Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-07 08:36:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,306 Commits 72 Branches 205 Tags
fa1f3bd852ea45f67c66fc1954dcd73ced80e25e
Commit Graph

1726 Commits

Author SHA1 Message Date
Philip Weir
ccede1f272 Update links in comments and config to https where available (#9759) 2025-01-26 13:34:57 +01:00
Aleksander Machniak
2f051c0154 Add rcube_imap_generic::getUser() method 
It's sometimes useful when all we have is the connection object
 2025-01-17 13:22:47 +01:00
Aleksander Machniak
dbbde7584e Add missing @param 2025-01-16 10:58:20 +01:00
Pablo Zmdl
d877302e50 Fix displaying message/rfc822 parts (#9753) 
* Fix displaying message/rfc822 parts

The previous code contained a simple error that assigned the body part
to the $headers variable (which then couldn't be parsed and got
discarded).

* Test rendering of attached message/rfc822 parts
 2025-01-15 18:27:05 +01:00
Aleksander Machniak
a677d26a27 Properly attach fetched headers into message parts 2025-01-14 12:17:37 +01:00
Aleksander Machniak
6e216b588a Reset $cmd_num when connection is closed 
We want command ID counter to start over when a new connection is being made
 2025-01-08 11:33:56 +01:00
Aleksander Machniak
53b1e7bf99 Fix decodeContent() call with the by-reference argument 2025-01-01 13:37:24 +01:00
Aleksander Machniak
4bde475ea1 Fix handling of binary mail parts (e.g. PDF) encoded with quoted-printable (#9728) 2025-01-01 13:27:30 +01:00
Aleksander Machniak
a49d9ef803 Reset internal cache in appropriate places to be on a safe side 2024-12-12 13:48:35 +01:00
Aleksander Machniak
ca51b317b9 Add annotate_message() to the storage interface 2024-12-11 15:08:44 +01:00
Aleksander Machniak
120c640c3a IMAP: Partial support for ANNOTATE-EXPERIMENT-1 extension (RFC 5257) 2024-12-11 14:56:49 +01:00
Pablo Zmdl
3577d52cbb Merge pull request #6138 from noobish/php-log 2024-12-02 08:06:01 +01:00
Vitaly Lavrov
613ccd7e05 BUG: get_variable for postgres never returns a value (#9710) 
Because of this, the insert_or_update() method never uses the "INSERT INTO ... ON CONFLICT DO UPDATE SET ..." command, and the logs constantly show errors adding records to the message cache due to "duplicate key".
 2024-11-24 14:18:06 +01:00
Aleksander Machniak
66c1363fe8 Fix BC break intruduced in the last commit 2024-11-21 16:01:24 +01:00
Aleksander Machniak
785e9bc1ba Fix PHP warning in compressMessageSet() and clarify result on an empty input 2024-11-21 15:38:29 +01:00
Michael Voříšek
efcdce84ba Keep phpstan strict rules testing (#9424) 
* Revert "Get rid of phpstan/phpstan-strict-rules"

This reverts commit ff59ade31a.

* drop phpstan baseline

* fix foreach phpstan issue

* adjust for rebase

* fix method call case

* ignore one phpstan error even after isset
 2024-11-20 08:13:16 +01:00
Paul J. Dorn
3b6eebc4e4 Fix preg_match()'s $flags type (#9686) 
PHP: Deprecated: preg_match(): Passing null to parameter #4 ($flags) of type int is deprecated in program/lib/Roundcube/rcube_result_thread.php
 2024-11-19 15:45:22 +01:00
Aleksander Machniak
00ef061ef8 Fix PHP fatal error when parsing some malformed BODYSTRUCTURE responses (#9689) 2024-11-17 14:40:36 +01:00
Ian Freeman
9183d37cfb Add 'php' log_driver, passing log entries off to php's configured 
error_log facility.
 2024-11-10 14:55:35 -08:00
Aleksander Machniak
749eb3853d CS fix 2024-11-03 10:40:17 +01:00
Aleksander Machniak
55881d35ae Fix PHP 8.4 deprecation warning on str_getcsv() use 2024-11-03 10:33:37 +01:00
Aleksander Machniak
ca10951ab9 Fix regression causing inline SVG images to be missing in mail preview (#9644) 2024-09-29 14:00:19 +02:00
Pablo Zmdl
6a7e96c212 Fix getting IMAP vendor name (#9654) 
In some cases, the array's keys where upper case, and the previous code
produced a warning and resulted in an empty string, even though the
name was present.
 2024-09-29 11:18:32 +02:00
respiranto
6159ebeb02 vcard: Fix whitespace handling in line cont's (#9637) 
* vcard: Fix whitespace handling in line cont's

Previously, multiple whitespace characters at the start of a
continuation line would all be dropped, instead of only the first one.

Also,
 - restrict line continuation characters to SPACE and TAB.

Note that, like before, this identifies the CR (`\r`) character with the
empty string, and thereby notably does not require a CRLF (`\r\n`)
sequence (which is mandated by RFCs 2426, 2425) for line termination
(i.e., `\n` suffices).

