Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-03 23:04:01 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,379 Commits 72 Branches 205 Tags
ed4dc2139dd5c6cbf1732b1bf2ec45dfd35a178a
Commit Graph

247 Commits

Author SHA1 Message Date
Aleksander Machniak
6f435ecb52 Fix fatal error/warning on invalid input to user parameter (#8152) 
Added a new utility method: rcube_utils::get_input_string()
 2021-08-01 10:31:09 +02:00
Aleksander Machniak
b4fd75d6c1 Master is 1.6-git now 2021-07-25 09:08:20 +02:00
Aleksander Machniak
0d676625d8 Fix PHP8 warning 2021-05-21 14:56:59 +02:00
Aleksander Machniak
5ec509f87e FIX PHP8 fatal error and some warnings (#7931) 2021-03-10 18:24:18 +01:00
Aleksander Machniak
b3677c3e0b Fix oauth action run 2020-12-31 08:34:48 +01:00
johndoh
cfd4fa170f Fix a few PHP notices (#7791) 2020-12-19 19:36:58 +01:00
Aleksander Machniak
dcfd12e98a CS fixes, potential PHP8 warning (#7781) 2020-12-18 18:17:01 +01:00
Aleksander Machniak
545a1569f1 Steps -> Actions refactoring (#7688) 
* Move action handling code to rcmail class
* Add rcmail_action class
* Add action aliases
* Get rid of $OUTPUT global
* Move some methods from rcmail to rcmail_action
* PHP8 compat. fixes
* Add framework for testing actions
* Fix obvious code mistakes
 2020-11-01 11:25:38 +01:00
Aleksander Machniak
f95212d626 PHP8: More warnings fixed 2020-10-11 15:24:30 +02:00
Thomas Bruederli
c9beef0bc2 Check if OAuth is enabled before including oauth.inc step file 2020-06-16 08:17:52 +02:00
Thomas Bruederli
1e6a2f4f49 Basic support for OAuth2 user login and IMAP/SMTP authentication 
- Add "Login with XXX" button to login screen if oauth is configured
- Perform OAuth login procedure and get an access token
- Implement XOAUTH2 authentication type for IAMP and SMTP

