Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-13 11:37:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,916 Commits 72 Branches 205 Tags
release-1.6
Commit Graph

8050 Commits

Author SHA1 Message Date
Aleksander Machniak
dbdda5a06a Don't use str_contains() 2026-03-10 19:45:37 +01:00
Aleksander Machniak
610d1962d4 Fix Postgres connection using IPv6 address (#10104) 2026-03-10 19:30:53 +01:00
Aleksander Machniak
53d75d5dfe Fix regression 2026-02-08 10:25:02 +01:00
Aleksander Machniak
2b5625f1d2 Fix regression 2026-02-08 10:13:39 +01:00
Aleksander Machniak
1f4c3a5af5 Fix CSS injection vulnerability reported by CERT Polska 2026-02-08 09:38:01 +01:00
Aleksander Machniak
036e851b68 Fix remote image blocking bypass via SVG content reported by nullcathedral 2026-02-08 09:33:26 +01:00
Aleksander Machniak
a7349a4e21 Fix the regexp so it will produce less false-positives 2026-01-25 09:44:14 +01:00
Aleksander Machniak
08de250fba Fix Information Disclosure vulnerability in the HTML style sanitizer 
reported by somerandomdev
 2025-12-14 09:10:51 +01:00
Aleksander Machniak
bfa032631c Fix Cross-Site-Scripting vulnerability via SVG's animate tag 
reported by Valentin T., CrowdStrike
 2025-12-14 09:07:18 +01:00
Edža
63cd89dd5c Update lv_LV labels.inc (#10028) 
Fix letter
 2025-11-23 14:52:17 +01:00
Aleksander Machniak
df7aa66022 Fix parsing of inline styles that aren't well-formatted (#9948) 2025-08-03 11:34:34 +02:00
Aleksander Machniak
2c366035e2 Support IPv6 in database DSN (#9937) 2025-07-25 18:59:43 +02:00
Aleksander Machniak
c55adbaac9 PHP 8.5 compat. fix 2025-07-13 13:18:34 +02:00
Aleksander Machniak
4f915b5476 Fix PHP deprecation warnings when handling an invalid BODYSTRUCTURE (#9896) 2025-07-05 15:30:44 +02:00
Aleksander Machniak
6d5f237c6d Don't force specific error_reporting setting 2025-07-04 15:22:36 +02:00
Aleksander Machniak
ff55c373ec Fix compatibility with PHP 8.5 regarding array_first() 2025-07-04 15:21:13 +02:00
Philip Weir
2c4bd27090 bug fix: autocomplete fails if contactlist_fields contains vcard fields (#9850) 2025-06-15 09:10:52 +02:00
Aleksander Machniak
f3e7b4461e Fix "Assign to group" action state after creation of a first group (#9889) 2025-06-12 15:34:17 +02:00
Pablo Zmdl
0376f69e95 Validate URL parameter in upload code (#9866) 2025-06-01 09:18:54 +02:00
Aleksander Machniak
ff8c9ef59c Fix bug where attachments with content type of application/vnd.ms-tnef were not parsed (#7119) 2025-05-29 18:08:29 +02:00
Aleksander Machniak
2ad3ba61b2 Fix cursor position on "below the quote" reply in HTML mode (#8700) 2025-05-25 15:32:23 +02:00
Aleksander Machniak
c174c4150a - Fix connecting to LDAP using ldapi:// URI (#8990) 2025-05-25 09:41:15 +02:00
Aleksander Machniak
80df7021ff Fix Delete and Empty buttons state while creating a folder (#9047) 2025-04-27 11:17:41 +02:00
Aleksander Machniak
c32a86cda2 Fix bug where a wrong SPECIAL-USE folder could have been detected, if there were more than one per-type (#9781) 2025-04-20 12:40:14 +02:00
Aleksander Machniak
67d5dfc950 Fix removing/expiring redis/memcache records when using a key prefix 2025-04-18 14:41:52 +02:00
Aleksander Machniak
b86fd45abb OAuth: Fix/improve token refresh 2025-03-18 13:57:22 +01:00
Aleksander Machniak
8ec39907b5 Add rcmail_oauth::is_token_valid() method 2025-03-14 11:52:37 +01:00
Aleksander Machniak
0fd28406f7 Fix PHP warning (#9775) 2025-02-23 12:05:18 +01:00
Aleksander Machniak
96903289b7 Fix phpdoc issue 2025-02-08 09:46:32 +01:00
Aleksander Machniak
4a9516b2c9 Fix decoding of attachment names encoded using both RFC2231 and RFC2047 standards (#9725) 2025-02-02 14:05:31 +01:00
Philip Weir
cd42de335a Update links in comments and config to https where available (#9759) 2025-01-26 13:48:14 +01:00
Aleksander Machniak
8f34bf9e64 Fix decodeContent() call with the by-reference argument 2025-01-01 13:36:22 +01:00
Aleksander Machniak
3e57959976 Fix handling of binary mail parts (e.g. PDF) encoded with quoted-printable (#9728) 2025-01-01 13:34:36 +01:00
Aleksander Machniak
a34f716051 Reset internal cache in appropriate places to be on a safe side 2024-12-12 13:49:36 +01:00
Aleksander Machniak
b206cbc87a IMAP: Partial support for ANNOTATE-EXPERIMENT-1 extension (RFC 5257) 2024-12-11 15:03:04 +01:00
Aleksander Machniak
df02322d6a Fix Oauth issues with use_secure_urls=true (#9722) 2024-12-03 12:36:18 +01:00
Vitaly Lavrov
2f4748bb9d BUG: get_variable for postgres never returns a value (#9710) 
Because of this, the insert_or_update() method never uses the "INSERT INTO ... ON CONFLICT DO UPDATE SET ..." command, and the logs constantly show errors adding records to the message cache due to "duplicate key".
 2024-11-24 14:21:15 +01:00
Paul J. Dorn
3b1258b785 Fix preg_match()'s $flags type (#9686) 
PHP: Deprecated: preg_match(): Passing null to parameter #4 ($flags) of type int is deprecated in program/lib/Roundcube/rcube_result_thread.php
 2024-11-19 15:45:51 +01:00
Jan
6baf9aeff0 Added German translation for "Keep Formatting" (#9701) 2024-11-17 15:06:51 +01:00
Aleksander Machniak
5c38c67287 Fix PHP fatal error when parsing some malformed BODYSTRUCTURE responses (#9689) 2024-11-17 14:45:42 +01:00
Aleksander Machniak
dc9ace7526 Fix regression causing inline SVG images to be missing in mail preview (#9644) 2024-09-29 13:59:49 +02:00
Pablo Zmdl
8cc559a6f0 Fix getting IMAP vendor name (#9654) 
In some cases, the array's keys where upper case, and the previous code
produced a warning and resulted in an empty string, even though the
name was present.
 2024-09-29 11:51:53 +02:00
respiranto
ffb2cf7929 vcard: Fix whitespace handling in line cont's (#9637) 
* vcard: Fix whitespace handling in line cont's

