481c

* fix single quotes in JS

* fix some minor JS CS

* fix CS v3.45.0
 2023-12-31 16:36:55 +01:00
Michael Voříšek
3e458fa5fd Refer native constants unambiguously (#9275) 
* Fix "native_constant_invocation" CS

* "self_accessor" was fixed in 9269 PR

* "php_unit_strict" was fixed in 9268 PR
 2023-12-23 17:02:19 +01:00
Michael Voříšek
a9167a0d2f Fix "static_lambda" CS (#9276) 2023-12-20 20:01:00 +01:00
Michael Voříšek
e7d7e62146 Modernize more basic CS II (#9254) 
* fix "integer_literal_case"

* fix "phpdoc_separation"

* fix "phpdoc_var_without_name"

* fix "operator_linebreak"

* fix "no_alias_language_construct_call"

* fix "list_syntax"

* fix "concat_space"

* fix "array_syntax"

* fix "binary_operator_spaces"

* fix "binary_operator_spaces" relaxed

* fix "phpdoc_types_order"

* fix "phpdoc_trim"

* fix "native_type_declaration_casing"

* fix "method_chaining_indentation"

* fix "phpdoc_no_package"

* fix "elseif"

* fix PHP CS Fixer config itself too

* fix "native_type_declaration_casing"
 2023-12-17 13:14:45 +01:00
Michael Voříšek
ca8b17d191 Modernize more basic CS (#9258) 
* fix "yoda_style"

* fix "is_null"

* rm useless rule ignores

* add full "PhpCsFixer:risky" ruleset

* fix "implode_call"

* fix "no_alias_functions"

* fix "array_push"

* fix "long_to_shorthand_operator"

* fix "ternary_to_elvis_operator"

* fix "logical_operators"

* fix "fopen_flags"

* rename "returns" phpdoc tags to "return"

* fix "php_unit_construct"

* fix "function_to_constant"

* fix "php_unit_data_provider_return_type"

* fix "php_unit_set_up_tear_down_visibility"

* some safe "string_length_to_empty"

* fix "phpdoc_align"

* fix "phpdoc_no_alias_tag"

* fix "trailing_comma_in_multiline"

---------

Co-authored-by: Aleksander Machniak <alec@alec.pl>
 2023-12-17 09:51:11 +01:00
Michael Voříšek
93946f4ca7 Fix "self_accessor" PHP CS Fixer rule (#9269) 2023-12-17 09:44:43 +01:00
Michael Voříšek
1aef271290 Fix class/method names case typos (#9261) 
* fix Mail_Mime case

* fix StdErrMock case

* fix method calls case
 2023-12-16 15:39:59 +01:00
Michael Voříšek
a8707ae220 Fix and assert basic CS using CI (#9246) 
* Assert CS using CI

* fix "single_blank_line_at_eof"

* fix "statement_indentation"

* fix "switch_case_semicolon_to_colon"

* fix "control_structure_braces"

* fix "statement_indentation"

* fix "no_whitespace_in_blank_line"

* fix "no_trailing_whitespace_in_comment"

* fix "no_trailing_whitespace"

* fix "single_space_around_construct"

* fix "spaces_inside_parentheses"

* fix "ternary_operator_spaces"

* fix "trim_array_spaces"

* fix "whitespace_after_comma_in_array"

* fix "cast_spaces"

* fix "unary_operator_spaces"

* fix "no_trailing_comma_in_singleline"

* fix "ordered_imports"

* fix "no_unused_imports"

* Check composer.json format

* fix CI job name

* file header comments are not phpdoc

* fix "phpdoc_indent"

* fix "braces_position"

* fix "phpdoc_types"

* fix "no_blank_lines_after_class_opening"

* fix "no_multiple_statements_per_line"

* fix "multiline_comment_opening_closing"

* fix "single_line_empty_body"

* fix "non_printable_character"

* fix "phpdoc_trim_consecutive_blank_line_separation"

* fix "include"

* fix "no_mixed_echo_print"

