Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-05 15:54:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,643 Commits 72 Branches 205 Tags
fd7d7faabd00ffed661a8dfb68abbc8408cdf278
Commit Graph

91 Commits

Author SHA1 Message Date
Aleksander Machniak
0716d499bc Fix bug where some escape sequences in html styles could bypass security checks 2018-05-05 17:12:18 +02:00
Aleksander Machniak
a889f55c31 Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244) 2018-04-12 09:39:33 +02:00
Aleksander Machniak
b2bebe531a Fix bug where usernames without domain part could be malformed or converted to lower-case on logon (#6224) 2018-04-10 09:24:29 +02:00
Aleksander Machniak
f36e23b778 Fix parsing date strings (e.g. from a Date: mail header) with comments (#6216) 2018-03-18 19:22:09 +01:00
Aleksander Machniak
0f3ad342f7 Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() (#6212) 2018-03-09 09:32:44 +01:00
Aleksander Machniak
a1be62b19d Remove redundant trim() 2018-02-15 08:59:59 +01:00
Aleksander Machniak
9d2b303b51 Fix bug in remote content blocking on HTML image and style tags (#6178) 2018-02-14 20:19:32 +01:00
Aleksander Machniak
b172fb505c Improve trusted_host_patterns code 2018-01-01 11:10:53 +01:00
Aleksander Machniak
4a5ca74724 Merge branch 'trusted-host-patterns' of https://github.com/dsoares/roundcubemail into dsoares-trusted-host-patterns 2018-01-01 10:26:09 +01:00
Daniel Kesselberg
a8d5547163 Update idn convertion methods (#6115) 
* Add more test cases
* Update phpdoc
 2017-12-31 13:22:48 +01:00
Aleksander Machniak
63a7d2313f Improve SMTPUTF8 support and fix relaxed email validation issues 2017-12-31 13:14:31 +01:00
Aleksander Machniak
5665344673 Merge branch 'smtputf8' of https://github.com/jprjr/roundcubemail into jprjr-smtputf8 2017-12-31 12:18:05 +01:00
Aleksander Machniak
3cdc8af297 Fix possible performance issue when parsing malformed and long Date header (#6087) 2017-12-12 21:22:22 +01:00
Aleksander Machniak
3488531b26 Fix PHP Warning: Use of undefined constant INTL_IDNA_VARIANT_UTS46 on servers without php-intl extension 2017-12-06 15:52:02 +01:00
Aleksander Machniak
ca39a4e093 Fix PHP warning "idn_to_utf8(): INTL_IDNA_VARIANT_2003 is deprecated" with PHP 7.2 (#6075) 2017-12-03 10:41:41 +01:00
dsoares
5282cbaff9 Check against trusted_host_patterns in rcube_utils::parse_host() 2017-11-07 14:39:57 +00:00
dsoares
50a9c8f777 Add option trusted_host_patterns 2017-10-21 12:56:47 +01:00
Aleksander Machniak
3196d656db Fix css conflicts in user interface and e-mail content (#5891) 
... by adding prefix to element/class identifiers
Also cleaned up some code and removed global variable use.
 2017-10-12 10:48:54 +02:00
Aleksander Machniak
5d16751ed8 Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 2017-10-01 11:58:11 +02:00
Thomas Bruederli
3723f3f178 Fix rcube_utils::random_bytes() to not throw exception for length=0 2017-09-29 15:35:12 +02:00
Aleksander Machniak
1fcf7bfab3 Fix bug where HTML messages with @media styles could moddify style of page body (#5811) 2017-06-28 08:26:05 +02:00
Aleksander Machniak
f0431c7475 Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length (#5788) 2017-06-27 17:16:56 +02:00
Aleksander Machniak
27a621818d Make sure rcube_utils::resolve_url() does not add port 80 to the url 
...which might have happened with reverse proxies
 2017-06-06 11:47:44 +02:00
Aleksander Machniak
8f22c3287d Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747) 2017-05-05 11:51:51 +02:00
Aleksander Machniak
9ff7b78c7e Fix conflict with _gid cookie of Google Analytics (#5748) 
