Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-04 15:24:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,869 Commits 72 Branches 205 Tags
dfc835eb38a08615a8d7b8d5d5700a08fe01ef7e
Commit Graph

84 Commits

Author SHA1 Message Date
Aleksander Machniak
b172fb505c Improve trusted_host_patterns code 2018-01-01 11:10:53 +01:00
Aleksander Machniak
4a5ca74724 Merge branch 'trusted-host-patterns' of https://github.com/dsoares/roundcubemail into dsoares-trusted-host-patterns 2018-01-01 10:26:09 +01:00
Daniel Kesselberg
a8d5547163 Update idn convertion methods (#6115) 
* Add more test cases
* Update phpdoc
 2017-12-31 13:22:48 +01:00
Aleksander Machniak
63a7d2313f Improve SMTPUTF8 support and fix relaxed email validation issues 2017-12-31 13:14:31 +01:00
Aleksander Machniak
5665344673 Merge branch 'smtputf8' of https://github.com/jprjr/roundcubemail into jprjr-smtputf8 2017-12-31 12:18:05 +01:00
Aleksander Machniak
3cdc8af297 Fix possible performance issue when parsing malformed and long Date header (#6087) 2017-12-12 21:22:22 +01:00
Aleksander Machniak
3488531b26 Fix PHP Warning: Use of undefined constant INTL_IDNA_VARIANT_UTS46 on servers without php-intl extension 2017-12-06 15:52:02 +01:00
Aleksander Machniak
ca39a4e093 Fix PHP warning "idn_to_utf8(): INTL_IDNA_VARIANT_2003 is deprecated" with PHP 7.2 (#6075) 2017-12-03 10:41:41 +01:00
dsoares
5282cbaff9 Check against trusted_host_patterns in rcube_utils::parse_host() 2017-11-07 14:39:57 +00:00
dsoares
50a9c8f777 Add option trusted_host_patterns 2017-10-21 12:56:47 +01:00
Aleksander Machniak
3196d656db Fix css conflicts in user interface and e-mail content (#5891) 
... by adding prefix to element/class identifiers
Also cleaned up some code and removed global variable use.
 2017-10-12 10:48:54 +02:00
Aleksander Machniak
5d16751ed8 Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 2017-10-01 11:58:11 +02:00
Thomas Bruederli
3723f3f178 Fix rcube_utils::random_bytes() to not throw exception for length=0 2017-09-29 15:35:12 +02:00
Aleksander Machniak
1fcf7bfab3 Fix bug where HTML messages with @media styles could moddify style of page body (#5811) 2017-06-28 08:26:05 +02:00
Aleksander Machniak
f0431c7475 Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length (#5788) 2017-06-27 17:16:56 +02:00
Aleksander Machniak
27a621818d Make sure rcube_utils::resolve_url() does not add port 80 to the url 
...which might have happened with reverse proxies
 2017-06-06 11:47:44 +02:00
Aleksander Machniak
8f22c3287d Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747) 2017-05-05 11:51:51 +02:00
Aleksander Machniak
9ff7b78c7e Fix conflict with _gid cookie of Google Analytics (#5748) 
TODO: Review the whole code base and don't use INPUT_GPC when it's not really needed,
      in most cases we should not read $_COOKIE.
 2017-05-04 11:40:42 +02:00
Thomas Bruederli
bf21557873 Better fix for XSS in style tags (b59ff5ca) 2017-03-10 10:44:51 +01:00
Aleksander Machniak
05aae4711c Replace xss_entity_decode_callback() method with lambda function 2017-03-09 12:05:11 +01:00
Aleksander Machniak
b59ff5cafb Fix XSS issue in handling of a style tag inside of an svg element 2017-03-09 11:45:22 +01:00
Aleksander Machniak
81f67a4de2 Don't use each() deprecated in PHP 7.2 2017-02-06 15:46:18 +01:00
Aleksander Machniak
dfd19206a4 sizeof() -> count() 2017-02-06 13:49:29 +01:00
Aleksander Machniak
7340360e79 Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 2017-01-07 09:59:42 +01:00
Aleksander Machniak
4e0532808d Fix bug where it wasn't possible to store more that 2MB objects in memcache/apc (#5452) 
Added memcache_max_allowed_packet and apc_max_allowed_packet settings
 2016-10-16 11:19:30 +02:00
Aleksander Machniak
195dc11855 Support host-specific imap_conn_options/smtp_conn_options/managesieve_conn_options (#5136) 2016-09-30 18:02:23 +02:00
Aleksander Machniak
dcabc1d814 Merge remote-tracking branch 'upstream/master' 
Conflicts:
	tests/Framework/Washtml.php
 2016-07-31 09:26:19 +02:00
Aleksander Machniak
c3fc072d97 Remove code related to magic_quotes_* and register_globals 
...they do not exist in PHP 5.4 which we now require.
 2016-07-29 13:34:50 +02:00
Aleksander Machniak
906cf101c3 Better time handling in rcube_utils::clean_datestr() 2016-07-29 12:40:15 +02:00
Aleksander Machniak
ec1525a1e6 Remove debug code 2016-07-29 12:26:23 +02:00
Aleksander Machniak
ed35267b9b Managesieve: Fix parsing of vacation date-time with non-default date_format (#5372) 
Added new method rcube_utils::format_datestr() to convert date_format date
into ISO date format.
 2016-07-29 05:42:18 -04:00
Aleksander Machniak
f2eafda539 Fix bug where microsecond format in logged date didn't work in some cases 2016-06-12 09:16:54 +02:00
Aleksander Machniak
d61d33a12a Fix handling of --delete argument in moduserprefs.sh script (#5296) 2016-06-01 20:15:22 +02:00
Aleksander Machniak
6737e293bb Wash position:fixed style in HTML mail for better security (#5264) 2016-05-29 17:09:41 +02:00
John Regan
3a2874c77c Remove check for multiple dots in local-part 2016-05-17 11:40:18 -05:00
John Regan
0e809364e7 Support SMTPUTF8, relax email restrictions 
If the FROM/TO portions of an email use non-ASCII characters,
check that the SMTP server supports the SMTPUTF8 extension.

