Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-04 15:24:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,793 Commits 72 Branches 205 Tags
deba22aaa960ca2802eac64479ecc2ec4cf59de1
Commit Graph

148 Commits

Author SHA1 Message Date
Aleksander Machniak
a3431e94ae Fix connecting to LDAP using an URI with ldapi:// scheme (#8990) 2023-05-13 19:40:05 +02:00
Aleksander Machniak
43af3e0e58 Move get_host() from rcube_utils to rcmail_utils, de-duplicate 2023-03-05 18:33:57 +01:00
vladasko-g
852ffc6826 Add idenity management script (#8887) 2023-03-05 17:56:52 +01:00
Thomas B
409aee8b3c Add config option for request uri field (#8738) (#8770) 
This can be used to read a custom header sent by a reverse proxy to resolve the absolute path to Roundcube

* add check against the proxy_whitelist option before using a HTTP header field value for the request uri composition.
* refactor the rcmail::url() method to also work when composing fully qualified urls.
* fix/adapt tests
 2022-11-23 21:05:00 +01:00
Aleksander Machniak
1b0c72f9c3 Fix PHP warning (#8784) 2022-11-15 19:00:40 +01:00
Aleksander Machniak
4ca3e5d610 CS fixes, update changelog 2022-08-01 12:25:00 +02:00
Christian Mollekopf
a9a9be9a69 Use rcube_utils::remote_addr() to take HTTP_X_FORWARDED_FOR into account 2022-07-22 10:42:24 +02:00
Christian Mollekopf
76154d27f2 Introduce optional support to inject PROXY protocol headers after 
opening IMAP TCP streams.

Version 1 (text based) and version 2 (binary) protocol header types are
supported. Supports both IPv4 and IPv6 style headers.

http://www.haproxy.org/download/1.6/doc/proxy-protocol.txt
 2022-07-22 10:32:50 +02:00
Aleksander Machniak
8ad92d5f98 Fix so unix:// URI is supported in various host spec. options again (#8468) 2022-04-10 19:46:22 +02:00
Aleksander Machniak
7b81a71393 Don't use TLS by default (#8359) 
Also unify the common code with a new rcube_utils::parse_host_uri() method
 2021-12-11 09:52:23 +01:00
Aleksander Machniak
c445e19484 Fix security issues regarding server name and trusted_host_patterns setting 2021-10-17 10:59:54 +02:00
Aleksander Machniak
318d6d0859 Simplify code according to the minimum PHP version supported 2021-10-05 19:29:57 +02:00
Aleksander Machniak
f2688ba492 Use ?? operator where applicable 2021-09-21 19:12:06 +02:00
johndoh
693252edfe Remove redudant php version checks (#8154) 2021-08-01 17:39:12 +02:00
Aleksander Machniak
6f435ecb52 Fix fatal error/warning on invalid input to user parameter (#8152) 
Added a new utility method: rcube_utils::get_input_string()
 2021-08-01 10:31:09 +02:00
Aleksander Machniak
766189f524 Fix PHP 8.1 deprecation warnings 2021-07-31 08:38:47 +02:00
Aleksander Machniak
0d4a395464 Fix PHP 8.1 deprecation warnings 2021-07-31 07:53:14 +02:00
Thomas P
0044673e11 Add config options for subject prefixes (#7929) 2021-04-25 09:41:08 +02:00
Josh Soref
203f456620 Spelling (#8001) 2021-04-18 08:43:18 +02:00
Aleksander Machniak
0df8e97476 Small code improvement + tests 2021-03-22 16:11:38 +01:00
Aleksander Machniak
9f19b931e3 Fix cross-site scripting (XSS) via HTML messages with malicious CSS content 
and improve css parsing code.

