Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-10 10:06:52 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,539 Commits 72 Branches 205 Tags
3f985c35d1dd6c7d88e8cfd5d522721050ba767f
Commit Graph

243 Commits

Author SHA1 Message Date
Aleksander Machniak
b2bebe531a Fix bug where usernames without domain part could be malformed or converted to lower-case on logon (#6224) 2018-04-10 09:24:29 +02:00
Aleksander Machniak
f36e23b778 Fix parsing date strings (e.g. from a Date: mail header) with comments (#6216) 2018-03-18 19:22:09 +01:00
Aleksander Machniak
0f3ad342f7 Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() (#6212) 2018-03-09 09:32:44 +01:00
Aleksander Machniak
1058924e21 Move some framework classes to sub-directories 2018-03-03 17:46:59 +01:00
Aleksander Machniak
d07b032bcd Refactor cache code with separate engine-specific classes 2018-03-03 17:28:40 +01:00
Aleksander Machniak
9d2b303b51 Fix bug in remote content blocking on HTML image and style tags (#6178) 2018-02-14 20:19:32 +01:00
Daniel Kesselberg
a8d5547163 Update idn convertion methods (#6115) 
* Add more test cases
* Update phpdoc
 2017-12-31 13:22:48 +01:00
Aleksander Machniak
63a7d2313f Improve SMTPUTF8 support and fix relaxed email validation issues 2017-12-31 13:14:31 +01:00
Daniel Kesselberg
a3504cb3b8 Add unit test for IDN (#6114) 2017-12-30 08:41:10 +01:00
Aleksander Machniak
a0374f3c45 Fix mangled non-ASCII characters in links in HTML messages (#6028) 2017-11-08 12:38:19 +01:00
Aleksander Machniak
5e08a6ac59 Handle remote stylesheets the same as remote images, ask the user to allow them (#5994) 
Fixes the issue where remote stylesheet could have been blocked
if the message contained no remote images and user have no way to
allow that content.
 2017-10-13 12:48:13 +02:00
Aleksander Machniak
3196d656db Fix css conflicts in user interface and e-mail content (#5891) 
... by adding prefix to element/class identifiers
Also cleaned up some code and removed global variable use.
 2017-10-12 10:48:54 +02:00
Aleksander Machniak
5d16751ed8 Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 2017-10-01 11:58:11 +02:00
Filippo Tessarotto
e5e37928d4 Add Travis CI 2017-09-04 14:30:51 +02:00
Thomas Bruederli
1cfc024036 Modify links in html messages during Washtml DOM traversal 
This is a more safe approach than using regex and mitigates
possible vulnerabilities using malformed html markup.
 2017-08-18 09:50:39 +02:00
Thomas Bruederli
919338d4ba Escape textarea contents in Washtml 2017-08-18 09:49:54 +02:00
Aleksander Machniak
21e7d873ce Fix so links over images are not removed in plain text signatures converted from HTML (#4473) 2017-06-29 09:15:08 +02:00
Aleksander Machniak
1fcf7bfab3 Fix bug where HTML messages with @media styles could moddify style of page body (#5811) 2017-06-28 08:26:05 +02:00
Aleksander Machniak
8f22c3287d Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747) 2017-05-05 11:51:51 +02:00
Aleksander Machniak
ce61c8210e Added test for rcube_db::parse_dsn() 2017-04-22 08:14:56 +02:00
dfukagaw28
89a4134064 Add support for DelSp=Yes messages (#5702) 2017-03-22 08:30:36 +01:00
Thomas Bruederli
522565b400 Add tests for XSS vulnerabilities in style tags 2017-03-10 23:20:01 +01:00
Shin Kojima
0b385dc946 Skip iconv for problematic ISO-2022-JP strings (#5668) 
We sometimes get broken character encodings such as:
Subject: =?iso-2022-jp?B?GyRCLWo7M3l1OSk2SBsoQgo=?=
This actually is not a strict ISO-2022-JP string, but a CP50220 string
that is a variant of ISO-2022-JP with extended characters proposed by
Microsoft. Iconv can not handle these encodings well.
