Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-08 00:56:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,876 Commits 72 Branches 205 Tags
b86fd45abbc85ba4eb28acf110bb1cc249f33f2f
Commit Graph

8025 Commits

Author SHA1 Message Date
Aleksander Machniak
b86fd45abb OAuth: Fix/improve token refresh 2025-03-18 13:57:22 +01:00
Aleksander Machniak
8ec39907b5 Add rcmail_oauth::is_token_valid() method 2025-03-14 11:52:37 +01:00
Aleksander Machniak
0fd28406f7 Fix PHP warning (#9775) 2025-02-23 12:05:18 +01:00
Aleksander Machniak
96903289b7 Fix phpdoc issue 2025-02-08 09:46:32 +01:00
Aleksander Machniak
4a9516b2c9 Fix decoding of attachment names encoded using both RFC2231 and RFC2047 standards (#9725) 2025-02-02 14:05:31 +01:00
Philip Weir
cd42de335a Update links in comments and config to https where available (#9759) 2025-01-26 13:48:14 +01:00
Aleksander Machniak
8f34bf9e64 Fix decodeContent() call with the by-reference argument 2025-01-01 13:36:22 +01:00
Aleksander Machniak
3e57959976 Fix handling of binary mail parts (e.g. PDF) encoded with quoted-printable (#9728) 2025-01-01 13:34:36 +01:00
Aleksander Machniak
a34f716051 Reset internal cache in appropriate places to be on a safe side 2024-12-12 13:49:36 +01:00
Aleksander Machniak
b206cbc87a IMAP: Partial support for ANNOTATE-EXPERIMENT-1 extension (RFC 5257) 2024-12-11 15:03:04 +01:00
Aleksander Machniak
df02322d6a Fix Oauth issues with use_secure_urls=true (#9722) 2024-12-03 12:36:18 +01:00
Vitaly Lavrov
2f4748bb9d BUG: get_variable for postgres never returns a value (#9710) 
Because of this, the insert_or_update() method never uses the "INSERT INTO ... ON CONFLICT DO UPDATE SET ..." command, and the logs constantly show errors adding records to the message cache due to "duplicate key".
 2024-11-24 14:21:15 +01:00
Paul J. Dorn
3b1258b785 Fix preg_match()'s $flags type (#9686) 
PHP: Deprecated: preg_match(): Passing null to parameter #4 ($flags) of type int is deprecated in program/lib/Roundcube/rcube_result_thread.php
 2024-11-19 15:45:51 +01:00
Jan
6baf9aeff0 Added German translation for "Keep Formatting" (#9701) 2024-11-17 15:06:51 +01:00
Aleksander Machniak
5c38c67287 Fix PHP fatal error when parsing some malformed BODYSTRUCTURE responses (#9689) 2024-11-17 14:45:42 +01:00
Aleksander Machniak
dc9ace7526 Fix regression causing inline SVG images to be missing in mail preview (#9644) 2024-09-29 13:59:49 +02:00
Pablo Zmdl
8cc559a6f0 Fix getting IMAP vendor name (#9654) 
In some cases, the array's keys where upper case, and the previous code
produced a warning and resulted in an empty string, even though the
name was present.
 2024-09-29 11:51:53 +02:00
respiranto
ffb2cf7929 vcard: Fix whitespace handling in line cont's (#9637) 
* vcard: Fix whitespace handling in line cont's

Previously, multiple whitespace characters at the start of a
continuation line would all be dropped, instead of only the first one.

Also,
 - restrict line continuation characters to SPACE and TAB.

Note that, like before, this identifies the CR (`\r`) character with the
empty string, and thereby notably does not require a CRLF (`\r\n`)
sequence (which is mandated by RFCs 2426, 2425) for line termination
(i.e., `\n` suffices).

Fixes: Bug 1 of issue #9593.

