Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-14 20:16:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,659 Commits 72 Branches 205 Tags
238ec1ecdfdb00a8d4d0c4e30d9ef4d856e12025
Commit Graph

233 Commits

Author SHA1 Message Date
Aleksander Machniak
5e08a6ac59 Handle remote stylesheets the same as remote images, ask the user to allow them (#5994) 
Fixes the issue where remote stylesheet could have been blocked
if the message contained no remote images and user have no way to
allow that content.
 2017-10-13 12:48:13 +02:00
Aleksander Machniak
3196d656db Fix css conflicts in user interface and e-mail content (#5891) 
... by adding prefix to element/class identifiers
Also cleaned up some code and removed global variable use.
 2017-10-12 10:48:54 +02:00
Aleksander Machniak
5d16751ed8 Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 2017-10-01 11:58:11 +02:00
Filippo Tessarotto
e5e37928d4 Add Travis CI 2017-09-04 14:30:51 +02:00
Thomas Bruederli
1cfc024036 Modify links in html messages during Washtml DOM traversal 
This is a more safe approach than using regex and mitigates
possible vulnerabilities using malformed html markup.
 2017-08-18 09:50:39 +02:00
Thomas Bruederli
919338d4ba Escape textarea contents in Washtml 2017-08-18 09:49:54 +02:00
Aleksander Machniak
21e7d873ce Fix so links over images are not removed in plain text signatures converted from HTML (#4473) 2017-06-29 09:15:08 +02:00
Aleksander Machniak
1fcf7bfab3 Fix bug where HTML messages with @media styles could moddify style of page body (#5811) 2017-06-28 08:26:05 +02:00
Aleksander Machniak
8f22c3287d Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747) 2017-05-05 11:51:51 +02:00
Aleksander Machniak
ce61c8210e Added test for rcube_db::parse_dsn() 2017-04-22 08:14:56 +02:00
dfukagaw28
89a4134064 Add support for DelSp=Yes messages (#5702) 2017-03-22 08:30:36 +01:00
Thomas Bruederli
522565b400 Add tests for XSS vulnerabilities in style tags 2017-03-10 23:20:01 +01:00
Shin Kojima
0b385dc946 Skip iconv for problematic ISO-2022-JP strings (#5668) 
We sometimes get broken character encodings such as:
Subject: =?iso-2022-jp?B?GyRCLWo7M3l1OSk2SBsoQgo=?=
This actually is not a strict ISO-2022-JP string, but a CP50220 string
that is a variant of ISO-2022-JP with extended characters proposed by
Microsoft. Iconv can not handle these encodings well.
 2017-03-06 09:22:55 +01:00
Aleksander Machniak
e08f22ef28 Fix bug where external content in src attribute of input/video tags was not secured (#5583) 2017-01-07 20:00:18 +01:00
Aleksander Machniak
7340360e79 Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 2017-01-07 09:59:42 +01:00
Aleksander Machniak
bbab6a6db7 Identicon plugin 
https://kolabian.wordpress.com/2016/12/02/contact-identicons/
 2016-12-02 18:48:40 +01:00
JohnDoh
dd714b33a8 replace old trac links (#5514) 2016-11-13 19:15:00 +01:00
Aleksander Machniak
0485275a75 Merge branch 'dev/drop-legacy-browsers' 2016-08-20 10:50:54 +02:00
Aleksander Machniak
94f8ce3334 Make html::parse_attrib_string() more robust 
Fixes PHP Error: Expression parse error on: ($app->config->get('preview_pane',rcube_utils::get_boolean('')) == true ? ' checked=checked' : ')
 2016-08-12 10:37:40 +02:00
Aleksander Machniak
829442a4cd Removed legacy_browsr plugin 2016-08-04 08:48:20 +02:00
Aleksander Machniak
dcabc1d814 Merge remote-tracking branch 'upstream/master' 
Conflicts:
	tests/Framework/Washtml.php
 2016-07-31 09:26:19 +02:00
Aleksander Machniak
906cf101c3 Better time handling in rcube_utils::clean_datestr() 2016-07-29 12:40:15 +02:00
Aleksander Machniak
ed35267b9b Managesieve: Fix parsing of vacation date-time with non-default date_format (#5372) 
Added new method rcube_utils::format_datestr() to convert date_format date
into ISO date format.