Previously, multiple whitespace characters at the start of a
continuation line would all be dropped, instead of only the first one.

Also,
 - restrict line continuation characters to SPACE and TAB.

Note that, like before, this identifies the CR (`\r`) character with the
empty string, and thereby notably does not require a CRLF (`\r\n`)
sequence (which is mandated by RFCs 2426, 2425) for line termination
(i.e., `\n` suffices).

Fixes: Bug 1 of issue #9593.

* vcard: Add test for #9593/1

* Fix coding style
 2024-09-18 13:31:59 +02:00
Aleksander Machniak
602a989697 Fix PHP warning (#9611) 2024-09-07 08:56:26 +02:00
Aleksander Machniak
f3c526e6d1 Fix PHP deprecation warnings (#9616) 2024-09-07 08:55:05 +02:00
Aleksander Machniak
83f56f1758 OAuth: Support standard authentication with short-living password received with OIDC token (#9530) 2024-09-02 13:42:53 +02:00
Aleksander Machniak
f343ecea09 Fix regression where HTML messages were displayed unstyled (#9586) 2024-08-16 19:57:30 +02:00
Aleksander Machniak
32fed15346 Fix regression where printing/scaling/rotating image attachments was broken (#9571) 2024-08-08 14:06:38 +02:00
Aleksander Machniak
602d0f566e Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] 
Credits to Oskar Zeino-Mahmalat (Sonar) https://www.sonarsource.com
 2024-08-04 10:29:16 +02:00
Aleksander Machniak
89c8fe9ae9 - Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] 
Credits to Oskar Zeino-Mahmalat (Sonar) https://www.sonarsource.com
 2024-08-04 10:29:10 +02:00