Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-03 06:44:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,175 Commits 72 Branches 205 Tags
cd0bde2d5b25fa4589bc8db2cf9e58e5ec6d1694
Commit Graph

1697 Commits

Author SHA1 Message Date
Aleksander Machniak
cd0bde2d5b Fix regression where printing/scaling/rotating image attachments was broken (#9571) 2024-08-08 13:54:32 +02:00
Aleksander Machniak
e12e273c0c More tests 2024-08-04 10:28:16 +02:00
Aleksander Machniak
c99dcacddb - Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] 
Credits to Oskar Zeino-Mahmalat (https://www.sonarsource.com)
 2024-08-04 10:27:18 +02:00
Aleksander Machniak
78cc630987 - Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] 
Credits to Oskar Zeino-Mahmalat (https://www.sonarsource.com)
 2024-08-04 10:26:40 +02:00
Aleksander Machniak
40a4a71b67 Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] 
Credits to Oskar Zeino-Mahmalat (https://www.sonarsource.com)
 2024-08-04 10:25:49 +02:00
Aleksander Machniak
fdf19f3e7c Fix bug where imap_conn_option's 'socket' was ignored (#9566) 2024-08-02 12:16:01 +02:00
Aleksander Machniak
89d429dbee Fix two new phpstan issues 2024-08-02 09:12:48 +02:00
John R. D'Orazio
cd92b26aa8 Trigger warning when config files are not readable (#9550) 
* trigger error when config files are not readable

fixes issue #9549
 2024-07-27 06:49:31 +02:00
Aleksander Machniak
fbdfb036ad Fix bug where an unhandled exception was caused by an invalid image attachment (#9475) 
GD functions may throw ValueError in some cases since PHP 8.0.
We wrap them in try/catch blocks.
 2024-07-21 14:23:28 +02:00
Pablo Zmdl
8f9f1f12cd Filter "real" attachments by being referenced (#9472) 
* Filter "real" attachments by being referenced

This changes the way in which attachments are determined to be shown as
such ("standalone"), or not ("inline").
In theory this should be determined by their Content-Disposition, but in
reality this often doesn't work.
Now we check if the Content-ID or Content-Location of the attachment is
actually being used in other parts of the message. If not, the
attachment is considered to be "standalone".

* Consider all mime-parts to check if message is empty

Previously only `parts` and `body` were checked, so mime-parts that were
classified into `attachments` and `inline_parts` didn't count – thus
messages that contained only those parts were shown blank.
 2024-07-21 13:12:57 +02:00
Aleksander Machniak
23fe16d520 Fix return value of handlePartBody() when using file handle 2024-07-08 18:34:00 +02:00
Aleksander Machniak
92624b62dd Fix new phpstan errors 2024-07-02 19:47:15 +02:00
Jan
7a3e91a9d2 Added PluginAPI hooks for message_move and message_delete (#9501) 
---------

Co-authored-by: Jan-Nicklas Adler <adler@promatur.com>
 2024-06-19 18:15:07 +02:00
Pablo Zmdl
599dcaaa0d Re-introduce Ctype extension as dependency (#9509) 
It is required by Bacon, the QR-encoding tool.

This partially reverts commit deba22aaa9.
 2024-06-19 18:04:16 +02:00
Aleksander Machniak
613629f83a Fix decoding mail parts with multiple base64-encoded text blocks (#9290) 2024-06-16 12:47:56 +02:00
Aleksander Machniak
d8817d39b9 phpdoc fix 2024-06-06 08:01:08 +02:00
Michael Voříšek
6a5f9ee7ce Add override method attributes (#9272) 2024-06-02 15:57:56 +02:00
Aleksander Machniak
6d8dd2c9a2 Fix fatal error when parsing some TNEF attachments (#9462) 2024-06-02 15:13:42 +02:00
Aleksander Machniak
ba252dc5e2 Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes 
Reported by Valentin T. and Lutz Wolf of CrowdStrike.
 2024-05-19 10:20:09 +02:00
Aleksander Machniak
7da322371f Fix command injection via crafted im_convert_path/im_identify_path on Windows 
Reported by Huy Nguyễn Phạm Nhật.
 2024-05-19 10:10:32 +02:00
Aleksander Machniak
cfd108399e Simplify use of rcube::raise_error() 2024-05-17 15:43:17 +02:00
Aleksander Machniak
6c54254a2f Fix folders hierarchy when special folders are subfolders of INBOX, with no personal namespace prefix (#9452) 2024-05-16 16:22:57 +02:00
Aleksander Machniak
6342206239 Fix PHP8 warning (#9429) 2024-04-29 11:10:32 +02:00
Edouard Vanbelle
f71ae0298a oauth: select auth scheme (XOAUTH2 vs OAUTHBEARER) (#9289) 2024-04-21 11:52:05 +02:00
Michael Voříšek
a30e0ad438 Infer file/line location in rcube::raise_error() from backtrace (#9422) 
* \n\s+'file' => __FILE__,