Additionally, change some rules for parsing email addresses to
allow for more characters. Basically, SMTPUTF8 states that
nearly any printable character is a valid character in an
email address.
 2016-05-17 11:33:34 -05:00
Aleksander Machniak
cbe701ac4a Fix rcube_utils::words_match() to work with mixed/invalid/binary content (T844) 2015-11-18 13:27:00 +01:00
Aleksander Machniak
7e3298753a Use ternary operator where aplicable 2015-11-14 10:08:07 +01:00
Aleksander Machniak
a03233ceba CS fixes 2015-10-07 09:14:18 +02:00
Aleksander Machniak
b2b9b591ce Fix handling random_bytes() errors in PHP 7.0.0RC3 2015-09-18 20:17:07 +02:00
Aleksander Machniak
e85bbc9e9c random_bytes() can throw an exception in some cases, since PHP 7.0.0rc3 2015-09-10 16:57:12 +02:00
Aleksander Machniak
26086981a2 Improve randomness of security tokens (#1490529) 2015-09-08 17:38:19 +02:00
Aleksander Machniak
f00e1f5333 CS fixes 2015-08-25 11:16:39 +02:00
Aleksander Machniak
7a42173a16 Simplify rcube_utils::check_ip() 2015-08-13 09:04:19 +02:00
Aleksander Machniak
6b31846c43 Fix IPv6 address validation on PHP with disabled IPv6 support 2015-08-12 21:11:20 +02:00
Aleksander Machniak
93e64008a6 Small code improvements 2015-08-05 09:30:51 +02:00
Aleksander Machniak
8447bae77c Require Mbstring and OpenSSL extensions (#1490415) - remove redundant code 2015-06-28 12:27:48 +02:00
Aleksander Machniak
9aae1b7fc3 Fix so microseconds macro (u) in log_date_format works (#1490446) 2015-06-26 09:20:43 +02:00
Aleksander Machniak
a958748947 CS fixes 2015-06-07 15:26:33 +02:00
Aleksander Machniak
3994b3a26c Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402) 2015-05-23 09:42:11 +02:00