 2016-07-29 05:42:18 -04:00
Aleksander Machniak
d91bad5975 Fix handling of blockquote tags with mixed case on html2text conversion (#5363) 2016-07-21 16:47:47 +02:00
Aleksander Machniak
bf5b3072c4 Fix MathML test on older PHP versions 2016-07-18 11:19:53 +02:00
Aleksander Machniak
edfd9da42a Support MathML in HTML message preview (#5182) 2016-07-17 11:15:37 +02:00
Aleksander Machniak
6737e293bb Wash position:fixed style in HTML mail for better security (#5264) 2016-05-29 17:09:41 +02:00
Aleksander Machniak
afd090672c Small performance optimization 2016-05-08 11:52:54 +02:00
Aleksander Machniak
ca9ad75d96 Add some more tests for HREF attribute washing 2016-05-08 10:06:24 +02:00
Aleksander Machniak
6652367d65 Fix XSS issue in href attribute on area tag (#5240, #5241) 2016-05-06 08:28:15 +02:00
Aleksander Machniak
a0f38f5fd8 Small code style improvements 2016-04-12 13:46:30 +02:00
Aleksander Machniak
e8ab3d96bd Fix converting mail addresses with @www. into mailto links (#5197) 2016-04-12 11:53:04 +02:00
Aleksander Machniak
ed1d212ae2 Improved SVG cleanup code 2016-01-16 09:03:51 +01:00
Aleksander Machniak
cbe701ac4a Fix rcube_utils::words_match() to work with mixed/invalid/binary content (T844) 2015-11-18 13:27:00 +01:00
Aleksander Machniak
9234903287 Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583) 2015-11-05 08:46:43 +01:00
Aleksander Machniak
26086981a2 Improve randomness of security tokens (#1490529) 2015-09-08 17:38:19 +02:00
Aleksander Machniak
a63f14ec40 Emoticons-related code refactoring 
- Emoticons: All emoticons-related functionality is handled by the plugin now
- Emoticons: Added option to switch on/off emoticons in compose editor (#1485732)
- Emoticons: Added option to switch on/off emoticons in plain text messages
- Plugin API: Added disabled_plugins an disabled_buttons options in html_editor hook
- Plugin API: Added html2text hook
 2015-08-29 07:52:57 +02:00
Aleksander Machniak
7a42173a16 Simplify rcube_utils::check_ip() 2015-08-13 09:04:19 +02:00
Aleksander Machniak
f4c512336d Fix "washing" of style elements wrapped into many lines 2015-08-10 10:17:05 +02:00
Aleksander Machniak
1b39d9a6c7 PHP7: Fixed some E_WARNING errors that previously were E_STRICT 2015-08-08 09:32:24 +02:00
Aleksander Machniak
1b8ca08e5b Added GSSAPI/Kerberos authentication plugin - krb_authentication 2015-08-06 13:23:50 +02:00
Aleksander Machniak
2d73205ec8 Skip rcube_ldap_generic test if Net_LDAP3 is not available 2015-08-02 11:32:41 +02:00
Aleksander Machniak
8447bae77c Require Mbstring and OpenSSL extensions (#1490415) - remove redundant code 2015-06-28 12:27:48 +02:00
Aleksander Machniak
f7427f151e Get rid of Mail_mimeDecode package dependency (#1490416) 2015-06-27 15:05:17 +02:00
Aleksander Machniak
25c8fe4eeb Fix handling of non-break spaces in html to text conversion (#1490436) 2015-06-17 14:03:13 +02:00
Aleksander Machniak
ff40683404 Fix so links with href == content aren't added to links list on html to text conversion (#1490434) 2015-06-17 09:30:44 +02:00
Thomas Bruederli
c5ca818118 Adapt washtml test to pass with different versions of iconv (i.e. on CentOS7) 2015-06-04 17:06:45 +02:00
Thomas Bruederli
7eefdc8149 Adapt charset cleanup tests to pass with different versions of iconv propucing slightyl different output 2015-06-01 13:43:54 +02:00
Thomas Bruederli
9311fea09b Add utility functiion to get an elemet's text content also when running tests in PhantomJS 2015-05-26 13:55:39 +02:00
Aleksander Machniak
3994b3a26c Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402) 2015-05-23 09:42:11 +02:00