roundcubemail

mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-03 14:54:01 +01:00

Author	SHA1	Message	Date
Aleksander Machniak	00ef061ef8	Fix PHP fatal error when parsing some malformed BODYSTRUCTURE responses (#9689 )	2024-11-17 14:40:36 +01:00
Aleksander Machniak	749eb3853d	CS fix	2024-11-03 10:40:17 +01:00
Aleksander Machniak	55881d35ae	Fix PHP 8.4 deprecation warning on str_getcsv() use	2024-11-03 10:33:37 +01:00
Aleksander Machniak	ca10951ab9	Fix regression causing inline SVG images to be missing in mail preview (#9644 )	2024-09-29 14:00:19 +02:00
Pablo Zmdl	6a7e96c212	Fix getting IMAP vendor name (#9654 ) In some cases, the array's keys where upper case, and the previous code produced a warning and resulted in an empty string, even though the name was present.	2024-09-29 11:18:32 +02:00
respiranto	6159ebeb02	vcard: Fix whitespace handling in line cont's (#9637 ) * vcard: Fix whitespace handling in line cont's Previously, multiple whitespace characters at the start of a continuation line would all be dropped, instead of only the first one. Also, - restrict line continuation characters to SPACE and TAB. Note that, like before, this identifies the CR (`\r`) character with the empty string, and thereby notably does not require a CRLF (`\r\n`) sequence (which is mandated by RFCs 2426, 2425) for line termination (i.e., `\n` suffices). Fixes: Bug 1 of issue #9593. * vcard: Add test for #9593/1 * Fix coding style	2024-09-18 13:26:43 +02:00
Aleksander Machniak	f8d9cb157b	Fix new phpstan errors	2024-09-12 09:52:42 +02:00
Aleksander Machniak	4ca198440a	Fix PHP deprecation warnings (#9616 )	2024-09-07 08:47:08 +02:00
Aleksander Machniak	7c8968f4fe	Use new HTML5 parser available on PHP >= 8.4	2024-09-01 15:27:35 +02:00
Aleksander Machniak	58721e3037	Fix regression where HTML messages were displayed unstyled (#9586 )	2024-08-16 19:56:51 +02:00
Aleksander Machniak	a290392231	CS fixes	2024-08-08 14:57:00 +02:00
Aleksander Machniak	cd0bde2d5b	Fix regression where printing/scaling/rotating image attachments was broken (#9571 )	2024-08-08 13:54:32 +02:00
Aleksander Machniak	e12e273c0c	More tests	2024-08-04 10:28:16 +02:00
Aleksander Machniak	c99dcacddb	- Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] Credits to Oskar Zeino-Mahmalat (https://www.sonarsource.com)	2024-08-04 10:27:18 +02:00
Aleksander Machniak	78cc630987	- Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] Credits to Oskar Zeino-Mahmalat (https://www.sonarsource.com)	2024-08-04 10:26:40 +02:00
Aleksander Machniak	40a4a71b67	Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] Credits to Oskar Zeino-Mahmalat (https://www.sonarsource.com)	2024-08-04 10:25:49 +02:00
Aleksander Machniak	fdf19f3e7c	Fix bug where imap_conn_option's 'socket' was ignored (#9566 )	2024-08-02 12:16:01 +02:00
Aleksander Machniak	89d429dbee	Fix two new phpstan issues	2024-08-02 09:12:48 +02:00
John R. D'Orazio	cd92b26aa8	Trigger warning when config files are not readable (#9550 ) * trigger error when config files are not readable fixes issue #9549	2024-07-27 06:49:31 +02:00
Aleksander Machniak	fbdfb036ad	Fix bug where an unhandled exception was caused by an invalid image attachment (#9475 ) GD functions may throw ValueError in some cases since PHP 8.0. We wrap them in try/catch blocks.	2024-07-21 14:23:28 +02:00
Pablo Zmdl	8f9f1f12cd	Filter "real" attachments by being referenced (#9472 ) * Filter "real" attachments by being referenced This changes the way in which attachments are determined to be shown as such ("standalone"), or not ("inline"). In theory this should be determined by their Content-Disposition, but in reality this often doesn't work. Now we check if the Content-ID or Content-Location of the attachment is actually being used in other parts of the message. If not, the attachment is considered to be "standalone". * Consider all mime-parts to check if message is empty Previously only `parts` and `body` were checked, so mime-parts that were classified into `attachments` and `inline_parts` didn't count – thus messages that contained only those parts were shown blank.	2024-07-21 13:12:57 +02:00