Fixes: Bug 1 of issue #9593.

* vcard: Add test for #9593/1

* Fix coding style
 2024-09-18 13:26:43 +02:00
Aleksander Machniak
f8d9cb157b Fix new phpstan errors 2024-09-12 09:52:42 +02:00
Aleksander Machniak
4ca198440a Fix PHP deprecation warnings (#9616) 2024-09-07 08:47:08 +02:00
Aleksander Machniak
7c8968f4fe Use new HTML5 parser available on PHP >= 8.4 2024-09-01 15:27:35 +02:00
Aleksander Machniak
58721e3037 Fix regression where HTML messages were displayed unstyled (#9586) 2024-08-16 19:56:51 +02:00
Aleksander Machniak
a290392231 CS fixes 2024-08-08 14:57:00 +02:00
Aleksander Machniak
cd0bde2d5b Fix regression where printing/scaling/rotating image attachments was broken (#9571) 2024-08-08 13:54:32 +02:00
Aleksander Machniak
e12e273c0c More tests 2024-08-04 10:28:16 +02:00
Aleksander Machniak
c99dcacddb - Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] 
Credits to Oskar Zeino-Mahmalat (https://www.sonarsource.com)
 2024-08-04 10:27:18 +02:00
Aleksander Machniak
78cc630987 - Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] 
Credits to Oskar Zeino-Mahmalat (https://www.sonarsource.com)
 2024-08-04 10:26:40 +02:00
Aleksander Machniak
40a4a71b67 Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] 
Credits to Oskar Zeino-Mahmalat (https://www.sonarsource.com)
 2024-08-04 10:25:49 +02:00
Aleksander Machniak
fdf19f3e7c Fix bug where imap_conn_option's 'socket' was ignored (#9566) 2024-08-02 12:16:01 +02:00
Aleksander Machniak
89d429dbee Fix two new phpstan issues 2024-08-02 09:12:48 +02:00
John R. D'Orazio
cd92b26aa8 Trigger warning when config files are not readable (#9550) 
* trigger error when config files are not readable

fixes issue #9549
 2024-07-27 06:49:31 +02:00
Aleksander Machniak
fbdfb036ad Fix bug where an unhandled exception was caused by an invalid image attachment (#9475) 
GD functions may throw ValueError in some cases since PHP 8.0.
We wrap them in try/catch blocks.
 2024-07-21 14:23:28 +02:00
Pablo Zmdl
8f9f1f12cd Filter "real" attachments by being referenced (#9472) 
* Filter "real" attachments by being referenced

This changes the way in which attachments are determined to be shown as
such ("standalone"), or not ("inline").
In theory this should be determined by their Content-Disposition, but in
reality this often doesn't work.
Now we check if the Content-ID or Content-Location of the attachment is
actually being used in other parts of the message. If not, the
attachment is considered to be "standalone".

* Consider all mime-parts to check if message is empty

Previously only `parts` and `body` were checked, so mime-parts that were
classified into `attachments` and `inline_parts` didn't count – thus
messages that contained only those parts were shown blank.
 2024-07-21 13:12:57 +02:00
Aleksander Machniak
23fe16d520 Fix return value of handlePartBody() when using file handle 2024-07-08 18:34:00 +02:00
Aleksander Machniak
92624b62dd Fix new phpstan errors 2024-07-02 19:47:15 +02:00
Jan
7a3e91a9d2 Added PluginAPI hooks for message_move and message_delete (#9501) 
---------

Co-authored-by: Jan-Nicklas Adler <adler@promatur.com>
 2024-06-19 18:15:07 +02:00
Pablo Zmdl
599dcaaa0d Re-introduce Ctype extension as dependency (#9509) 
It is required by Bacon, the QR-encoding tool.

This partially reverts commit deba22aaa9.
 2024-06-19 18:04:16 +02:00
Aleksander Machniak
613629f83a Fix decoding mail parts with multiple base64-encoded text blocks (#9290) 2024-06-16 12:47:56 +02:00
Aleksander Machniak
d8817d39b9 phpdoc fix 2024-06-06 08:01:08 +02:00
Michael Voříšek
6a5f9ee7ce Add override method attributes (#9272) 2024-06-02 15:57:56 +02:00
Aleksander Machniak
6d8dd2c9a2 Fix fatal error when parsing some TNEF attachments (#9462) 2024-06-02 15:13:42 +02:00
Aleksander Machniak
ba252dc5e2 Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes 
Reported by Valentin T. and Lutz Wolf of CrowdStrike.
 2024-05-19 10:20:09 +02:00
Aleksander Machniak
7da322371f Fix command injection via crafted im_convert_path/im_identify_path on Windows 
Reported by Huy Nguyễn Phạm Nhật.
 2024-05-19 10:10:32 +02:00
Aleksander Machniak
cfd108399e Simplify use of rcube::raise_error() 2024-05-17 15:43:17 +02:00