0ct0pu5/squirrelmail
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
15027 commits 3 branches 0 tags 27 MiB
Commit graph

3200 commits

Author SHA1 Message Date
pdontthink
d4e2698415 Account for servers that send extra unsolicited FETCH responses (such as when flags change due to a FETCH request). PLEASE TEST! 2012-07-27 23:03:15 +00:00
pdontthink
87418e9fce Fix occasional PHP notice 2012-05-09 02:57:02 +00:00
pdontthink
cb2f380ca9 Clear checkbox selections when form is processed 2012-04-27 07:18:17 +00:00
pdontthink
c0359324bf Fix simple E_STRICT notice 2012-04-01 21:15:36 +00:00
pdontthink
b2cc0dac1c Revert changes in revision 14302. Revision 14302 should only have changed functions/imap_general.php 2012-04-01 20:09:11 +00:00
pdontthink
33ebad3f5c Fall back to using LIST if NAMESPACE answer is malformed or otherwise problematic. This still doesn't account for situations where the NAMESPACE or LIST answer can't be parsed correctly. 2012-04-01 19:50:49 +00:00
Thijs Kinkhorst
c323e82aca I believe this code worked by chance, redefining it from string to array and 
using it outside the code block it was defined in. This should repair it to
what was intended.
 2012-03-24 10:42:31 +00:00
pdontthink
3e322d9b3f Spelling mistake 2012-02-07 23:05:36 +00:00
pdontthink
c1319ea61a Better performance by reducing token usage to only one at a time (also added an option to revert to old behavior if desired) 2012-02-07 22:51:58 +00:00
pdontthink
acc409fb2a Updating copyrights. Happy New Year. 2012-01-02 02:09:17 +00:00
pdontthink
3f6714e22b Sanitize integer option fields - only digits allowed 2011-12-29 06:56:03 +00:00
pdontthink
3e5f552776 Unify address book searches. See ChangeLog comments. Also, fixed bug wherein file backend wasn't escaping regular expression correctly. File based backend used to search all fields at once, concatenated by spaces, which 'worked', but is misleading and nothing like the other backends. 2011-12-28 02:59:31 +00:00
pdontthink
dc5d34683d addrsrch_fullname is already fetched by load_prefs.php 2011-12-21 13:27:54 +00:00
pdontthink
d7ee5f0bba Fix hook name clash: new smtp_auth hook added recently (a few months ago) has been renamed to smtp_authenticate 2011-09-05 07:00:18 +00:00
Thijs Kinkhorst
2f36c7bb19 attary may be empty at this point and the sq_fixatts call will generate PHP 
Warnings. Wrap it in a conditional just like the other sq_fixatts call.
 2011-07-13 08:44:04 +00:00
pdontthink
9b7080ad98 Fix XSS problem with unsanitized style tags in messages [CVE-2011-2023] 2011-07-12 04:59:12 +00:00
pdontthink
e61d33ae49 Fix XSS holes in generic options inputs, XSS hole in the SquirrelSpell plugin, and added anti-CSRF protection to the empty trash feature (thanks to Nicholas Carlini for finding all these issues) [CVE-2010-4555] 2011-07-12 04:45:49 +00:00
pdontthink
361b09f7a2 Add clickjacking protection (thanks to Asbjorn Thorsen and Geir Hansen for bringing this to our attention) [CVE-2010-4554] 2011-07-12 03:44:23 +00:00
pdontthink
f21d866a51 2011-05-03 06:23:56 +00:00
pdontthink
76e21b5573 Allow administrators to configure subfolders of user INBOXes to be treated as special folders by adding $subfolders_of_inbox_are_special to config_local.php 2011-05-03 06:05:08 +00:00
pdontthink
af4a1ec714 Remove quotes around personal names in message list (#3292587) 2011-04-27 09:43:25 +00:00
pdontthink
c46be6d696 Undelete button shouldn't be related to whether or not a trash folder is in use - it's just a product of auto-expunge 2011-03-11 02:22:57 +00:00
pdontthink
353fa70bf7 Don't use regular expressions when you don't need to 2011-03-04 01:19:33 +00:00
pdontthink