 2017-03-06 09:22:55 +01:00
Aleksander Machniak
e08f22ef28 Fix bug where external content in src attribute of input/video tags was not secured (#5583) 2017-01-07 20:00:18 +01:00
Aleksander Machniak
7340360e79 Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 2017-01-07 09:59:42 +01:00
Aleksander Machniak
bbab6a6db7 Identicon plugin 
https://kolabian.wordpress.com/2016/12/02/contact-identicons/
 2016-12-02 18:48:40 +01:00
JohnDoh
dd714b33a8 replace old trac links (#5514) 2016-11-13 19:15:00 +01:00
Aleksander Machniak
0485275a75 Merge branch 'dev/drop-legacy-browsers' 2016-08-20 10:50:54 +02:00
Aleksander Machniak
94f8ce3334 Make html::parse_attrib_string() more robust 
Fixes PHP Error: Expression parse error on: ($app->config->get('preview_pane',rcube_utils::get_boolean('')) == true ? ' checked=checked' : ')
 2016-08-12 10:37:40 +02:00
Aleksander Machniak
829442a4cd Removed legacy_browsr plugin 2016-08-04 08:48:20 +02:00
Aleksander Machniak
dcabc1d814 Merge remote-tracking branch 'upstream/master' 
Conflicts:
	tests/Framework/Washtml.php
 2016-07-31 09:26:19 +02:00
Aleksander Machniak
906cf101c3 Better time handling in rcube_utils::clean_datestr() 2016-07-29 12:40:15 +02:00
Aleksander Machniak
ed35267b9b Managesieve: Fix parsing of vacation date-time with non-default date_format (#5372) 
Added new method rcube_utils::format_datestr() to convert date_format date
into ISO date format.
 2016-07-29 05:42:18 -04:00
Aleksander Machniak
d91bad5975 Fix handling of blockquote tags with mixed case on html2text conversion (#5363) 2016-07-21 16:47:47 +02:00
Aleksander Machniak
bf5b3072c4 Fix MathML test on older PHP versions 2016-07-18 11:19:53 +02:00
Aleksander Machniak
edfd9da42a Support MathML in HTML message preview (#5182) 2016-07-17 11:15:37 +02:00
Aleksander Machniak
6737e293bb Wash position:fixed style in HTML mail for better security (#5264) 2016-05-29 17:09:41 +02:00
Aleksander Machniak
afd090672c Small performance optimization 2016-05-08 11:52:54 +02:00
Aleksander Machniak
ca9ad75d96 Add some more tests for HREF attribute washing 2016-05-08 10:06:24 +02:00
Aleksander Machniak
6652367d65 Fix XSS issue in href attribute on area tag (#5240, #5241) 2016-05-06 08:28:15 +02:00
Aleksander Machniak
a0f38f5fd8 Small code style improvements 2016-04-12 13:46:30 +02:00
Aleksander Machniak
e8ab3d96bd Fix converting mail addresses with @www. into mailto links (#5197) 2016-04-12 11:53:04 +02:00
Aleksander Machniak
ed1d212ae2 Improved SVG cleanup code 2016-01-16 09:03:51 +01:00
Aleksander Machniak
cbe701ac4a Fix rcube_utils::words_match() to work with mixed/invalid/binary content (T844) 2015-11-18 13:27:00 +01:00
Aleksander Machniak
9234903287 Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583) 2015-11-05 08:46:43 +01:00
Aleksander Machniak
26086981a2 Improve randomness of security tokens (#1490529) 2015-09-08 17:38:19 +02:00
Aleksander Machniak
a63f14ec40 Emoticons-related code refactoring 
- Emoticons: All emoticons-related functionality is handled by the plugin now
- Emoticons: Added option to switch on/off emoticons in compose editor (#1485732)
- Emoticons: Added option to switch on/off emoticons in plain text messages
- Plugin API: Added disabled_plugins an disabled_buttons options in html_editor hook
- Plugin API: Added html2text hook
 2015-08-29 07:52:57 +02:00
Aleksander Machniak
7a42173a16 Simplify rcube_utils::check_ip() 2015-08-13 09:04:19 +02:00
Aleksander Machniak
f4c512336d Fix "washing" of style elements wrapped into many lines 2015-08-10 10:17:05 +02:00
Aleksander Machniak
1b39d9a6c7 PHP7: Fixed some E_WARNING errors that previously were E_STRICT 2015-08-08 09:32:24 +02:00