Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-04 07:14:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,379 Commits 72 Branches 205 Tags
ed4dc2139dd5c6cbf1732b1bf2ec45dfd35a178a
Commit Graph

58 Commits

Author SHA1 Message Date
Aleksander Machniak
6f435ecb52 Fix fatal error/warning on invalid input to user parameter (#8152) 
Added a new utility method: rcube_utils::get_input_string()
 2021-08-01 10:31:09 +02:00
Aleksander Machniak
89e54718ca Migration to PHPUnit v9 2021-07-25 11:07:56 +02:00
Thomas P
0044673e11 Add config options for subject prefixes (#7929) 2021-04-25 09:41:08 +02:00
Aleksander Machniak
0df8e97476 Small code improvement + tests 2021-03-22 16:11:38 +01:00
Aleksander Machniak
9f19b931e3 Fix cross-site scripting (XSS) via HTML messages with malicious CSS content 
and improve css parsing code.

Thanks to Mateusz Szymaniec (CERT Polska) for reporting the issue.
 2021-02-08 13:42:12 +01:00
johndoh
1eebfd723b Improve detection of external urls for redirect (#7823) 2021-01-23 10:15:09 +01:00
Aleksander Machniak
f4ed1024dc PHP8 fixes, CS fixes, short array syntax, tests 2020-12-02 20:15:00 +01:00
Aleksander Machniak
318f91417f Add rcube_utils::explode() 2020-11-02 09:02:38 +01:00
Aleksander Machniak
bdf0a6539e Relaxed domain name validation for extended TLDs support (#5588) 2020-01-19 19:21:28 +01:00
Aleksander Machniak
47d9ed6d0c Add support for PHPUnit 6 and 7 (#6870) 
Fixes composer dependencies: Package phpunit/phpunit-mock-objects is abandoned