---------

Co-authored-by: Aleksander Machniak <alec@alec.pl>
 2023-12-16 15:37:43 +01:00
Michael Voříšek
5425d1a84a Fix invalid phpdocs (#9252) 
* fix missing return type in phpdoc
* fix "phpdoc_scalar"
* Fix phpdoc variable names typos
* fix wrong phpdoc tags
 2023-12-10 16:20:50 +01:00
Michael Voříšek
13f68fa06f Fix explode_quoted_string for multibyte delimiter (#9248) 2023-12-10 10:15:52 +01:00
Aleksander Machniak
da3c12bce2 Silence some potential PHP warnings 2023-11-07 15:52:17 +01:00
Aleksander Machniak
102b04e74e Fix PHP7 compat. break in last commit 2023-06-14 13:00:54 +02:00
Aleksander Machniak
3e32395acd Fix so output of log_date_format with microseconds contains time in server time zone, not UTC 2023-06-14 12:56:00 +02:00
Aleksander Machniak
a3431e94ae Fix connecting to LDAP using an URI with ldapi:// scheme (#8990) 2023-05-13 19:40:05 +02:00
Aleksander Machniak
43af3e0e58 Move get_host() from rcube_utils to rcmail_utils, de-duplicate 2023-03-05 18:33:57 +01:00
vladasko-g
852ffc6826 Add idenity management script (#8887) 2023-03-05 17:56:52 +01:00
Thomas B
409aee8b3c Add config option for request uri field (#8738) (#8770) 
This can be used to read a custom header sent by a reverse proxy to resolve the absolute path to Roundcube

* add check against the proxy_whitelist option before using a HTTP header field value for the request uri composition.
* refactor the rcmail::url() method to also work when composing fully qualified urls.
* fix/adapt tests
 2022-11-23 21:05:00 +01:00
Aleksander Machniak
1b0c72f9c3 Fix PHP warning (#8784) 2022-11-15 19:00:40 +01:00
Aleksander Machniak
4ca3e5d610 CS fixes, update changelog 2022-08-01 12:25:00 +02:00
Christian Mollekopf
a9a9be9a69 Use rcube_utils::remote_addr() to take HTTP_X_FORWARDED_FOR into account 2022-07-22 10:42:24 +02:00
Christian Mollekopf
76154d27f2 Introduce optional support to inject PROXY protocol headers after 
opening IMAP TCP streams.

Version 1 (text based) and version 2 (binary) protocol header types are
supported. Supports both IPv4 and IPv6 style headers.

http://www.haproxy.org/download/1.6/doc/proxy-protocol.txt
 2022-07-22 10:32:50 +02:00
Aleksander Machniak
8ad92d5f98 Fix so unix:// URI is supported in various host spec. options again (#8468) 2022-04-10 19:46:22 +02:00
Aleksander Machniak
7b81a71393 Don't use TLS by default (#8359) 
Also unify the common code with a new rcube_utils::parse_host_uri() method
 2021-12-11 09:52:23 +01:00
Aleksander Machniak
c445e19484 Fix security issues regarding server name and trusted_host_patterns setting 2021-10-17 10:59:54 +02:00
Aleksander Machniak
318d6d0859 Simplify code according to the minimum PHP version supported 2021-10-05 19:29:57 +02:00
Aleksander Machniak
f2688ba492 Use ?? operator where applicable 2021-09-21 19:12:06 +02:00
johndoh
693252edfe Remove redudant php version checks (#8154) 2021-08-01 17:39:12 +02:00
Aleksander Machniak
6f435ecb52 Fix fatal error/warning on invalid input to user parameter (#8152) 
Added a new utility method: rcube_utils::get_input_string()
 2021-08-01 10:31:09 +02:00
Aleksander Machniak
766189f524 Fix PHP 8.1 deprecation warnings 2021-07-31 08:38:47 +02:00
Aleksander Machniak
0d4a395464 Fix PHP 8.1 deprecation warnings 2021-07-31 07:53:14 +02:00
Thomas P
0044673e11 Add config options for subject prefixes (#7929) 2021-04-25 09:41:08 +02:00
Josh Soref
203f456620 Spelling (#8001) 2021-04-18 08:43:18 +02:00
Aleksander Machniak
0df8e97476 Small code improvement + tests 2021-03-22 16:11:38 +01:00
Aleksander Machniak
9f19b931e3 Fix cross-site scripting (XSS) via HTML messages with malicious CSS content 
and improve css parsing code.

Thanks to Mateusz Szymaniec (CERT Polska) for reporting the issue.
 2021-02-08 13:42:12 +01:00
Aleksander Machniak
b4b24f93df Fix some PHP8 warnings 2021-01-15 18:56:48 +01:00
Aleksander Machniak
39b3c0049e Fix cross-site scripting (XSS) via HTML or Plain text messages with malicious content [CVE-2020-35730] 
Credits to Alex Birnberg <birnbergalex@gmail.com>
 2020-12-27 18:27:42 +01:00
Aleksander Machniak
66062846ec Fix "unitialized string offset" warnings 2020-12-19 19:43:36 +01:00