Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-05 07:44:01 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,868 Commits 72 Branches 205 Tags
d40681237af9a8a0873ebd2b069d87eeb68d696f
Commit Graph

1670 Commits

Author SHA1 Message Date
Aleksander Machniak
e476211230 Fix error when dealing with message/rfc822 attachments using Gmail IMAP (#6854) 2020-08-23 10:18:10 +02:00
Aleksander Machniak
535816db22 Describe all() method on more detail (#6219) 2020-08-23 09:39:55 +02:00
Aleksander Machniak
b7d4596aa9 Fix regression (#7557) 2020-08-16 16:32:18 +02:00
Aleksander Machniak
bf15b5ed92 Fix regression 2020-08-16 12:28:04 +02:00
Aleksander Machniak
a5c2b4360c Fixes in context of undefined variables, and code style 2020-08-15 12:13:31 +02:00
Aleksander Machniak
d445f8ad12 Fix importing birthday dates from Gmail vCards (BDAY:YYYYMMDD) 2020-08-12 11:25:44 +02:00
Thomas B
9020797d0d Merge pull request #7425 from thomascube/pr-xoauth2 
Add OAuth/XOauth support
 2020-08-10 21:40:01 +02:00
Aleksander Machniak
ec4cc29c88 Fix cross-site scripting (XSS) via HTML messages with malicious svg or math content 2020-08-09 18:02:16 +02:00
Achim Leitner
8e0ee8b1c4 Fix: Keep children of object tag (#6453) 
The HTML tag <object> optionally has embedded (child) tags that serve as an
alternative (fallback) HTML representation for the object. Of course, the
object and its parameters are considered harmful in HTML mail, but the
alternative representation is meant for exactly this kind of situation. They
should display the object contents without loading possibly insecure code.

- By ignoring <object> tags, roundcube also removes all their child nodes
- As <object> is not in the list of allowed $html_elements and <param> gets
  cleaned through $void_elements, they get ignored anyway, without removing the
  valuable child nodes.

Co-authored-by: root <root@coreboso-kolab.coreboso.de>
 2020-08-07 11:06:14 +02:00
Aleksander Machniak
3e2f076628 Fix bug in conversion of email addresses to mailto links in plain text messages (#7526) 2020-08-07 10:03:56 +02:00
Aleksander Machniak
60ccb25bd5 Fix detecting special folders on servers with both SPECIAL-USE and LIST-STATUS (#7525) 2020-07-31 14:36:57 +02:00
Aleksander Machniak
ef9b375ef6 Fix paging of search results on IMAP servers with no SORT capability (#7462) 
And simplify some code around.
 2020-07-30 13:23:37 +02:00
Aleksander Machniak
17deadfe56 Fix handling links without defined protocol (#7454) 2020-07-29 15:17:48 +02:00
Aleksander Machniak
0d9bffa878 Fix incorrect rewriting of internal links in HTML content (#7512) 2020-07-29 14:19:02 +02:00
Michael Stilkerich
25e42439d2 Fix inconsistencies in phpdoc type annotations (#7474) 2020-07-25 09:59:01 +02:00
Aleksander Machniak
0ccb351380 Fix regression in DB cache (#7499) 2020-07-21 20:15:05 +02:00
Aleksander Machniak
d7d7ca046f Cache refactoring (#6312) (#6781) 2020-07-18 13:51:47 +02:00
Aleksander Machniak
e2c25a1949 Fix support for an error as a string in message_before_send hook (#7475) 2020-07-18 08:24:44 +02:00
Aleksander Machniak
1e1ea25b6c Added special value 'email' to login_username_filter, it changes also logon input type (#7179) 2020-07-03 12:56:17 +02:00
Aleksander Machniak
32a7709ddf Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace 
Credits to SSD Secure Disclosure (https://ssd-disclosure.com/)
 2020-07-03 11:29:50 +02:00
Aleksander Machniak
bb3975adbe Fix insert_or_update() broken on SQLite/MSSQL/Oracle (#7465) 2020-07-02 08:41:50 +02:00
Aleksander Machniak
b22f1c9a1b Add skip-empty option to get_edit_field() (#7444) 2020-06-27 10:29:40 +02:00
Thomas Bruederli
1e6a2f4f49 Basic support for OAuth2 user login and IMAP/SMTP authentication 
- Add "Login with XXX" button to login screen if oauth is configured
- Perform OAuth login procedure and get an access token
- Implement XOAUTH2 authentication type for IAMP and SMTP

