Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-06 16:16:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,222 Commits 72 Branches 205 Tags
a4e50e396186f2fc71ffc4a6740d2ad75750433d
Commit Graph

8200 Commits

Author SHA1 Message Date
Stefan
3cff118366 Remove year numbers in user visible places (#9603) 
To not have to update it every year or getting it wrong as in 1.6.8 I proposed to use the server year as copyright end year. During pull request, @alecpl suggested siply removing the years alltogether as they don't provide much value.

Co-authored-by: stefan-muc <roundcube-git_24@green-sparklet.de>
 2024-09-18 13:51:22 +02:00
respiranto
6159ebeb02 vcard: Fix whitespace handling in line cont's (#9637) 
* vcard: Fix whitespace handling in line cont's

Previously, multiple whitespace characters at the start of a
continuation line would all be dropped, instead of only the first one.

Also,
 - restrict line continuation characters to SPACE and TAB.

Note that, like before, this identifies the CR (`\r`) character with the
empty string, and thereby notably does not require a CRLF (`\r\n`)
sequence (which is mandated by RFCs 2426, 2425) for line termination
(i.e., `\n` suffices).

Fixes: Bug 1 of issue #9593.

* vcard: Add test for #9593/1

* Fix coding style
 2024-09-18 13:26:43 +02:00
Pablo Zmdl
6b64eabd69 Merge pull request #9606 from johndoh/vcard_import2 
compare both email and name before skipping vcard import
 2024-09-12 15:09:41 +02:00
Aleksander Machniak
f8d9cb157b Fix new phpstan errors 2024-09-12 09:52:42 +02:00
Aleksander Machniak
83417f5883 OAuth: Add a flag to the 'authenticate' hook arguments indicating SSO is in use 
This way plugins can react to it, e.g. 2FA plugins can skip asking for the second factor
 2024-09-12 09:39:49 +02:00
Aleksander Machniak
e36dd3a500 Fix PHP warning (#9611) 2024-09-07 08:52:52 +02:00
Aleksander Machniak
4ca198440a Fix PHP deprecation warnings (#9616) 2024-09-07 08:47:08 +02:00
Aleksander Machniak
c5a861114e OAuth: Refresh token is optional (#9626) 2024-09-06 11:17:30 +02:00
Aleksander Machniak
7371c815d1 Fix displaying an authorization error message (if error_description is empty) 2024-09-04 15:30:25 +02:00
Aleksander Machniak
d26e4354f7 Add small sanity check 2024-09-02 13:54:31 +02:00
Aleksander Machniak
7c8968f4fe Use new HTML5 parser available on PHP >= 8.4 2024-09-01 15:27:35 +02:00
Aleksander Machniak
0cf65ad2b1 OAuth: Support standard authentication with short-living password received with OIDC token (#9530) 2024-08-29 13:17:54 +02:00
Aleksander Machniak
a134c83f14 Cleanup 2024-08-29 13:11:45 +02:00
Aleksander Machniak
4023931ed3 OAuth: Fix some PHP warnings and improve debug logging 2024-08-27 19:33:03 +02:00
PhilW
9e5a18e390 compare both email and name before skipping vcard import 2024-08-25 11:23:29 +01:00
Aleksander Machniak
ae1d028b89 Silence the new phpstan error 2024-08-21 11:11:33 +02:00
Aleksander Machniak
58721e3037 Fix regression where HTML messages were displayed unstyled (#9586) 2024-08-16 19:56:51 +02:00
Aleksander Machniak
e92d8e31a3 CS fix 2024-08-08 15:19:41 +02:00
Aleksander Machniak
a290392231 CS fixes 2024-08-08 14:57:00 +02:00
Aleksander Machniak
cd0bde2d5b Fix regression where printing/scaling/rotating image attachments was broken (#9571) 2024-08-08 13:54:32 +02:00
Aleksander Machniak
e12e273c0c More tests 2024-08-04 10:28:16 +02:00
Aleksander Machniak
c99dcacddb - Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] 
Credits to Oskar Zeino-Mahmalat (https://www.sonarsource.com)
 2024-08-04 10:27:18 +02:00
Aleksander Machniak
78cc630987 - Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] 
Credits to Oskar Zeino-Mahmalat (https://www.sonarsource.com)
 2024-08-04 10:26:40 +02:00
Aleksander Machniak
40a4a71b67 Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] 
Credits to Oskar Zeino-Mahmalat (https://www.sonarsource.com)
 2024-08-04 10:25:49 +02:00
Aleksander Machniak
fdf19f3e7c Fix bug where imap_conn_option's 'socket' was ignored (#9566) 2024-08-02 12:16:01 +02:00
Aleksander Machniak
89d429dbee Fix two new phpstan issues 2024-08-02 09:12:48 +02:00
Aleksander Machniak
c706575a0b CS fix 2024-07-31 18:11:51 +02:00
Aleksander Machniak
fdeb13727a Fix bug where a long subject title could not be displayed in some cases (#9416) 2024-07-27 09:15:57 +02:00
John R. D'Orazio
cd92b26aa8 Trigger warning when config files are not readable (#9550) 
* trigger error when config files are not readable

