Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-15 12:36:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,852 Commits 72 Branches 205 Tags
a68ef058aefe7fd9780f4de9275a8df33ce49893
Commit Graph

1583 Commits

Author SHA1 Message Date
Aleksander Machniak
dc9ace7526 Fix regression causing inline SVG images to be missing in mail preview (#9644) 2024-09-29 13:59:49 +02:00
Pablo Zmdl
8cc559a6f0 Fix getting IMAP vendor name (#9654) 
In some cases, the array's keys where upper case, and the previous code
produced a warning and resulted in an empty string, even though the
name was present.
 2024-09-29 11:51:53 +02:00
respiranto
ffb2cf7929 vcard: Fix whitespace handling in line cont's (#9637) 
* vcard: Fix whitespace handling in line cont's

Previously, multiple whitespace characters at the start of a
continuation line would all be dropped, instead of only the first one.

Also,
 - restrict line continuation characters to SPACE and TAB.

Note that, like before, this identifies the CR (`\r`) character with the
empty string, and thereby notably does not require a CRLF (`\r\n`)
sequence (which is mandated by RFCs 2426, 2425) for line termination
(i.e., `\n` suffices).

Fixes: Bug 1 of issue #9593.

* vcard: Add test for #9593/1

* Fix coding style
 2024-09-18 13:31:59 +02:00
Aleksander Machniak
f3c526e6d1 Fix PHP deprecation warnings (#9616) 2024-09-07 08:55:05 +02:00
Aleksander Machniak
f343ecea09 Fix regression where HTML messages were displayed unstyled (#9586) 2024-08-16 19:57:30 +02:00
Aleksander Machniak
32fed15346 Fix regression where printing/scaling/rotating image attachments was broken (#9571) 2024-08-08 14:06:38 +02:00
Aleksander Machniak
602d0f566e Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] 
Credits to Oskar Zeino-Mahmalat (Sonar) https://www.sonarsource.com
 2024-08-04 10:29:16 +02:00
Aleksander Machniak
89c8fe9ae9 - Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] 
Credits to Oskar Zeino-Mahmalat (Sonar) https://www.sonarsource.com
 2024-08-04 10:29:10 +02:00
Aleksander Machniak
68af7c864a Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] 
Credits to Oskar Zeino-Mahmalat (https://www.sonarsource.com)
 2024-08-04 10:29:02 +02:00
Aleksander Machniak
b5ed0e4946 Fix bug where imap_conn_option's 'socket' was ignored (#9566) 2024-08-02 12:26:04 +02:00
Aleksander Machniak
9d9f4d6926 Fix bug where an unhandled exception was caused by an invalid image attachment (#9475) 
GD functions may throw ValueError in some cases since PHP 8.0.
We wrap them in try/catch blocks.
 2024-07-21 14:26:57 +02:00
Aleksander Machniak
e8e0c68369 Fix decoding mail parts with multiple base64-encoded text blocks (#9290) 2024-06-16 12:48:35 +02:00
Aleksander Machniak
22d403d5fd Fix fatal error when parsing some TNEF attachments (#9462) 2024-06-02 15:18:33 +02:00
Aleksander Machniak
43aaaa5286 Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes 
Reported by Valentin T. and Lutz Wolf of CrowdStrike.
 2024-05-19 10:20:43 +02:00
Aleksander Machniak
5ea9f37ce3 Fix command injection via crafted im_convert_path/im_identify_path on Windows 
Reported by Huy Nguyễn Phạm Nhật.
 2024-05-19 10:11:55 +02:00
Aleksander Machniak
b9493988d8 Fix PHP8 warning (#9429) 2024-04-29 11:08:34 +02:00
Philip Weir
0d7f2f51f1 csv2vard: store labels by key not value (#9394) 2024-03-24 08:06:20 +01:00
Aleksander Machniak
5f66eac79d Fix PHP8 warnings (#9363) 2024-02-25 10:24:43 +01:00
Aleksander Machniak
549f99cf8c Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312) 2024-01-27 14:54:23 +01:00
Aleksander Machniak
3ba78d3a1b Fix PHP8 warnings (#9306) 2024-01-20 10:42:45 +01:00
Aleksander Machniak
c95865e8a2 Fix PHP8 warnings (#9306) 2024-01-20 10:39:05 +01:00
Aleksander Machniak
9bd13574fb Clear IMAP capabilities on connection close 