* vcard: Add test for #9593/1

* Fix coding style
 2024-09-18 13:31:59 +02:00
Aleksander Machniak
602a989697 Fix PHP warning (#9611) 2024-09-07 08:56:26 +02:00
Aleksander Machniak
f3c526e6d1 Fix PHP deprecation warnings (#9616) 2024-09-07 08:55:05 +02:00
Aleksander Machniak
83f56f1758 OAuth: Support standard authentication with short-living password received with OIDC token (#9530) 2024-09-02 13:42:53 +02:00
Aleksander Machniak
f343ecea09 Fix regression where HTML messages were displayed unstyled (#9586) 2024-08-16 19:57:30 +02:00
Aleksander Machniak
32fed15346 Fix regression where printing/scaling/rotating image attachments was broken (#9571) 2024-08-08 14:06:38 +02:00
Aleksander Machniak
602d0f566e Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] 
Credits to Oskar Zeino-Mahmalat (Sonar) https://www.sonarsource.com
 2024-08-04 10:29:16 +02:00
Aleksander Machniak
89c8fe9ae9 - Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] 
Credits to Oskar Zeino-Mahmalat (Sonar) https://www.sonarsource.com
 2024-08-04 10:29:10 +02:00
Aleksander Machniak
68af7c864a Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] 
Credits to Oskar Zeino-Mahmalat (https://www.sonarsource.com)
 2024-08-04 10:29:02 +02:00
Aleksander Machniak
b5ed0e4946 Fix bug where imap_conn_option's 'socket' was ignored (#9566) 2024-08-02 12:26:04 +02:00
Aleksander Machniak
c9702be84c Fix merge conflict 2024-07-30 18:01:25 +02:00
Aleksander Machniak
f6c92ebafe Fix bug where a long subject title could not be displayed in some cases (#9416) 2024-07-27 09:18:14 +02:00
Aleksander Machniak
9d9f4d6926 Fix bug where an unhandled exception was caused by an invalid image attachment (#9475) 
GD functions may throw ValueError in some cases since PHP 8.0.
We wrap them in try/catch blocks.
 2024-07-21 14:26:57 +02:00
Aleksander Machniak
8eb583b499 Fix bug where "with attachment" filter could fail on some fts engines (#9514) 2024-07-21 13:57:40 +02:00
Aleksander Machniak
71804a8c53 Fix bug where some messages could get malformed in an import from a MBOX file (#9510) 2024-07-17 20:49:15 +02:00
Aleksander Machniak
e8e0c68369 Fix decoding mail parts with multiple base64-encoded text blocks (#9290) 2024-06-16 12:48:35 +02:00
KrzysztofWWW
6139544f1b Missing polish translation for "keep formatting" (#9493) 
---------

Co-authored-by: Krzysztof Wiśniewski <krzysztof.wisniewski@solveit.pl>
 2024-06-16 08:31:00 +02:00
Aleksander Machniak
22d403d5fd Fix fatal error when parsing some TNEF attachments (#9462) 2024-06-02 15:18:33 +02:00
Aleksander Machniak
43aaaa5286 Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes 
Reported by Valentin T. and Lutz Wolf of CrowdStrike.
 2024-05-19 10:20:43 +02:00
Aleksander Machniak
cde4522c5c Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences 
Reported by Huy Nguyễn Phạm Nhật.
 2024-05-19 10:17:55 +02:00
Aleksander Machniak
5ea9f37ce3 Fix command injection via crafted im_convert_path/im_identify_path on Windows 
Reported by Huy Nguyễn Phạm Nhật.
 2024-05-19 10:11:55 +02:00
Aleksander Machniak
b9493988d8 Fix PHP8 warning (#9429) 2024-04-29 11:08:34 +02:00
Aleksander Machniak
16fe3ba8c5 Fix PHP8 warnings (#9388) 2024-04-13 08:42:55 +02:00
Milos Ivanovic
8cd27b456d Minor correction to Serbian translation. (#9389) 2024-03-24 08:06:34 +01:00
Philip Weir
0d7f2f51f1 csv2vard: store labels by key not value (#9394) 2024-03-24 08:06:20 +01:00
Aleksander Machniak
3d04da2aab Fix PHP8 warnings (#9365) 2024-02-25 10:33:13 +01:00
Aleksander Machniak
5f66eac79d Fix PHP8 warnings (#9363) 2024-02-25 10:24:43 +01:00
Aleksander Machniak
a1c74eb8b4 Fix bug in collapsing/expanding folders with some special characters in names (#9324) 2024-01-28 10:38:28 +01:00
Aleksander Machniak
549f99cf8c Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312) 2024-01-27 14:54:23 +01:00
Aleksander Machniak
3ba78d3a1b Fix PHP8 warnings (#9306) 2024-01-20 10:42:45 +01:00
Aleksander Machniak
c95865e8a2 Fix PHP8 warnings (#9306) 2024-01-20 10:39:05 +01:00
Aleksander Machniak
9bd13574fb Clear IMAP capabilities on connection close 
Fixes the state on connection close, so when you reconnect there's use
of old capabiltieis. This fixes the following scenario:
- user connects to imap and authenticates using LOGIN command,
  after this capabilities may contain LOGINDISABLED
- user disconnects
- in the same request user connects again and authenticates as before
  but it can't because of the wrong LOGINDISABLED state.
 2024-01-08 14:01:28 +01:00
Aleksander Machniak
5d779abf82 Support (DEPTH 0) in GETMETADATA command 2024-01-05 14:44:03 +01:00