Thanks to Mateusz Szymaniec (CERT Polska) for reporting the issue.
 2021-02-08 13:42:12 +01:00
Aleksander Machniak
b4b24f93df Fix some PHP8 warnings 2021-01-15 18:56:48 +01:00
Aleksander Machniak
39b3c0049e Fix cross-site scripting (XSS) via HTML or Plain text messages with malicious content [CVE-2020-35730] 
Credits to Alex Birnberg <birnbergalex@gmail.com>
 2020-12-27 18:27:42 +01:00
Aleksander Machniak
66062846ec Fix "unitialized string offset" warnings 2020-12-19 19:43:36 +01:00
Aleksander Machniak
12547ccf01 Require php-intl extension, get rid of Net_IDNA2, PHP8 fixes, short array syntax 
Net_IDNA2 is not compatible, and Intl is a bundled ext since PHP 5.3.
Fixed some regressions.
 2020-12-13 10:21:52 +01:00
Aleksander Machniak
61a5ade872 PHP8 fixes, short array syntax 2020-12-12 16:20:14 +01:00
Aleksander Machniak
f4ed1024dc PHP8 fixes, CS fixes, short array syntax, tests 2020-12-02 20:15:00 +01:00
Aleksander Machniak
0cbe4a4acc PHP8 fixes, CS fixes, short array syntax, added more tests 2020-11-22 12:03:02 +01:00
Michael Stilkerich
bad1dedbf6 Phpdoc type annotations (#7733) 2020-11-21 09:34:24 +01:00
Aleksander Machniak
318f91417f Add rcube_utils::explode() 2020-11-02 09:02:38 +01:00
Aleksander Machniak
545a1569f1 Steps -> Actions refactoring (#7688) 
* Move action handling code to rcmail class
* Add rcmail_action class
* Add action aliases
* Get rid of $OUTPUT global
* Move some methods from rcmail to rcmail_action
* PHP8 compat. fixes
* Add framework for testing actions
* Fix obvious code mistakes
 2020-11-01 11:25:38 +01:00
Aleksander Machniak
f95212d626 PHP8: More warnings fixed 2020-10-11 15:24:30 +02:00
Aleksander Machniak
bde383d051 PHP8: Fix various issues 
for now only these I found by running our unit tests, there will be much more
 2020-10-11 10:32:41 +02:00
Aleksander Machniak
f0084b6f54 Fix empty space on mail printouts in Chrome (#7604) 2020-09-23 10:49:16 +02:00
Aleksander Machniak
a5c2b4360c Fixes in context of undefined variables, and code style 2020-08-15 12:13:31 +02:00
Aleksander Machniak
1e1ea25b6c Added special value 'email' to login_username_filter, it changes also logon input type (#7179) 2020-07-03 12:56:17 +02:00
Aleksander Machniak
bdf0a6539e Relaxed domain name validation for extended TLDs support (#5588) 2020-01-19 19:21:28 +01:00
johndoh
51a9dd631f Add support for SameSite cookie attribute (req PHP >= 7.3.0) (#6772) 2020-01-05 15:53:51 +01:00
Aleksander Machniak
0b45c3c6b0 Fix matching multiple X-Forwarded-For addresses with 'proxy_whitelist' (#7107) 2019-12-07 09:34:15 +01:00
Aleksander Machniak
e3c6989494 Log X-Real-IP only when it's different than REMOTE_ADDR 2019-11-28 14:40:39 +01:00
Aleksander Machniak
63730cf842 Fix security issue where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897) 2019-08-27 15:33:23 +02:00
Aleksander Machniak
057fb69bb9 Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899) 2019-08-27 14:37:17 +02:00
Aleksander Machniak
7bf868767e Fix security issue where it was possible to bypass the position:fixed CSS check in received messages (#6898) 2019-08-27 13:50:09 +02:00
Aleksander Machniak
1afa46d28d PHPDoc and CS fixes 2019-08-25 14:15:09 +02:00
Aleksander Machniak
8f895cb17f Replace function alias: getallheaders() -> apache_request_headers() 2019-07-06 08:28:53 +02:00
Aleksander Machniak
0a0ad2c9b7 Switch to IDNA2008 variant (#6806) 
After switching IDNA_NONTRANSITIONAL_TO_ASCII on, switch to
IDNA2008 variant in Net_LDAP2. Add test, update changelog.
 2019-06-16 12:03:27 +02:00
Max Bosse
f1d3f9ee44 Fix: Use IDNA_NONTRANSITIONAL_TO_UNICODE for idn_to_utf8 call 2019-06-16 10:41:25 +02:00
Max Boße
70c20740e7 Set 'IDNA_NONTRANSITIONAL_TO_ASCII' idn-option 2019-06-16 10:24:37 +02:00
Amir Caspi
6b5fa52ec1 Update rcube_utils::parse_host, fixes #6746 
Updated regexps used in parse_host to ensure that %t, %d, %z do not cut off domain and return only tld when underlying host has no subdomain (i.e., is just domain.tld rather than mail.domain.tld).  Update fixes #6746, now returns nothing shorter than domain.tld.

Also removed backslash from character class, period does not need to be escaped within character class.
 2019-05-19 08:32:26 +02:00
Aleksander Machniak
57c67db029 Remove year(s) from copyright headers + some cleanup 2019-04-16 10:42:45 +02:00