Fixes the state on connection close, so when you reconnect there's use
of old capabiltieis. This fixes the following scenario:
- user connects to imap and authenticates using LOGIN command,
  after this capabilities may contain LOGINDISABLED
- user disconnects
- in the same request user connects again and authenticates as before
  but it can't because of the wrong LOGINDISABLED state.
 2024-01-08 14:01:28 +01:00
Aleksander Machniak
5d779abf82 Support (DEPTH 0) in GETMETADATA command 2024-01-05 14:44:03 +01:00
Aleksander Machniak
7950116ee1 Fix IMAP GETMETADATA command with options - RFC5464 2024-01-05 14:39:49 +01:00
Michael Voříšek
5474761725 Fix rcube::decrypt() (#9264) 
* do not skip test_encrypt_and_decrypt test
* Fix rcube::decrypt()
 2023-12-13 19:56:59 +01:00
Aleksander Machniak
b66f7aabda Fix PHP8 warning 2023-12-13 19:55:35 +01:00
Michael Voříšek
793664f568 Fix invalid phpdocs (#9252) 
* fix missing return type in phpdoc
* fix "phpdoc_scalar"
* Fix phpdoc variable names typos
* fix wrong phpdoc tags
 2023-12-13 19:55:05 +01:00
Aleksander Machniak
24dfb2b3e8 Fix PHP8 warnings (#9242) 2023-12-09 08:48:07 +01:00
Aleksander Machniak
0eb0b771c4 Fix PHP8 warnings 2023-11-19 11:58:07 +01:00
Aleksander Machniak
c59b643dec Fix regression in handling LDAP search_fields configuration parameter (#9210) 2023-11-11 10:39:47 +01:00
Aleksander Machniak
81ac3c342a Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download 
Thanks to rehme.infosec for reporting the issues.
 2023-11-04 17:52:34 +01:00
Aleksander Machniak
6d7557799a Fix regression where smtp_user did not allow pre/post strings before/after %u placeholder (#9162) 2023-10-29 13:14:13 +01:00
Denys Klymenko
efd5842dcb Fix PHP fatal error on folder read-only check (#9190) 2023-10-29 12:53:07 +01:00
Aleksander Machniak
1c2b066e7a Fix PHP 8.2 deprecation warning: Creation of dynamic property rcube_message_part::$realtype is deprecated (#9193) 2023-10-29 12:11:49 +01:00
Aleksander Machniak
11ec814a80 Fix bug where images attached to application/smil messages weren't displayed (#8870) 2023-10-21 18:15:42 +02:00
Aleksander Machniak
7fe57f275e Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder with all capital letters (#9166) 2023-10-18 19:37:19 +02:00
Aleksander Machniak
522562a4ab Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171) 2023-10-17 20:03:29 +02:00
Aleksander Machniak
41756cc333 Fix cross-site scripting (XSS) vulnerability in handling of SVG in HTML messages (#9168) 2023-10-14 18:17:17 +02:00
Aleksander Machniak
fe5da0b8d3 Fix default 'mime.types' path on Windows (#9113) 2023-10-01 14:12:53 +02:00
Aleksander Machniak
e92ec206a8 Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages 
Thanks to Niraj Shivtarkar for the report.
 2023-09-14 10:09:25 +02:00
Aleksander Machniak
33ff28080c Fix PHP8 warnings 2023-08-20 08:34:59 +02:00
Aleksander Machniak
74b6d29c62 Relax uuencode header regexp 2023-08-13 13:14:42 +02:00
Aleksander Machniak
9165e8d750 Fix handling of an error case in Cyrus IMAP BINARY FETCH, fallback to non-binary FETCH (#9097) 2023-08-13 12:28:32 +02:00
Aleksander Machniak
2ddbc019ae Fix regression in decoding mail parts FETCHed from IMAP (#9096) 2023-08-13 10:56:54 +02:00
Aleksander Machniak
93a599b105 Fix handling of mail parts that are encoded with x-uuencode (#9096) 2023-08-13 10:53:13 +02:00
Aleksander Machniak
b48a12054e Add rcube_db::error_info() 2023-07-20 10:29:53 +02:00
Aleksander Machniak
59e6911850 Fix so install/update scripts do not require PEAR (#9037) 2023-07-15 18:56:33 +02:00
Aleksander Machniak
653475c489 Fix wrong order of a multi-folder search result when sorting by size (#9065) 2023-07-15 08:59:27 +02:00
Aleksander Machniak
5454c538d3 Fix PHP8 warnings 2023-07-13 11:38:16 +02:00
Aleksander Machniak
eaef7b3e4b Fix PHP8 warnings 2023-07-12 18:56:17 +02:00