fixes issue #9549
 2024-07-27 06:49:31 +02:00
Pablo Zmdl
657f3970d8 Make pgpmime-support known after Mailvelope init (#9551) 
The support for pgpmime was only checked initially after the login. If a
user e.g. authorizes a domain in Mailvelope only after a login,
Mailvelope now instantly works, instead of (silently and undocumentedly)
requireing a logout+login-cycle.
 2024-07-25 08:05:13 +02:00
Aleksander Machniak
fbdfb036ad Fix bug where an unhandled exception was caused by an invalid image attachment (#9475) 
GD functions may throw ValueError in some cases since PHP 8.0.
We wrap them in try/catch blocks.
 2024-07-21 14:23:28 +02:00
Aleksander Machniak
7b68ad13c2 Fix bug where "with attachment" filter could fail on some fts engines (#9514) 2024-07-21 13:54:56 +02:00
Pablo Zmdl
8f9f1f12cd Filter "real" attachments by being referenced (#9472) 
* Filter "real" attachments by being referenced

This changes the way in which attachments are determined to be shown as
such ("standalone"), or not ("inline").
In theory this should be determined by their Content-Disposition, but in
reality this often doesn't work.
Now we check if the Content-ID or Content-Location of the attachment is
actually being used in other parts of the message. If not, the
attachment is considered to be "standalone".

* Consider all mime-parts to check if message is empty

Previously only `parts` and `body` were checked, so mime-parts that were
classified into `attachments` and `inline_parts` didn't count – thus
messages that contained only those parts were shown blank.
 2024-07-21 13:12:57 +02:00
Aleksander Machniak
8653e4726a Make phpstan happy 2024-07-17 20:51:21 +02:00
Aleksander Machniak
a8218b1eeb Fix bug where some messages could get malformed in an import from a MBOX file (#9510) 2024-07-17 20:34:55 +02:00
Edža
54de62c198 Update lv_LV labels (#9511) 
Updated to match current version
 2024-07-15 18:22:20 +02:00
Pablo Zmdl
3c7a28f657 Shortcut to authorize current domain for Mailvelope (#9500) 
This facilitates using Mailvelope (properly, i.e. with API-access) a
lot, because people don't have to manually add their domain into
Mailvelope's options but just click a button.
 2024-07-08 18:39:38 +02:00
Aleksander Machniak
23fe16d520 Fix return value of handlePartBody() when using file handle 2024-07-08 18:34:00 +02:00
Aleksander Machniak
92624b62dd Fix new phpstan errors 2024-07-02 19:47:15 +02:00
Aleksander Machniak
247b5c37d1 Update localizations 2024-07-02 19:07:54 +02:00
Jan
7a3e91a9d2 Added PluginAPI hooks for message_move and message_delete (#9501) 
---------

Co-authored-by: Jan-Nicklas Adler <adler@promatur.com>
 2024-06-19 18:15:07 +02:00
Pablo Zmdl
599dcaaa0d Re-introduce Ctype extension as dependency (#9509) 
It is required by Bacon, the QR-encoding tool.

This partially reverts commit deba22aaa9.
 2024-06-19 18:04:16 +02:00
Aleksander Machniak
613629f83a Fix decoding mail parts with multiple base64-encoded text blocks (#9290) 2024-06-16 12:47:56 +02:00
KrzysztofWWW
bcaab87e1a Missing polish translation for "keep formatting" (#9493) 
---------

Co-authored-by: Krzysztof Wiśniewski <krzysztof.wisniewski@solveit.pl>
 2024-06-16 08:30:04 +02:00
Aleksander Machniak
d8817d39b9 phpdoc fix 2024-06-06 08:01:08 +02:00
Michael Voříšek
6a5f9ee7ce Add override method attributes (#9272) 2024-06-02 15:57:56 +02:00
Aleksander Machniak
6d8dd2c9a2 Fix fatal error when parsing some TNEF attachments (#9462) 2024-06-02 15:13:42 +02:00
Pablo Zmdl
54b5e14933 Show quota only if sensible (#9366) 
If a quota is not supported, or its value is unknown or unlimited, don't show the info element.
 2024-06-01 11:25:47 +02:00
Philip Weir
31a19aa0a7 Contacts: add more gender options (#9430) 
* contacts: add more gender options
* add label for other gender
 2024-06-01 09:27:30 +02:00
Philip Weir
24ae59b05f Add skin_extends JS env var containing name(s) of base skins extended by current skin (#9440) 2024-06-01 09:02:49 +02:00