Requires a patched and not yet released version of Net_SMTP.
 2020-06-16 08:17:52 +02:00
Aleksander Machniak
8344f07d7f Fix CSRF bypass that could be used to log out an authenticated user (#7302) 2020-04-26 08:03:59 +02:00
Aleksander Machniak
b8555ce4f3 Fix so 401 error is returned only on failed logon requests (#7010) 2019-11-11 12:41:00 +01:00
Aleksander Machniak
9f1d185c44 Master is 1.5-git now 2019-10-27 09:45:15 +01:00
Aleksander Machniak
f1a83f923d Added cookie mismatch detection, display an error message informing the user to clear cookies 2019-04-19 10:12:23 +02:00
Aleksander Machniak
57c67db029 Remove year(s) from copyright headers + some cleanup 2019-04-16 10:42:45 +02:00
Aleksander Machniak
11216a1925 Changed 'password_charset' default to 'UTF-8' (#6522) 2018-11-16 13:22:13 +01:00
Aleksander Machniak
186f21c4c1 Avoid Referer leaking by using Referrer-Policy:same-origin header (#6385) 
Added 'common_headers' hook
 2018-10-21 11:39:39 +02:00
Aleksander Machniak
f1ee6d7906 Plugin API: Add possibility to specify HTTP return code via 'unauthenticated' hook 2018-10-15 10:01:12 +02:00
Aleksander Machniak
e4ccc2bb48 Update copyright year in few places 2018-03-09 13:30:56 +01:00
Aleksander Machniak
fb2f213d6f Add id attribute to the installer warning 2017-12-24 08:27:22 +01:00
Aleksander Machniak
2cb9de358b Return "401 Unauthorized" status when login fails (#5663) 2017-06-26 16:53:04 +02:00
Aleksander Machniak
e51fa197bb Remove unused variable 2017-06-05 09:44:58 +02:00
Aleksander Machniak
5101cfc67a Bump version to 1.4-git 2017-05-15 11:34:43 +02:00
Thomas Bruederli
f78e2a4367 Add 1.3-beta milestone + update copyright year 2017-01-03 18:24:34 +01:00
Aleksander Machniak
ad9a55f8cb Support hostname and hostname:port in force_https option (#5511) 2016-11-20 15:27:21 +01:00
Aleksander Machniak
24b4ca52cf Fix so "Action disabled" error uses more appropriate 404 code (#5440) 2016-09-21 09:03:37 +02:00
Aleksander Machniak
b77efcd104 Fix typo 2016-06-29 09:02:59 +02:00
Aleksander Machniak
85082c88c7 CS fixes 2016-06-29 08:58:59 +02:00
Aleksander Machniak
9634169647 Bump version number to 1.3-beta 2016-05-02 14:37:39 +02:00
Aleksander Machniak
a15d877ba8 Added brute-force attack prevention via login rate limit (#1490566) 2015-11-11 18:53:43 +01:00
Aleksander Machniak
1b39d9a6c7 PHP7: Fixed some E_WARNING errors that previously were E_STRICT 2015-08-08 09:32:24 +02:00
Aleksander Machniak
4b72a1f498 Fix error when using back button after sending an email (#1490009) 2015-07-31 18:48:17 +02:00
Aleksander Machniak
a958748947 CS fixes 2015-06-07 15:26:33 +02:00
Aleksander Machniak
3779b67a9c Set version number to 1.2-git 2015-02-16 11:22:13 +01:00
Thomas Bruederli
2f8b1036da Bump version and copyright year 2015-02-07 18:33:24 +01:00
Aleksander Machniak
681ba6fc3c Improve system security by using optional special URL with security token 
Allows to define separate server/path for image/js/css files
Fix bugs where CSRF attacks were still possible on some requests
 2014-12-16 13:28:48 +01:00
Thomas Bruederli
c45507e317 Fix login error message display broken in b51de327 2014-10-14 21:47:15 +02:00
Thomas Bruederli
b51de3279f Display custom error messages from plugins hooks (as documented in the API spec) 2014-10-14 15:13:49 +02:00
Thomas Bruederli
a873d934f5 Give precedence to plugin.* actions over custom tasks registered by plugins 2014-08-27 14:37:52 +02:00
Aleksander Machniak
d01f9fc7f5 Add option (disabled_actions) to disable UI elements/actions (#1489638) 2014-08-04 19:03:27 +02:00
Thomas Bruederli
7e7e451b66 Warn for unsent/unsaved message when closing compose window; remove localStorage copy if page was left intentionally but not on session errors (#1489818) 2014-07-09 10:55:25 +02:00
Aleksander Machniak
d19a9b35cc Remove obsolete code that disables session check on 'send' action 2014-07-08 11:53:52 +02:00
Aleksander Machniak
ba5c53e5c3 Send X-UA-Compatible as HTTP header instead of meta tag 2014-06-09 14:16:35 +02:00
Aleksander Machniak
b360f707e8 Small code improvement 2014-05-12 14:36:09 +02:00
Aleksander Machniak
65f59fa3c6 Bump version number to 1.1-git 2014-03-19 08:49:55 +01:00
Aleksander Machniak
8d3d5b42b7 Prevent from "Call to undefined method rcmail_output_json::add_footer()" error 2014-02-21 16:26:37 +01:00
Aleksander Machniak
0301d9347f CS fixes 2014-01-01 12:31:14 +01:00
Thomas Bruederli
85e60ada15 First version of the local storage compose data saving feature; some behavioral improvements and encrytion are still to be added 2013-11-10 14:04:33 +01:00
Thomas Bruederli
b461a2d72e Send last fetch time with 'refresh' requests and allow plugins to alter query parameters of http requests 2013-10-21 16:03:03 +02:00