Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-03 14:54:01 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,659 Commits 72 Branches 205 Tags
238ec1ecdfdb00a8d4d0c4e30d9ef4d856e12025
Commit Graph

72 Commits

Author SHA1 Message Date
Aleksander Machniak
3196d656db Fix css conflicts in user interface and e-mail content (#5891) 
... by adding prefix to element/class identifiers
Also cleaned up some code and removed global variable use.
 2017-10-12 10:48:54 +02:00
Aleksander Machniak
5d16751ed8 Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 2017-10-01 11:58:11 +02:00
Thomas Bruederli
3723f3f178 Fix rcube_utils::random_bytes() to not throw exception for length=0 2017-09-29 15:35:12 +02:00
Aleksander Machniak
1fcf7bfab3 Fix bug where HTML messages with @media styles could moddify style of page body (#5811) 2017-06-28 08:26:05 +02:00
Aleksander Machniak
f0431c7475 Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length (#5788) 2017-06-27 17:16:56 +02:00
Aleksander Machniak
27a621818d Make sure rcube_utils::resolve_url() does not add port 80 to the url 
...which might have happened with reverse proxies
 2017-06-06 11:47:44 +02:00
Aleksander Machniak
8f22c3287d Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747) 2017-05-05 11:51:51 +02:00
Aleksander Machniak
9ff7b78c7e Fix conflict with _gid cookie of Google Analytics (#5748) 
TODO: Review the whole code base and don't use INPUT_GPC when it's not really needed,
      in most cases we should not read $_COOKIE.
 2017-05-04 11:40:42 +02:00
Thomas Bruederli
bf21557873 Better fix for XSS in style tags (b59ff5ca) 2017-03-10 10:44:51 +01:00
Aleksander Machniak
05aae4711c Replace xss_entity_decode_callback() method with lambda function 2017-03-09 12:05:11 +01:00
Aleksander Machniak
b59ff5cafb Fix XSS issue in handling of a style tag inside of an svg element 2017-03-09 11:45:22 +01:00
Aleksander Machniak
81f67a4de2 Don't use each() deprecated in PHP 7.2 2017-02-06 15:46:18 +01:00
Aleksander Machniak
dfd19206a4 sizeof() -> count() 2017-02-06 13:49:29 +01:00
Aleksander Machniak
7340360e79 Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 2017-01-07 09:59:42 +01:00
Aleksander Machniak
4e0532808d Fix bug where it wasn't possible to store more that 2MB objects in memcache/apc (#5452) 
Added memcache_max_allowed_packet and apc_max_allowed_packet settings
 2016-10-16 11:19:30 +02:00
Aleksander Machniak
195dc11855 Support host-specific imap_conn_options/smtp_conn_options/managesieve_conn_options (#5136) 2016-09-30 18:02:23 +02:00
Aleksander Machniak
dcabc1d814 Merge remote-tracking branch 'upstream/master' 
Conflicts:
	tests/Framework/Washtml.php
 2016-07-31 09:26:19 +02:00
Aleksander Machniak
c3fc072d97 Remove code related to magic_quotes_* and register_globals 
...they do not exist in PHP 5.4 which we now require.
 2016-07-29 13:34:50 +02:00
Aleksander Machniak
906cf101c3 Better time handling in rcube_utils::clean_datestr() 2016-07-29 12:40:15 +02:00
Aleksander Machniak
ec1525a1e6 Remove debug code 2016-07-29 12:26:23 +02:00
Aleksander Machniak
ed35267b9b Managesieve: Fix parsing of vacation date-time with non-default date_format (#5372) 
Added new method rcube_utils::format_datestr() to convert date_format date
into ISO date format.
 2016-07-29 05:42:18 -04:00
Aleksander Machniak
f2eafda539 Fix bug where microsecond format in logged date didn't work in some cases 2016-06-12 09:16:54 +02:00
Aleksander Machniak