fc57bf2b59 Happy New Year! 2011-01-06 03:16:21 +00:00
pdontthink
393975f23a Refine HMAC-MD5 generator; use native PHP Hash extension if available 2010-12-27 00:35:24 +00:00
pdontthink
d31ba01582 Fix sqauth_read_password() for plugins running on the login_verified hook when the 'key' cookie isn't yet set 2010-09-25 04:08:03 +00:00
pdontthink
35efbd5e30 Now allow multiple plugins to handle (add links for) a single attachment MIME type 2010-09-12 06:02:18 +00:00
pdontthink
1b8c0c2308 Fixed system lock-ups caused by a combination of certain rare, malformed message headers and buggy versions of PHP mbstring (#3053349, 987016) 2010-09-03 03:09:51 +00:00
pdontthink
7cab7f11c4 Fix issues caused by use of PostgreSQL keyword 'user' in SquirrelMail's default preferences database schema (#2943483) 2010-07-21 07:06:12 +00:00
pdontthink
55cfe728a0 Now fill in default subject when forwarding as attachment (#2936541) 2010-06-21 08:16:05 +00:00
pdontthink
6a87c99bc2 Reduced default time security tokens stay valid from 30 days to 2 days (reduces chances of session data growing too large) 2010-06-21 07:01:16 +00:00
pdontthink
e85832efce Synchronize no-cache headers. This reverses revision 13940 because no-cahce headers were already being sent in displayHtmlHeader() for left_main.php and right_main.php (the tracker referred to in that revision only applies to SquirrelMail 1.4.x). 2010-06-21 00:39:12 +00:00
Thijs Kinkhorst
a9d46c71ad Send X-DNS-Prefetch-Control: off header to browsers to prevent information 
leakage when Firefox does DNS prefetching for URL's contained in emails.
https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail
 2010-02-13 16:27:52 +00:00
pdontthink
a651189f84 Multibyte strings (notably subjects) are now handled correctly (#2824813, #2925731) 2010-02-04 20:05:51 +00:00
pdontthink
83236fcc19 Encoded From headers now properly quoted (#2830141). A better fix might be to re-write encodeHeader() 2010-01-30 17:10:07 +00:00
pdontthink
7aa0e60863 Update copyrights to 2010 2010-01-25 03:23:30 +00:00
pdontthink
d4ceecd391 Slight rewrite of php_self() 2010-01-24 23:26:33 +00:00
pdontthink
cb5a6093d9 Make php_self() more robust. Seems to fix certain lighttpd issues, such as probably #1741469 2010-01-21 14:40:52 +00:00
jangliss
191a822dcc Fix for mailto: URLs containing a + sign. Thanks to Michael Puls II for the patch. 2010-01-19 03:17:14 +00:00
pdontthink
172b91e466 Quote dynamic regex contents to be safe. Thanks to Daniel Hahler. 2010-01-05 08:58:04 +00:00
Thijs Kinkhorst
e895b91d5d need to move strtolower inside if-block to prevent notice when attached 
file has no extention
 2009-11-27 09:25:08 +00:00
pdontthink
a5644b2e2d NULL not accepted as a replacement for empty arrays as of PHP 5.3 2009-11-01 08:02:25 +00:00
pdontthink
39008a1693 Avoid prefixing global $check_referrer value with protocol prefix - use local variable instead 2009-10-12 22:11:35 +00:00
pdontthink
3c1837c21b Fix wrong doc 2009-10-04 22:58:41 +00:00
Fredrik Jervfors
1e590d028b Adding and improving comments. 2009-09-29 12:37:05 +00:00
Fredrik Jervfors
134d462c94 The copyright symbol isn't really needed since the word "copyright" is there. Also it doesn't display right in the documentation. 2009-09-29 12:15:33 +00:00
pdontthink
09891dc083 Fix broken'Thread' and the no-javascript 'All' links (add security tokens) 2009-09-19 20:22:15 +00:00
pdontthink
ab0d2b2c66 Fix broken search pagination (add security tokens) 2009-09-19 20:11:13 +00:00
pdontthink
8ee030800c Delete requests can come via GET or POST 2009-08-17 23:47:07 +00:00
pdontthink
4c66f74f5c Protect message deletion with security token system. (Secunia Advisory SA34627) 2009-08-17 23:18:47 +00:00