Aleksander Machniak	23fe16d520	Fix return value of handlePartBody() when using file handle	2024-07-08 18:34:00 +02:00
Aleksander Machniak	92624b62dd	Fix new phpstan errors	2024-07-02 19:47:15 +02:00
Jan	7a3e91a9d2	Added PluginAPI hooks for message_move and message_delete (#9501 ) --------- Co-authored-by: Jan-Nicklas Adler <adler@promatur.com>	2024-06-19 18:15:07 +02:00
Pablo Zmdl	599dcaaa0d	Re-introduce Ctype extension as dependency (#9509 ) It is required by Bacon, the QR-encoding tool. This partially reverts commit `deba22aaa9`.	2024-06-19 18:04:16 +02:00
Aleksander Machniak	613629f83a	Fix decoding mail parts with multiple base64-encoded text blocks (#9290 )	2024-06-16 12:47:56 +02:00
Aleksander Machniak	d8817d39b9	phpdoc fix	2024-06-06 08:01:08 +02:00
Michael Voříšek	6a5f9ee7ce	Add override method attributes (#9272 )	2024-06-02 15:57:56 +02:00
Aleksander Machniak	6d8dd2c9a2	Fix fatal error when parsing some TNEF attachments (#9462 )	2024-06-02 15:13:42 +02:00
Aleksander Machniak	ba252dc5e2	Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes Reported by Valentin T. and Lutz Wolf of CrowdStrike.	2024-05-19 10:20:09 +02:00
Aleksander Machniak	7da322371f	Fix command injection via crafted im_convert_path/im_identify_path on Windows Reported by Huy Nguyễn Phạm Nhật.	2024-05-19 10:10:32 +02:00
Aleksander Machniak	cfd108399e	Simplify use of rcube::raise_error()	2024-05-17 15:43:17 +02:00
Aleksander Machniak	6c54254a2f	Fix folders hierarchy when special folders are subfolders of INBOX, with no personal namespace prefix (#9452 )	2024-05-16 16:22:57 +02:00
Aleksander Machniak	6342206239	Fix PHP8 warning (#9429 )	2024-04-29 11:10:32 +02:00
Edouard Vanbelle	f71ae0298a	oauth: select auth scheme (XOAUTH2 vs OAUTHBEARER) (#9289 )	2024-04-21 11:52:05 +02:00
Michael Voříšek	a30e0ad438	Infer file/line location in rcube::raise_error() from backtrace (#9422 ) * \n\s+'file' => __FILE__, * \n\s+'line' => __LINE__, * 'line' => __LINE__, 'file' => __FILE__, * 'file' => __FILE__, 'line' => __LINE__, * rest * more * improve cs * more cs * revert rcube_utils::preg_error changes * impl file/line from backtrace * Revert "revert rcube_utils::preg_error changes"	2024-04-21 11:48:35 +02:00
Aleksander Machniak	ff59ade31a	Get rid of phpstan/phpstan-strict-rules	2024-04-21 11:33:51 +02:00
Aleksander Machniak	15659d7815	PHPCS: phpdoc_annotation_without_dot=true (default)	2024-04-14 10:32:35 +02:00
Michael Voříšek	1e360999b2	Use composer autoloader for bundled plugins testing (#9412 ) * use fixed "roundcube/plugin-installer" * Use composer autoloader for plugins testing * cherrypick remaining from 9241 related with testing * minor legacy autoload improvements	2024-04-11 18:28:46 +02:00
Aleksander Machniak	e086c2c97c	Code improvements	2024-04-07 09:20:52 +02:00
Aleksander Machniak	a13f61cc7f	Free enchant dictionary resources Fixes errors in tests	2024-04-05 18:22:12 +02:00
Michael Voříšek	bdd5de55b5	Rename composer.json.dist to composer.json (#9279 ) * Rename composer.json.dist to composer.json * fix update	2024-04-03 18:06:01 +02:00
Aleksander Machniak	4959abe07b	Fix regression, cleanup	2024-04-01 13:41:31 +02:00
Aleksander Machniak	5c603344fe	Code improvements	2024-04-01 11:50:56 +02:00
Aleksander Machniak	20d9edce04	Code improvements	2024-03-31 19:22:56 +02:00
Aleksander Machniak	8adb052d35	Code improvements, PHPDoc fixes	2024-03-30 14:17:34 +01:00
Aleksander Machniak	58d28297a3	Code improvements, PHPDoc fixes	2024-03-29 16:18:20 +01:00
Aleksander Machniak	337e906650	Plugin API: Fix action handlers after registering also a task	2024-03-29 11:25:41 +01:00
Aleksander Machniak	8133acba68	Code improvements (and fixes to recent commits)	2024-03-24 12:06:39 +01:00
Aleksander Machniak	2f5f3bd0de	Code improvements	2024-03-24 10:29:31 +01:00

1 2 3 4 5 ...

2098 Commits