* \n\s+'line' => __LINE__,

* 'line' => __LINE__, 'file' => __FILE__,

* 'file' => __FILE__, 'line' => __LINE__,

* rest

* more

* improve cs

* more cs

* revert rcube_utils::preg_error changes

* impl file/line from backtrace

* Revert "revert rcube_utils::preg_error changes"
 2024-04-21 11:48:35 +02:00
Aleksander Machniak
ff59ade31a Get rid of phpstan/phpstan-strict-rules 2024-04-21 11:33:51 +02:00
Aleksander Machniak
15659d7815 PHPCS: phpdoc_annotation_without_dot=true (default) 2024-04-14 10:32:35 +02:00
Michael Voříšek
1e360999b2 Use composer autoloader for bundled plugins testing (#9412) 
* use fixed "roundcube/plugin-installer"

* Use composer autoloader for plugins testing

* cherrypick remaining from 9241 related with testing

* minor legacy autoload improvements
 2024-04-11 18:28:46 +02:00
Aleksander Machniak
e086c2c97c Code improvements 2024-04-07 09:20:52 +02:00
Aleksander Machniak
a13f61cc7f Free enchant dictionary resources 
Fixes errors in tests
 2024-04-05 18:22:12 +02:00
Michael Voříšek
bdd5de55b5 Rename composer.json.dist to composer.json (#9279) 
* Rename composer.json.dist to composer.json
* fix update
 2024-04-03 18:06:01 +02:00
Aleksander Machniak
4959abe07b Fix regression, cleanup 2024-04-01 13:41:31 +02:00
Aleksander Machniak
5c603344fe Code improvements 2024-04-01 11:50:56 +02:00
Aleksander Machniak
20d9edce04 Code improvements 2024-03-31 19:22:56 +02:00
Aleksander Machniak
8adb052d35 Code improvements, PHPDoc fixes 2024-03-30 14:17:34 +01:00
Aleksander Machniak
58d28297a3 Code improvements, PHPDoc fixes 2024-03-29 16:18:20 +01:00
Aleksander Machniak
337e906650 Plugin API: Fix action handlers after registering also a task 2024-03-29 11:25:41 +01:00
Aleksander Machniak
8133acba68 Code improvements (and fixes to recent commits) 2024-03-24 12:06:39 +01:00
Aleksander Machniak
2f5f3bd0de Code improvements 2024-03-24 10:29:31 +01:00
Aleksander Machniak
15c1228cf3 Code improvements 2024-03-24 08:52:17 +01:00
Philip Weir
ed47e11319 csv2vard: store labels by key not value (#9394) 2024-03-24 08:00:38 +01:00
Aleksander Machniak
818945a8a2 Code improvements 2024-03-23 18:50:34 +01:00
Aleksander Machniak
3a76c9b3b6 Code improvements 2024-03-23 18:28:22 +01:00
Aleksander Machniak
7713b7c1bd Enigma: Code improvements 2024-03-21 14:52:51 +01:00
Aleksander Machniak
7b127faec5 Code improvements 2024-03-17 12:05:14 +01:00
Aleksander Machniak
3b159a1c25 Code improvements in the spellchecker classes 2024-03-17 10:19:25 +01:00
Aleksander Machniak
4e7d5c601e Code improvements 2024-03-17 08:47:00 +01:00
Aleksander Machniak
5ed3b29a0a Code improvements 2024-03-16 21:30:10 +01:00
Aleksander Machniak
02e49ed236 Fix phpstan errors 2024-03-10 18:37:52 +01:00
Aleksander Machniak
97cdcf88b8 Fix some phpstan errors 2024-03-09 12:54:40 +01:00