TODO: Review the whole code base and don't use INPUT_GPC when it's not really needed,
      in most cases we should not read $_COOKIE.
 2017-05-04 11:40:42 +02:00
Thomas Bruederli
bf21557873 Better fix for XSS in style tags (b59ff5ca) 2017-03-10 10:44:51 +01:00
Aleksander Machniak
05aae4711c Replace xss_entity_decode_callback() method with lambda function 2017-03-09 12:05:11 +01:00
Aleksander Machniak
b59ff5cafb Fix XSS issue in handling of a style tag inside of an svg element 2017-03-09 11:45:22 +01:00
Aleksander Machniak
81f67a4de2 Don't use each() deprecated in PHP 7.2 2017-02-06 15:46:18 +01:00
Aleksander Machniak
dfd19206a4 sizeof() -> count() 2017-02-06 13:49:29 +01:00
Aleksander Machniak
7340360e79 Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 2017-01-07 09:59:42 +01:00
Aleksander Machniak
4e0532808d Fix bug where it wasn't possible to store more that 2MB objects in memcache/apc (#5452) 
Added memcache_max_allowed_packet and apc_max_allowed_packet settings
 2016-10-16 11:19:30 +02:00
Aleksander Machniak
195dc11855 Support host-specific imap_conn_options/smtp_conn_options/managesieve_conn_options (#5136) 2016-09-30 18:02:23 +02:00
Aleksander Machniak
dcabc1d814 Merge remote-tracking branch 'upstream/master' 
Conflicts:
	tests/Framework/Washtml.php
 2016-07-31 09:26:19 +02:00
Aleksander Machniak
c3fc072d97 Remove code related to magic_quotes_* and register_globals 
...they do not exist in PHP 5.4 which we now require.
 2016-07-29 13:34:50 +02:00
Aleksander Machniak
906cf101c3 Better time handling in rcube_utils::clean_datestr() 2016-07-29 12:40:15 +02:00
Aleksander Machniak
ec1525a1e6 Remove debug code 2016-07-29 12:26:23 +02:00
Aleksander Machniak
ed35267b9b Managesieve: Fix parsing of vacation date-time with non-default date_format (#5372) 
Added new method rcube_utils::format_datestr() to convert date_format date
into ISO date format.
 2016-07-29 05:42:18 -04:00
Aleksander Machniak
f2eafda539 Fix bug where microsecond format in logged date didn't work in some cases 2016-06-12 09:16:54 +02:00
Aleksander Machniak
d61d33a12a Fix handling of --delete argument in moduserprefs.sh script (#5296) 2016-06-01 20:15:22 +02:00
Aleksander Machniak
6737e293bb Wash position:fixed style in HTML mail for better security (#5264) 2016-05-29 17:09:41 +02:00
John Regan
3a2874c77c Remove check for multiple dots in local-part 2016-05-17 11:40:18 -05:00
John Regan
0e809364e7 Support SMTPUTF8, relax email restrictions 
If the FROM/TO portions of an email use non-ASCII characters,
check that the SMTP server supports the SMTPUTF8 extension.

Additionally, change some rules for parsing email addresses to
allow for more characters. Basically, SMTPUTF8 states that
nearly any printable character is a valid character in an
email address.
 2016-05-17 11:33:34 -05:00
Aleksander Machniak
cbe701ac4a Fix rcube_utils::words_match() to work with mixed/invalid/binary content (T844) 2015-11-18 13:27:00 +01:00
Aleksander Machniak
7e3298753a Use ternary operator where aplicable 2015-11-14 10:08:07 +01:00
Aleksander Machniak
a03233ceba CS fixes 2015-10-07 09:14:18 +02:00
Aleksander Machniak
b2b9b591ce Fix handling random_bytes() errors in PHP 7.0.0RC3 2015-09-18 20:17:07 +02:00
Aleksander Machniak
e85bbc9e9c random_bytes() can throw an exception in some cases, since PHP 7.0.0rc3 2015-09-10 16:57:12 +02:00
Aleksander Machniak
26086981a2 Improve randomness of security tokens (#1490529) 2015-09-08 17:38:19 +02:00
Aleksander Machniak
f00e1f5333 CS fixes 2015-08-25 11:16:39 +02:00