 pdontthink
|
d09583a7bf
Relax restriction on image tag src URIs. Others PLEASE TEST (HTML mails with unsafe images). Per the developers mailing list, no one could show that there was any exploit here. Some code has been inserted here but commented out in case there is in fact some exploit - the code will filter image URI file extensions as before but for URIs that fail that test, SM will check the actual served content for legitimate image files (so dynamically generated images from .asp, .php, and other systems can be correctly displayed).
|
17 سال پیش |
|
Thijs Kinkhorst
|
7c8a269029
drop code related to old printer friendly
|
17 سال پیش |
|
Fredrik Jervfors
|
2c88b013a0
Updating use of sqgetGlobalVar.
|
17 سال پیش |
|
Fredrik Jervfors
|
f5d40976f3
Updating my previous comments.
|
17 سال پیش |
|
Fredrik Jervfors
|
4038839abf
Viewing unsafe images is a core functionality, so I remove these comments.
|
17 سال پیش |
|
Fredrik Jervfors
|
0c2da19718
Adding comments.
|
17 سال پیش |
|
Thijs Kinkhorst
|
b57f700812
reset token when another < is detected, to ensure that HTML tags between
|
17 سال پیش |
|
Thijs Kinkhorst
|
086605a234
fix spelling of variable name which made its meaning confusing
|
17 سال پیش |
|
Fredrik Jervfors
|
99264da765
Reinserting support for the "iframe_height" option. This might be done in a better way - if so, please do it.
|
17 سال پیش |
|
pdontthink
|
d36dcbdbe6
Don't let more general attachment plugins override changes made by specific ones; also judge by changes to the defaultlink in addition to added links. Thanks to Thierry Godefroy.
|
17 سال پیش |
|
pdontthink
|
63f24bd506
avoid E_STRICT errors
|
17 سال پیش |
|
pdontthink
|
642f901396
A few output elements are used often, so just retrieve them once and make them globally available
|
17 سال پیش |
|
jangliss
|
44d36821b1
Some IMAP servers handle empty bodies different. NIL is a valid response for the body, but we always expect a literal with a size. See RFC2180 sec 4.1.3.
|
17 سال پیش |
|
pdontthink
|
2cb20957be
Make mailto: links work when viewing HTML messages. Security folks, can this be exploited?
|
17 سال پیش |
|
Thijs Kinkhorst
|
f3aa45aa92
drop unneeded global
|
18 سال پیش |
|
Thijs Kinkhorst
|
6462c7e3de
fix some bugs found by grepping for urlencode/urldecode
|
18 سال پیش |
|
Thijs Kinkhorst
|
baff951679
color has been dropped as a parameter from (plain_)error_message,
|
18 سال پیش |
|
pdontthink
|
2747b5f21e
Grammar fix and comment to Marc I think.
|
18 سال پیش |
|
Thijs Kinkhorst
|
71719fccb1
Security: fixes for the HTML filter to counter further XSS exploits:
|
18 سال پیش |
|
pdontthink
|
f3f3eb92df
Generate links using templates
|
18 سال پیش |
|
Thijs Kinkhorst
|
11b10ba5d1
increment year in copyright notices
|
18 سال پیش |
|
pdontthink
|
717be5c30c
Massive update to plugin system architecture. Please test! Not all core plugins are tested yet, please point out issues that need to be fixed. Please see http://marc.theaimsgroup.com/?t=116282394000001&r=1&w=2
|
18 سال پیش |
|
Thijs Kinkhorst
|
1c4fe25e5f
tweak comments
|
18 سال پیش |
|
stekkel
|
d22a11a4d4
More XSS fixes related to magicHtml
|
18 سال پیش |
|
Thijs Kinkhorst
|
4991adee3b
- Security: close cross site scripting vulnerability in draft, compose
|
18 سال پیش |
|
pdontthink
|
08bcbd6471
After looking into it, I slightly misunderstood the intention here. Code is just fine as is.
|
19 سال پیش |
|
pdontthink
|
b6ff5b5a46
Adding ability to hook into ANY attachment type. Also, please review my comments, Does anyone know if/when/how the wildcard attachment code was working??? It looks pretty broken to me, but has been here a long time, so...????
|
19 سال پیش |
|
stevetruckstuff
|
4a2a0b54a4
Template for viewing HTML messages in iframes
|
19 سال پیش |
|
stevetruckstuff
|
f427409c19
Create a separate function to build the attachments array so that the same array can be given to printer-freindly views.
|
19 سال پیش |
|
stevetruckstuff
|
20e71360d8
<span> tags end with </span>, not </style> stupid!
|
19 سال پیش |
