0ct0pu5/squirrelmail

Author	SHA1	Message	Date
pdontthink	04498a59be	Correct documentation	2009-08-12 08:36:13 +00:00
pdontthink	b28d767437	Implemented security token system. (Secunia Advisory SA34627)	2009-08-12 08:28:38 +00:00
pdontthink	585c624f80	Implemented page referal verification mechanism. (Secunia Advisory SA34627)	2009-08-12 08:20:46 +00:00
pdontthink	08fc33cf6c	Fix incorrect stristr() parameter order	2009-08-10 23:18:20 +00:00
pdontthink	dab583acb0	Don't encode stuff that's used in hyperlink addresses	2009-08-08 20:15:19 +00:00
pdontthink	beff3aec0d	Fix broken regular expression	2009-08-01 19:17:55 +00:00
pdontthink	ccac44cd17	Fix broken regular expression	2009-08-01 19:15:13 +00:00
pdontthink	ec7a4430aa	This time really make abook files get created with correct permissions	2009-07-29 03:35:07 +00:00
pdontthink	bc3fb36016	Stop using deprecated ereg() functions (#2820952 )	2009-07-29 01:55:21 +00:00
pdontthink	35ee98eeb8	PHP 5.3 deprecated ereg() function (#2820952 )	2009-07-28 23:13:45 +00:00
pdontthink	79cebcc00d	Port Thijs fix (rev.13790) to DEVEL: no words must be an empty array, not a string, to prevent notices when later array operations are done on $words.	2009-07-28 22:50:12 +00:00
Fredrik Jervfors	2ff6db700e	Adding comments to the translators.	2009-05-28 06:22:05 +00:00
pdontthink	e4156b6cb1	QUERY_STRING is already sanitized	2009-05-26 18:05:35 +00:00
Thijs Kinkhorst	e6f959fbd1	add more labling for options pages	2009-05-24 10:00:10 +00:00
Thijs Kinkhorst	6f1f3d6b35	The shell escaping fix in map_yp_alias (CVE-2009-1579) was incomplete. Thanks Michal Hlavinka for noticing this. [CVE-2009-1381]	2009-05-21 17:11:22 +00:00
pdontthink	683f761cc1	Add FIXME	2009-05-20 17:22:31 +00:00
pdontthink	84a468306b	Clarify docs and use correct $nbsp	2009-05-14 17:20:47 +00:00
pdontthink	10804e03a1	Always generate $base_uri for every page request as opposed to doing it only on some pages. Always regenerate session ID at login to prevent session fixation by an attacker who has set a malicious cookie on the client browser. Try to clean up extraneous cookies, such as ones some browsers might actually obey from the src/ directory. Thanks to Tomas Hoger. (CVE-2009-1580)	2009-05-11 22:50:16 +00:00
pdontthink	eda7b9b157	OMG - unsanitized shell command. Thanks to Niels Teusink. (CVE-2009-1579)	2009-05-11 22:17:46 +00:00
pdontthink	dba77072d2	Dunno why this was never implemented, but the comments say it's OK, so here goes...	2009-05-11 22:08:25 +00:00
pdontthink	d0fd71bf6e	Remove ability for HTML emails to use CSS positioning to overlay SquirrelMail content. Thanks to Luc Beurton. (#2723196/CVE-2009-1581)	2009-05-11 21:19:52 +00:00
pdontthink	7443fe3229	Stop using session_unregister()	2009-05-08 17:53:37 +00:00
pdontthink	930f6456fc	Reduce confusion about what user is running the web server	2009-04-28 22:03:23 +00:00
pdontthink	4e08ebbbc0	Add display indicator for forwarded messages	2009-04-17 10:49:38 +00:00
pdontthink	5b84abc4c7	Fix: Messages forwarded as attachments from message list were not getting flagged as forwarded	2009-04-17 05:46:18 +00:00
Fredrik Jervfors	0a6245814a	There are too many modified files being committed without the copyright year being updated, so here's a copyright year update the old-fashioned style.	2009-04-15 22:00:49 +00:00
pdontthink	ffc720544d	Translate special folders doesn't mean translate any folder	2009-04-06 10:48:28 +00:00
pdontthink	c07775cdaa	Moving function to its rightful place	2009-04-05 04:26:27 +00:00
pdontthink	c3051ee704	FIXME	2009-04-05 04:13:39 +00:00
pdontthink	326a1c7f10	Encode outgoing attachments that have lines longer than allowed per RFC. Otherwise, they can be corrupted when artificially (forced) folding - unfolding typically produces an extra space at the fold in most MUAs. This fixes #2226470 and #1473714 . Thanks to Kelly Fallon.	2009-04-03 08:31:17 +00:00
pdontthink	6db973fc82	Fix documentation	2009-04-01 21:18:59 +00:00
pdontthink	e6fa5d31d8	Documentation fix	2009-04-01 21:10:06 +00:00
pdontthink	45517fd6f0	Put quotes around both encoded and non-encoded addresses for consistency (#2449213 )	2009-04-01 11:06:10 +00:00
pdontthink	77b3c3d037	Put sample .htaccess in all directories browser does not access directly	2009-03-26 22:34:32 +00:00
pdontthink	d27f53fb49	Fix for accesskey getting set to 'NONE' in somem cases	2009-03-26 21:05:53 +00:00
pdontthink	cebf083b4e	Add access keys to mailbox list	2009-03-26 20:34:35 +00:00
pdontthink	39355dd534	Add access keys for menubar	2009-03-26 08:40:48 +00:00
pdontthink	836d2c03e6	Allow makeInternalLink() and makeComposeLink() to accomodate access keys	2009-03-25 03:16:51 +00:00
pdontthink	020367505f	Allow multiple addresses in one abook entry (separate with commas), although we HIGHLY DISCOURAGE grouping in this manner - note amongst other issues that can come up, sizing for large groups will be a problem	2009-02-19 23:34:11 +00:00
pdontthink	118125ad8e	More of the same	2009-02-19 22:32:50 +00:00
pdontthink	aa91dedc20	Allow version numbers to omit trailing zeros	2009-02-19 22:24:48 +00:00
pdontthink	f86dae353b	Ensure that hash directory computation is the same on both 32 and 64 bit architectures (#2596879 ) (Thanks to Mike Sweetser)	2009-02-14 07:32:38 +00:00
pdontthink	cb8c1c05f4	Add compatibility with Dovecot's bigint UIDs	2009-02-01 02:24:32 +00:00
pdontthink	3bdb47ac83	Add typecast type for bigint	2009-01-23 20:42:43 +00:00
pdontthink	b9c6b56944	Set more restrictive permissions on abook files - matches how pref files are treated. Thanks to 'Lampa' for the pointer.	2009-01-14 21:55:29 +00:00
jangliss	6eac2ea935	Removing unneeded call to the squisher, as the IDs are passed straight onto the sub functions.	2009-01-04 00:05:29 +00:00
pdontthink	176f41716d	Correct since tag	2008-12-23 03:04:17 +00:00
pdontthink	b69961cfe0	Make all submit button names unique on compose screen	2008-12-23 02:59:14 +00:00
pdontthink	28be6e0075	Fix body onload per FIXME	2008-12-21 09:43:22 +00:00
pdontthink	33cfdfb28b	Oops	2008-12-19 08:37:39 +00:00

... 4 5 6 7 8 ...

3200 commits