Requires a patched and not yet released version of Net_SMTP.
 2020-06-16 08:17:52 +02:00
Aleksander Machniak
9ee1f4b636 Merge branch 'master' of github.com:roundcube/roundcubemail 2020-06-13 13:00:11 +02:00
Aleksander Machniak
30610e867e Merge branch 'fix_encode' of https://github.com/shirosaki/roundcubemail into shirosaki-fix_encode 
Refactor the new code
 2020-06-13 12:53:31 +02:00
johndoh
9dbe666d4c Allow skins to define which layout options they support (#7235) 2020-06-13 09:25:50 +02:00
Kent Varmedal
b4dabff26c Add newline when writing logs to stdout (#7418) 
Add newline on the end of the line when printing to stdout.
 2020-06-13 07:48:13 +02:00
Aleksander Machniak
e9c592a6e8 Fix bug where subfolders of special folders could have been duplicated on folder list 2020-06-08 20:35:19 +02:00
Aleksander Machniak
4e00237cc4 Allow opening application/octet-stream attachments according to filename extension (#6821) 2020-06-07 10:45:33 +02:00
Aleksander Machniak
46d3cae2ff Security: Fix cross-site scripting (XSS) via malicious XML attachment 2020-05-30 08:35:33 +02:00
Aleksander Machniak
bda02002de Security: Better fix for CVE-2020-12641 2020-05-30 08:34:11 +02:00
Aleksander Machniak
da2bb8af6d Fix error when user-configured skin does not exist anymore (#7271) 
We fallback to the system skin not the default one.
 2020-05-23 09:44:00 +02:00
Aleksander Machniak
f6586c7cf7 Fix PHP warning: count(): Parameter must be an array or an object... in ID command handler (#7392) 2020-05-19 07:57:35 +02:00
johndoh
34a0af8964 Allow array in smtp_host config (#7296) 2020-05-16 14:05:28 +02:00
Aleksander Machniak
35c29be9b2 Remove use of ext-iconv 2020-05-03 18:33:20 +02:00
Aleksander Machniak
c39081b6a1 Fix bug in extracting required plugins from composer.json that led to spurious error in log (#7364) 2020-05-01 18:55:14 +02:00
Aleksander Machniak
219e353ac1 Fix local file inclusion (and code execution) via crafted 'plugins' option 2020-04-26 08:02:53 +02:00
Aleksander Machniak
4951d6603a Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings 2020-04-26 08:02:03 +02:00
Aleksander Machniak
87e4cd0cf2 Fix XSS issue in handling of CDATA in HTML messages 2020-04-26 07:59:47 +02:00
Aleksander Machniak
b35b5a1a26 Fix typo 2020-04-22 12:36:51 +02:00
Aleksander Machniak
bf34e8cf9c Fix performance issue of parsing big HTML messages by disabling HTML5 parser for these (#7331) 2020-04-22 12:33:34 +02:00
Aleksander Machniak
15ee34a438 Revert "Fix bug where session was destoryed with window close (#7251)" 
This reverts commit 32fac136db.
 2020-04-05 12:25:01 +02:00
Aleksander Machniak
4a5efe09f9 Fix bug where a special folder couldn't be created if a special-use flag is not supported (#7147) 2020-04-05 11:04:23 +02:00
Aleksander Machniak
32fac136db Fix bug where session was destoryed with window close (#7251) 2020-04-04 11:52:42 +02:00
Aleksander Machniak
e84dc4c385 Fix literals handling again 2020-03-20 19:39:19 +01:00
dessert1
e66ffae856 Fix handling keyservers configured with protocol prefix (#7295) 
`|^[a-z]://|` matches only single-character protocol shortnames, to correctly exclude e.g. `hkps://` the expression should be `|^[a-z]+://|` instead.
 2020-03-20 19:12:33 +01:00
Aleksander Machniak
2965e60c1f Support many string literals in a "line response", deduplicate code 2020-03-20 18:53:45 +01:00
Aleksander Machniak
f9c84e2646 Fix string literals handling in IMAP STATUS (and various other) responses (#7290) 2020-03-19 21:28:28 +01:00
Aleksander Machniak
7df358d64e Fix internal cache use in rcube_imap::get_message() 
Two folders, personal and shared, can contain the same UIDs, so
we should check UID and folder name when dealing with internally
cached message.
 2020-03-19 11:59:05 +01:00
Aleksander Machniak
d194b238c7 Support RFC8438: IMAP STATUS=SIZE - for faster folder size calculation (#7269) 2020-03-08 10:27:28 +01:00