Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-03 14:54:01 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,169 Commits 72 Branches 205 Tags
8453d147d79e213aa80296ea36dcbdeccbb5d413
Commit Graph

129 Commits

Author SHA1 Message Date
Aleksander Machniak
0df8e97476 Small code improvement + tests 2021-03-22 16:11:38 +01:00
Aleksander Machniak
9f19b931e3 Fix cross-site scripting (XSS) via HTML messages with malicious CSS content 
and improve css parsing code.

Thanks to Mateusz Szymaniec (CERT Polska) for reporting the issue.
 2021-02-08 13:42:12 +01:00
Aleksander Machniak
b4b24f93df Fix some PHP8 warnings 2021-01-15 18:56:48 +01:00
Aleksander Machniak
39b3c0049e Fix cross-site scripting (XSS) via HTML or Plain text messages with malicious content [CVE-2020-35730] 
Credits to Alex Birnberg <birnbergalex@gmail.com>
 2020-12-27 18:27:42 +01:00
Aleksander Machniak
66062846ec Fix "unitialized string offset" warnings 2020-12-19 19:43:36 +01:00
Aleksander Machniak
12547ccf01 Require php-intl extension, get rid of Net_IDNA2, PHP8 fixes, short array syntax 
Net_IDNA2 is not compatible, and Intl is a bundled ext since PHP 5.3.
Fixed some regressions.
 2020-12-13 10:21:52 +01:00
Aleksander Machniak
61a5ade872 PHP8 fixes, short array syntax 2020-12-12 16:20:14 +01:00
Aleksander Machniak
f4ed1024dc PHP8 fixes, CS fixes, short array syntax, tests 2020-12-02 20:15:00 +01:00
Aleksander Machniak
0cbe4a4acc PHP8 fixes, CS fixes, short array syntax, added more tests 2020-11-22 12:03:02 +01:00
Michael Stilkerich
bad1dedbf6 Phpdoc type annotations (#7733) 2020-11-21 09:34:24 +01:00
Aleksander Machniak
318f91417f Add rcube_utils::explode() 2020-11-02 09:02:38 +01:00
Aleksander Machniak
545a1569f1 Steps -> Actions refactoring (#7688) 
* Move action handling code to rcmail class
* Add rcmail_action class
* Add action aliases
* Get rid of $OUTPUT global
* Move some methods from rcmail to rcmail_action
* PHP8 compat. fixes
* Add framework for testing actions
* Fix obvious code mistakes
 2020-11-01 11:25:38 +01:00
Aleksander Machniak
f95212d626 PHP8: More warnings fixed 2020-10-11 15:24:30 +02:00
Aleksander Machniak
bde383d051 PHP8: Fix various issues 
for now only these I found by running our unit tests, there will be much more
 2020-10-11 10:32:41 +02:00
Aleksander Machniak
f0084b6f54 Fix empty space on mail printouts in Chrome (#7604) 2020-09-23 10:49:16 +02:00
Aleksander Machniak
a5c2b4360c Fixes in context of undefined variables, and code style 2020-08-15 12:13:31 +02:00
Aleksander Machniak
1e1ea25b6c Added special value 'email' to login_username_filter, it changes also logon input type (#7179) 2020-07-03 12:56:17 +02:00
Aleksander Machniak
bdf0a6539e Relaxed domain name validation for extended TLDs support (#5588) 2020-01-19 19:21:28 +01:00
johndoh
51a9dd631f Add support for SameSite cookie attribute (req PHP >= 7.3.0) (#6772) 2020-01-05 15:53:51 +01:00
Aleksander Machniak
0b45c3c6b0 Fix matching multiple X-Forwarded-For addresses with 'proxy_whitelist' (#7107) 2019-12-07 09:34:15 +01:00
Aleksander Machniak
e3c6989494 Log X-Real-IP only when it's different than REMOTE_ADDR 2019-11-28 14:40:39 +01:00
Aleksander Machniak
63730cf842 Fix security issue where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897) 2019-08-27 15:33:23 +02:00
Aleksander Machniak
057fb69bb9 Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899) 2019-08-27 14:37:17 +02:00
Aleksander Machniak
7bf868767e Fix security issue where it was possible to bypass the position:fixed CSS check in received messages (#6898) 2019-08-27 13:50:09 +02:00
Aleksander Machniak
1afa46d28d PHPDoc and CS fixes 2019-08-25 14:15:09 +02:00
Aleksander Machniak
8f895cb17f Replace function alias: getallheaders() -> apache_request_headers() 2019-07-06 08:28:53 +02:00
Aleksander Machniak
0a0ad2c9b7 Switch to IDNA2008 variant (#6806) 
After switching IDNA_NONTRANSITIONAL_TO_ASCII on, switch to
IDNA2008 variant in Net_LDAP2. Add test, update changelog.
 2019-06-16 12:03:27 +02:00
Max Bosse
f1d3f9ee44 Fix: Use IDNA_NONTRANSITIONAL_TO_UNICODE for idn_to_utf8 call 2019-06-16 10:41:25 +02:00
Max Boße
70c20740e7 Set 'IDNA_NONTRANSITIONAL_TO_ASCII' idn-option 2019-06-16 10:24:37 +02:00
Amir Caspi
6b5fa52ec1 Update rcube_utils::parse_host, fixes #6746 
Updated regexps used in parse_host to ensure that %t, %d, %z do not cut off domain and return only tld when underlying host has no subdomain (i.e., is just domain.tld rather than mail.domain.tld).  Update fixes #6746, now returns nothing shorter than domain.tld.

