Aleksander Machniak
fa492b8428
Fix PHP7 compat. break in last commit
2 years ago
Aleksander Machniak
b31ad1ad65
Fix so output of log_date_format with microseconds contains time in server time zone, not UTC
2 years ago
Aleksander Machniak
2408595a38
Fix connecting to LDAP using an URI with ldapi:// scheme ( #8990 )
2 years ago
Thomas B
be4c12a55e
Add config option for request uri field ( #8738 ) ( #8770 )
This can be used to read a custom header sent by a reverse proxy to resolve the absolute path to Roundcube
* add check against the proxy_whitelist option before using a HTTP header field value for the request uri composition.
* refactor the rcmail::url() method to also work when composing fully qualified urls.
* fix/adapt tests
3 years ago
Aleksander Machniak
0fd3b98ec0
Fix PHP warning ( #8784 )
3 years ago
Aleksander Machniak
8ad92d5f98
Fix so unix:// URI is supported in various host spec. options again ( #8468 )
3 years ago
Aleksander Machniak
7b81a71393
Don't use TLS by default ( #8359 )
Also unify the common code with a new rcube_utils::parse_host_uri() method
4 years ago
Aleksander Machniak
c445e19484
Fix security issues regarding server name and trusted_host_patterns setting
4 years ago
Aleksander Machniak
318d6d0859
Simplify code according to the minimum PHP version supported
4 years ago
Aleksander Machniak
f2688ba492
Use ?? operator where applicable
4 years ago
johndoh
693252edfe
Remove redudant php version checks ( #8154 )
4 years ago
Aleksander Machniak
6f435ecb52
Fix fatal error/warning on invalid input to user parameter ( #8152 )
Added a new utility method: rcube_utils::get_input_string()
4 years ago
Aleksander Machniak
766189f524
Fix PHP 8.1 deprecation warnings
4 years ago
Aleksander Machniak
0d4a395464
Fix PHP 8.1 deprecation warnings
4 years ago
Thomas P
0044673e11
Add config options for subject prefixes ( #7929 )
4 years ago
Josh Soref
203f456620
Spelling ( #8001 )
4 years ago
Aleksander Machniak
0df8e97476
Small code improvement + tests
4 years ago
Aleksander Machniak
9f19b931e3
Fix cross-site scripting (XSS) via HTML messages with malicious CSS content
and improve css parsing code.
Thanks to Mateusz Szymaniec (CERT Polska) for reporting the issue.
5 years ago
Aleksander Machniak
b4b24f93df
Fix some PHP8 warnings
5 years ago
Aleksander Machniak
39b3c0049e
Fix cross-site scripting (XSS) via HTML or Plain text messages with malicious content [CVE-2020-35730]
Credits to Alex Birnberg <birnbergalex@gmail.com>
5 years ago
Aleksander Machniak
66062846ec
Fix "unitialized string offset" warnings
5 years ago
Aleksander Machniak
12547ccf01
Require php-intl extension, get rid of Net_IDNA2, PHP8 fixes, short array syntax
Net_IDNA2 is not compatible, and Intl is a bundled ext since PHP 5.3.
Fixed some regressions.
5 years ago
Aleksander Machniak
61a5ade872
PHP8 fixes, short array syntax
5 years ago
Aleksander Machniak
f4ed1024dc
PHP8 fixes, CS fixes, short array syntax, tests
5 years ago
Aleksander Machniak
0cbe4a4acc
PHP8 fixes, CS fixes, short array syntax, added more tests
5 years ago
Michael Stilkerich
bad1dedbf6
Phpdoc type annotations ( #7733 )
5 years ago
Aleksander Machniak
318f91417f
Add rcube_utils::explode()
5 years ago
Aleksander Machniak
545a1569f1
Steps -> Actions refactoring ( #7688 )
* Move action handling code to rcmail class
* Add rcmail_action class
* Add action aliases
* Get rid of $OUTPUT global
* Move some methods from rcmail to rcmail_action
* PHP8 compat. fixes
* Add framework for testing actions
* Fix obvious code mistakes
5 years ago
Aleksander Machniak
f95212d626
PHP8: More warnings fixed
5 years ago
Aleksander Machniak
bde383d051
PHP8: Fix various issues
for now only these I found by running our unit tests, there will be much more
5 years ago
Aleksander Machniak
f0084b6f54
Fix empty space on mail printouts in Chrome ( #7604 )
5 years ago
Aleksander Machniak
a5c2b4360c
Fixes in context of undefined variables, and code style
5 years ago
Aleksander Machniak
1e1ea25b6c
Added special value 'email' to login_username_filter, it changes also logon input type ( #7179 )
5 years ago
Aleksander Machniak
bdf0a6539e
Relaxed domain name validation for extended TLDs support ( #5588 )
6 years ago
johndoh
51a9dd631f
Add support for SameSite cookie attribute (req PHP >= 7.3.0) ( #6772 )
6 years ago
Aleksander Machniak
0b45c3c6b0
Fix matching multiple X-Forwarded-For addresses with 'proxy_whitelist' ( #7107 )
6 years ago
Aleksander Machniak
e3c6989494
Log X-Real-IP only when it's different than REMOTE_ADDR
6 years ago
Aleksander Machniak
63730cf842
Fix security issue where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class ( #6897 )
6 years ago
Aleksander Machniak
057fb69bb9
Fix bug where some strict remote URIs in url() style were unintentionally blocked ( #6899 )
6 years ago
Aleksander Machniak
7bf868767e
Fix security issue where it was possible to bypass the position:fixed CSS check in received messages ( #6898 )
6 years ago
Aleksander Machniak
1afa46d28d
PHPDoc and CS fixes
6 years ago
Aleksander Machniak
8f895cb17f
Replace function alias: getallheaders() -> apache_request_headers()
6 years ago
Aleksander Machniak
0a0ad2c9b7
Switch to IDNA2008 variant ( #6806 )
After switching IDNA_NONTRANSITIONAL_TO_ASCII on, switch to
IDNA2008 variant in Net_LDAP2. Add test, update changelog.
6 years ago
Max Bosse
f1d3f9ee44
Fix: Use IDNA_NONTRANSITIONAL_TO_UNICODE for idn_to_utf8 call
6 years ago
Max Boße
70c20740e7
Set 'IDNA_NONTRANSITIONAL_TO_ASCII' idn-option
6 years ago
Amir Caspi
6b5fa52ec1
Update rcube_utils::parse_host, fixes #6746
Updated regexps used in parse_host to ensure that %t, %d, %z do not cut off domain and return only tld when underlying host has no subdomain (i.e., is just domain.tld rather than mail.domain.tld). Update fixes #6746 , now returns nothing shorter than domain.tld.
Also removed backslash from character class, period does not need to be escaped within character class.
6 years ago
Aleksander Machniak
57c67db029
Remove year(s) from copyright headers + some cleanup
6 years ago
Aleksander Machniak
61eb78ad64
Fix so ANY record is not used for email domain validation, use A, MX, CNAME, AAAA instead ( #6581 )
7 years ago
Aleksander Machniak
afc68aae63
FIx temp_filename() regressions, update changelog, add note in UPGRADING
7 years ago
PhilW
e024f133fa
give all temp files a constant prefix
7 years ago