roundcubemail

mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-06 16:16:48 +01:00

Author	SHA1	Message	Date
thomascube	de62f02eed	Also check referer on logout action	2011-02-08 08:19:18 +00:00
thomascube	a77cf2292b	Add optional referer check to prevent CSRF in GET requests	2011-02-08 08:13:06 +00:00
thomascube	784a425e07	protect login form submission from CSRF using a request token	2011-02-03 22:08:03 +00:00
thomascube	cf2da2f9aa	Improve session validity check with changing auth cookies; reduce writes to DB; better phpdoc	2011-01-28 16:44:22 +00:00
thomascube	32234d71d3	Better fix for login redirect, don't force mail task	2011-01-19 13:11:47 +00:00
alecpl	68d2d54100	- Move action files map from index.php to steps' func.inc files	2011-01-16 19:42:40 +00:00
thomascube	88007cf060	Fix login redirect issues (#1487686 )	2011-01-14 17:03:33 +00:00
thomascube	f5e7b35307	Bumbed version; Roundcube development is not Switzerland only	2011-01-12 18:25:02 +00:00
thomascube	c3be8ed64c	Make sure an existing session is killed/replaced when submitting login form	2011-01-06 12:41:16 +00:00
alecpl	af3c045ecf	- New Folder Manager UI - Fix invalid Request when creating a folder (#1487443) - Add folder size and quota indicator in folder manager (#1485780) - Add possibility to move a subfolder into root folder (#1486791)	2010-12-03 10:58:40 +00:00
alecpl	5f560ee7a0	- Plugin API: Add 'pass' argument in 'authenticate' hook (#1487134 )	2010-11-29 08:23:53 +00:00
alecpl	6d99f99576	- Handle situation when $IMAP object isn't initialized on log in	2010-11-09 13:21:02 +00:00
alecpl	8fcc3e1ad6	- Improved IMAP errors handling	2010-10-14 10:22:25 +00:00
alecpl	249db18585	- Fix "Server Error! (Not Found)" when using utils/save-pref action (#1487023 )	2010-10-01 07:49:54 +00:00
alecpl	e019f2d0f2	- s/RoundCube/Roundcube/	2010-09-25 13:03:53 +00:00
alecpl	614c642a4b	- Fix list_cols is not updated after column dragging (#1486999 ) - Improved save-pref action and moved to separate file in utils task directory - Improved http_post/http_request to support first argument in form 'task/action'	2010-09-17 09:14:13 +00:00
thomascube	4859fedb92	Fix unit tests + update version	2010-08-07 12:04:39 +00:00
alecpl	b25dfd0913	- removed PHP closing tag	2010-06-23 09:55:08 +00:00
thomascube	05a631a43c	Allow plugins to register their own tasks	2010-06-03 06:40:06 +00:00
alecpl	3544558f2d	- Add HTTP_X_REAL_IP and HTTP_X_FORWARDED_FOR to successful logins log (#1486441 )	2010-04-20 16:04:33 +00:00
thomascube	aa12df20e4	Add server-side plugin hooks to address group functions + better action names	2010-04-01 06:39:06 +00:00
thomascube	c0297f4172	Asynchronously expand contact groups + skip count queries in autocompletion mode + check for the existance of contactgroups table	2010-03-31 15:23:22 +00:00
thomascube	3baa72a62f	Implement group renaming/deleting + use more consistent names for commands and actions (#1486587 )	2010-03-31 14:53:02 +00:00
thomascube	a61bbb24aa	Added basic contact groups feature	2010-03-26 16:38:20 +00:00
thomascube	f52c936f4d	Merged devel-threads branch (r3066:3364) back into trunk	2010-03-17 12:24:09 +00:00
alecpl	929a508d80	- Improve performance by avoiding unnecessary updates to the session table (#1486325 )	2010-03-01 19:04:34 +00:00
alecpl	64608bf2ef	- Password: Make passwords encoding consistent with core, add 'password_charset' global option (#1486473 )	2010-02-25 10:56:01 +00:00
alecpl	7481dd903e	- don't set task for login_after hook	2010-02-24 12:37:33 +00:00
alecpl	48bc52e835	- Fix imap_init hook broken in r3258 (#1486493 )	2010-02-13 17:33:25 +00:00
alecpl	9b94eb6415	- Fix setting task name according to auth state. So, any action before user is authenticated is assigned to 'login' task instead of 'mail'. Now binding plugins to 'login' task is possible and realy usefull. It's also possible to bind to all tasks excluding 'login'.	2010-02-06 18:12:49 +00:00
alecpl	10eedbe75a	- add file/line definitions to raise_error() calls	2010-01-28 11:27:16 +00:00
alecpl	76c94b6ba8	- Fix 'force_https' to specified port when URL contains a port number (#1486411 )	2010-01-17 12:30:41 +00:00
alecpl	5818e44345	- Fix $_SERVER['HTTPS'] check for SSL forcing on IIS (#1486243 ) + fix port check	2009-10-27 09:43:39 +00:00
thomascube	f5d61d845f	Revert r3038 and allow to specify the port as value of force_https	2009-10-21 08:47:40 +00:00
alecpl	b5713396f1	- fix last commit	2009-10-14 09:01:51 +00:00
alecpl	ccc80d1ca8	- Fix login page loading into an iframe when session expires (#1485952 )	2009-10-14 08:36:02 +00:00
alecpl	65c0a0e591	- Option 'force_https' replaced by 'force_https' plugin - added option 'force_https_port' in 'force_https' plugin (#1486091)	2009-10-13 08:40:21 +00:00
alecpl	161c28dffc	- Fix wrong headers for IE on servers without $_SERVER['HTTPS'] (#1485926 ) - Force IE style headers for attachments in non-HTTPS session, 'use_https' option (#1485655)	2009-09-05 12:31:19 +00:00
thomascube	7ef47e59a9	Add some arguments to the logout_after hook	2009-08-14 07:59:00 +00:00
thomascube	d002607852	Implemented logout_after plugin hook	2009-08-14 07:52:26 +00:00
thomascube	0ddf59aeb4	Fix spell check (#1486036 )	2009-08-07 15:37:15 +00:00
thomascube	4463648451	Allow a plugin to disable the cookie check	2009-08-05 13:13:57 +00:00
thomascube	826ceecab8	Don't check request token on login	2009-07-24 09:00:12 +00:00
alecpl	564a2ba793	- Help plugin - support 'dummy' task (for plugins)	2009-07-22 09:15:36 +00:00
thomascube	5499336fef	Use global request tokens and automatically protect all POST requests	2009-07-21 16:02:33 +00:00
thomascube	e48a10a0d7	Add option to enforce https connections	2009-07-02 06:38:26 +00:00
alecpl	3a2b270c9d	- always call logout action as task (#1485919 )	2009-06-15 07:01:36 +00:00
alecpl	0ce119869d	- use preg functions instead of ereg functions	2009-06-01 08:20:10 +00:00
alecpl	d51c93b43e	- get rid of some hardcoded action names and move decission about output compression to the user	2009-06-01 07:21:14 +00:00
svncommit	f22c2cefb4	Really, really logout (fixes r2467).	2009-05-12 14:10:30 +00:00

1 2 3 4

161 Commits