Also removed backslash from character class, period does not need to be escaped within character class.
 2019-05-19 08:32:26 +02:00
Aleksander Machniak
57c67db029 Remove year(s) from copyright headers + some cleanup 2019-04-16 10:42:45 +02:00
Aleksander Machniak
61eb78ad64 Fix so ANY record is not used for email domain validation, use A, MX, CNAME, AAAA instead (#6581) 2019-01-16 16:40:37 +01:00
Aleksander Machniak
afc68aae63 FIx temp_filename() regressions, update changelog, add note in UPGRADING 2018-11-07 16:51:25 +01:00
PhilW
e024f133fa give all temp files a constant prefix 2018-11-06 07:11:04 +00:00
Aleksander Machniak
2dcf50019c Merge branch 'master' into dev/elastic 2018-09-22 17:33:24 +02:00
Aleksander Machniak
c28242f63c Log errors caused by low pcre.backtrack_limit when sending a mail message (#6433) 2018-09-14 13:37:19 +02:00
Aleksander Machniak
796e5a17e6 Removed referer_check option (#6440) 2018-09-12 08:27:09 +02:00
Aleksander Machniak
cba1605949 Add http_only argument to rcube_utils::setcookie() 2018-07-02 15:56:07 +00:00
Aleksander Machniak
0716d499bc Fix bug where some escape sequences in html styles could bypass security checks 2018-05-05 17:12:18 +02:00
Aleksander Machniak
a889f55c31 Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244) 2018-04-12 09:39:33 +02:00
Aleksander Machniak
b2bebe531a Fix bug where usernames without domain part could be malformed or converted to lower-case on logon (#6224) 2018-04-10 09:24:29 +02:00
Aleksander Machniak
f36e23b778 Fix parsing date strings (e.g. from a Date: mail header) with comments (#6216) 2018-03-18 19:22:09 +01:00
Aleksander Machniak
0f3ad342f7 Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() (#6212) 2018-03-09 09:32:44 +01:00
Aleksander Machniak
a1be62b19d Remove redundant trim() 2018-02-15 08:59:59 +01:00
Aleksander Machniak
9d2b303b51 Fix bug in remote content blocking on HTML image and style tags (#6178) 2018-02-14 20:19:32 +01:00
Aleksander Machniak
b172fb505c Improve trusted_host_patterns code 2018-01-01 11:10:53 +01:00
Aleksander Machniak
4a5ca74724 Merge branch 'trusted-host-patterns' of https://github.com/dsoares/roundcubemail into dsoares-trusted-host-patterns 2018-01-01 10:26:09 +01:00
Daniel Kesselberg
a8d5547163 Update idn convertion methods (#6115) 
* Add more test cases
* Update phpdoc
 2017-12-31 13:22:48 +01:00
Aleksander Machniak
63a7d2313f Improve SMTPUTF8 support and fix relaxed email validation issues 2017-12-31 13:14:31 +01:00
Aleksander Machniak
5665344673 Merge branch 'smtputf8' of https://github.com/jprjr/roundcubemail into jprjr-smtputf8 2017-12-31 12:18:05 +01:00