d61d33a12a Fix handling of --delete argument in moduserprefs.sh script (#5296) 2016-06-01 20:15:22 +02:00
Aleksander Machniak
6737e293bb Wash position:fixed style in HTML mail for better security (#5264) 2016-05-29 17:09:41 +02:00
Aleksander Machniak
cbe701ac4a Fix rcube_utils::words_match() to work with mixed/invalid/binary content (T844) 2015-11-18 13:27:00 +01:00
Aleksander Machniak
7e3298753a Use ternary operator where aplicable 2015-11-14 10:08:07 +01:00
Aleksander Machniak
a03233ceba CS fixes 2015-10-07 09:14:18 +02:00
Aleksander Machniak
b2b9b591ce Fix handling random_bytes() errors in PHP 7.0.0RC3 2015-09-18 20:17:07 +02:00
Aleksander Machniak
e85bbc9e9c random_bytes() can throw an exception in some cases, since PHP 7.0.0rc3 2015-09-10 16:57:12 +02:00
Aleksander Machniak
26086981a2 Improve randomness of security tokens (#1490529) 2015-09-08 17:38:19 +02:00
Aleksander Machniak
f00e1f5333 CS fixes 2015-08-25 11:16:39 +02:00
Aleksander Machniak
7a42173a16 Simplify rcube_utils::check_ip() 2015-08-13 09:04:19 +02:00
Aleksander Machniak
6b31846c43 Fix IPv6 address validation on PHP with disabled IPv6 support 2015-08-12 21:11:20 +02:00
Aleksander Machniak
93e64008a6 Small code improvements 2015-08-05 09:30:51 +02:00
Aleksander Machniak
8447bae77c Require Mbstring and OpenSSL extensions (#1490415) - remove redundant code 2015-06-28 12:27:48 +02:00
Aleksander Machniak
9aae1b7fc3 Fix so microseconds macro (u) in log_date_format works (#1490446) 2015-06-26 09:20:43 +02:00
Aleksander Machniak
a958748947 CS fixes 2015-06-07 15:26:33 +02:00
Aleksander Machniak
3994b3a26c Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402) 2015-05-23 09:42:11 +02:00
Thomas Bruederli
c32998084d Add untility function to match strings ignoring word order 2015-03-03 14:54:36 +01:00
Thomas Bruederli
e8b82c2e7b Fix rcube_utils::normalize_string() to support unicode characters + add argument for minimum token length 2014-12-28 16:22:08 +01:00
Thomas Bruederli
09c58d1add Make rcube_utils::strtotime() timezone aware (#1490163) 2014-12-28 15:41:47 +01:00
Aleksander Machniak
787a421846 Fix rcube_utils::anytodatetime() with no timezone specified 2014-11-22 11:39:19 -05:00
Aleksander Machniak
848e204ef9 Fix validation of email addresses with IDNA domains (#1490067) 2014-09-13 12:36:54 +02:00
Aleksander Machniak
29c24e647c Get rid of DIRECTORY_SEPARATOR for consistency 2014-08-28 19:24:03 +02:00
Aleksander Machniak
5f58127eae Added rcube_utils::resolve_url() 2014-08-24 11:43:12 +02:00
Aleksander Machniak
75bbada03b Remove code for PHP<5.3, use PHP_VERSION_ID instead of version_compare() for version checks 2014-08-24 11:23:33 +02:00
Thomas Bruederli
cc850263d4 Add optional timezone argument for date conversion 2014-07-31 14:29:14 +02:00
Aleksander Machniak
49dad5f669 Fix broken normalize_string(), add support for ISO-8859-2 2014-05-27 11:39:31 +02:00
Felix Eckhofer
30e6b980a6 Remove usage of $RCMAIL global variable 2014-03-26 20:45:33 +01:00
Felix Eckhofer
ef721fc430 Add config variable 'proxy_whitelist' 
HTTP headers X_FORWARDED_* and X_REAL_IP are only evaluated when
received from an IP listed in proxy_whitelist. Furthermore, only the
last non-trusted IP from X-Forwarded-For is used in place of the real
ip.

Without this, an attacker can easily spoof the headers and control the
result of the ip or ssl check.

This fixes several problems with [3a4c9f42], [4d480b36] and [a520f331] as
mentioned in #1489729.
 2014-03-26 20:44:16 +01:00