We cannot support v8 yet because of errors like:
Declaration of MailFunc::setUp() must be compatible with PHPUnit\Framework\TestCase::setUp(): void
It would require dropping PHP < 7.1 support.
 2019-12-28 09:37:45 +01:00
Aleksander Machniak
63730cf842 Fix security issue where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897) 2019-08-27 15:33:23 +02:00
Aleksander Machniak
057fb69bb9 Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899) 2019-08-27 14:37:17 +02:00
Aleksander Machniak
7bf868767e Fix security issue where it was possible to bypass the position:fixed CSS check in received messages (#6898) 2019-08-27 13:50:09 +02:00
Aleksander Machniak
0a0ad2c9b7 Switch to IDNA2008 variant (#6806) 
After switching IDNA_NONTRANSITIONAL_TO_ASCII on, switch to
IDNA2008 variant in Net_LDAP2. Add test, update changelog.
 2019-06-16 12:03:27 +02:00
Aleksander Machniak
ce52b04051 Update changelog, add some tests for rcube_utils::parse_host() 2019-05-19 08:42:07 +02:00
Aleksander Machniak
0716d499bc Fix bug where some escape sequences in html styles could bypass security checks 2018-05-05 17:12:18 +02:00
Aleksander Machniak
b2bebe531a Fix bug where usernames without domain part could be malformed or converted to lower-case on logon (#6224) 2018-04-10 09:24:29 +02:00
Aleksander Machniak
f36e23b778 Fix parsing date strings (e.g. from a Date: mail header) with comments (#6216) 2018-03-18 19:22:09 +01:00
Aleksander Machniak
0f3ad342f7 Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() (#6212) 2018-03-09 09:32:44 +01:00
Aleksander Machniak
9d2b303b51 Fix bug in remote content blocking on HTML image and style tags (#6178) 2018-02-14 20:19:32 +01:00
Daniel Kesselberg
a8d5547163 Update idn convertion methods (#6115) 
* Add more test cases
* Update phpdoc
 2017-12-31 13:22:48 +01:00
Aleksander Machniak
63a7d2313f Improve SMTPUTF8 support and fix relaxed email validation issues 2017-12-31 13:14:31 +01:00
Daniel Kesselberg
a3504cb3b8 Add unit test for IDN (#6114) 2017-12-30 08:41:10 +01:00
Aleksander Machniak
3196d656db Fix css conflicts in user interface and e-mail content (#5891) 
... by adding prefix to element/class identifiers
Also cleaned up some code and removed global variable use.
 2017-10-12 10:48:54 +02:00
Aleksander Machniak
5d16751ed8 Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 2017-10-01 11:58:11 +02:00
Aleksander Machniak
1fcf7bfab3 Fix bug where HTML messages with @media styles could moddify style of page body (#5811) 2017-06-28 08:26:05 +02:00
Aleksander Machniak
8f22c3287d Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747) 2017-05-05 11:51:51 +02:00
Thomas Bruederli
522565b400 Add tests for XSS vulnerabilities in style tags 2017-03-10 23:20:01 +01:00
Aleksander Machniak
7340360e79 Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 2017-01-07 09:59:42 +01:00
Aleksander Machniak
dcabc1d814 Merge remote-tracking branch 'upstream/master' 
Conflicts:
	tests/Framework/Washtml.php
 2016-07-31 09:26:19 +02:00
Aleksander Machniak
906cf101c3 Better time handling in rcube_utils::clean_datestr() 2016-07-29 12:40:15 +02:00
Aleksander Machniak
ed35267b9b Managesieve: Fix parsing of vacation date-time with non-default date_format (#5372) 
Added new method rcube_utils::format_datestr() to convert date_format date
into ISO date format.
 2016-07-29 05:42:18 -04:00
Aleksander Machniak
6737e293bb Wash position:fixed style in HTML mail for better security (#5264) 2016-05-29 17:09:41 +02:00
Aleksander Machniak
cbe701ac4a Fix rcube_utils::words_match() to work with mixed/invalid/binary content (T844) 2015-11-18 13:27:00 +01:00
Aleksander Machniak
26086981a2 Improve randomness of security tokens (#1490529) 2015-09-08 17:38:19 +02:00
Aleksander Machniak
7a42173a16 Simplify rcube_utils::check_ip() 2015-08-13 09:04:19 +02:00
Aleksander Machniak
8447bae77c Require Mbstring and OpenSSL extensions (#1490415) - remove redundant code 2015-06-28 12:27:48 +02:00
Aleksander Machniak
3994b3a26c Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402) 2015-05-23 09:42:11 +02:00
Aleksander Machniak
389f70996c Skip some tests on PHP 5.3.3 2015-05-05 10:37:19 -04:00
Aleksander Machniak
eb58b6c537 Fix failing rcube_utils::strtotime() test if system timezone was different than expected 2015-05-05 12:40:17 +02:00
Thomas Bruederli
e8b82c2e7b Fix rcube_utils::normalize_string() to support unicode characters + add argument for minimum token length 2014-12-28 16:22:08 +01:00
Thomas Bruederli
09c58d1add Make rcube_utils::strtotime() timezone aware (#1490163) 2014-12-28 15:41:47 +01:00
Aleksander Machniak
11eb072f80 Fix rcube_utils::get_boolean() test to not use deprecated function alias 2014-12-22 10:40:06 +01:00
Aleksander Machniak
848e204ef9 Fix validation of email addresses with IDNA domains (#1490067) 2014-09-13 12:36:54 +02:00
Aleksander Machniak
49dad5f669 Fix broken normalize_string(), add support for ISO-8859-2 2014-05-27 11:39:31 +02:00
Aleksander Machniak
d921587f29 Add more tests for normalize_string() - some failing 2014-05-27 10:22:10 +02:00
Aleksander Machniak
517c9f9a8d Fix directories check in Installer on Windows (#1489576) 
Added rcube_utils::is_absolute_path() method
 2014-02-07 14:43:51 +01:00
Aleksander Machniak
b1f3c3bee8 Fixed saving contact birthday/anniversary dates before 01-01-1970 2013-10-28 15:28:58 +01:00
Thomas Bruederli
fdb30f3279 Fix CSS selector modifications when nested in @media blocks 2013-10-26 11:49:02 +02:00
Aleksander Machniak
b32fab16ef Fix handling of non-default date formats (#1489294) 
- remove ambiguous m/d/Y format from default config
 2013-08-24 18:08:54 +02:00