0ct0pu5/squirrelmail
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
15136 commits 3 branches 0 tags 27 MiB
Commit graph

3213 commits

Author SHA1 Message Date
pdontthink
cedca778de Add advanced control over the SSL context used when connecting to the SMTP and IMAP servers over SSL/TLS (Thanks to Emmanuel Dreyfus) 2014-01-21 01:13:49 +00:00
pdontthink
581dc23061 Happy 2014 2014-01-01 20:33:20 +00:00
pdontthink
bb5e838b92 Change string to something already in squirrelmail.pot 2013-11-07 09:42:54 +00:00
pdontthink
f5e70a9086 Add full date and time as "title" (mouseover) text for dates shown on the message list screen 2013-11-06 16:47:55 +00:00
pdontthink
302724aa45 Add new spacer image and allow its use for unsafe images instead of the sec_remove_* image -- brings HTML emails into the modern age (much more viewable) 2013-10-23 10:09:16 +00:00
pdontthink
5c5e74e227 Add associative edit list option widget with optional folder list selector for values; Minor fixes for non-associative edit list widget 2013-10-22 15:49:26 +00:00
Fredrik Jervfors
c076a1f1ae Update copyright 2013-07-26 17:31:02 +00:00
pdontthink
70fcd2f2ea Note a bug 2013-06-19 07:44:53 +00:00
pdontthink
47cddde346 Allow more liberal reuse of tokens to avoid cross-frame conflicts 2013-06-18 04:20:50 +00:00
Thijs Kinkhorst
6958cd07e8 Remove use of deprecated /e modifier in preg_replace. 
This modifier starts generating Deprecated notices from PHP 5.5.
 2013-05-16 12:16:58 +00:00
pdontthink
e8d8dc0eaa Fix error caused by typo of variable name 2013-05-15 20:33:11 +00:00
Thijs Kinkhorst
67336076f6 clean up code commented out since 8 y 2013-01-15 15:58:43 +00:00
Thijs Kinkhorst
efd75f4867 Replace calls to htmlspecialchars() with sm_encode_html_special_chars(). 
New function sm_encode_html_special_chars() encodes HTML special
characters by calling htmlspecialchars(). It sets the character set
to ISO-8859-1, to fix compatibility with PHP >= 5.4.

Patch by Paul Lesniewski.

See #3491925
 2012-12-09 12:06:30 +00:00
pdontthink
d4e2698415 Account for servers that send extra unsolicited FETCH responses (such as when flags change due to a FETCH request). PLEASE TEST! 2012-07-27 23:03:15 +00:00
pdontthink
87418e9fce Fix occasional PHP notice 2012-05-09 02:57:02 +00:00
pdontthink
cb2f380ca9 Clear checkbox selections when form is processed 2012-04-27 07:18:17 +00:00
pdontthink
c0359324bf Fix simple E_STRICT notice 2012-04-01 21:15:36 +00:00
pdontthink
b2cc0dac1c Revert changes in revision 14302. Revision 14302 should only have changed functions/imap_general.php 2012-04-01 20:09:11 +00:00
pdontthink
33ebad3f5c Fall back to using LIST if NAMESPACE answer is malformed or otherwise problematic. This still doesn't account for situations where the NAMESPACE or LIST answer can't be parsed correctly. 2012-04-01 19:50:49 +00:00
Thijs Kinkhorst
c323e82aca I believe this code worked by chance, redefining it from string to array and 
using it outside the code block it was defined in. This should repair it to
what was intended.
 2012-03-24 10:42:31 +00:00
pdontthink
3e322d9b3f Spelling mistake 2012-02-07 23:05:36 +00:00
pdontthink
c1319ea61a Better performance by reducing token usage to only one at a time (also added an option to revert to old behavior if desired) 2012-02-07 22:51:58 +00:00
pdontthink
acc409fb2a Updating copyrights. Happy New Year. 2012-01-02 02:09:17 +00:00
pdontthink
3f6714e22b Sanitize integer option fields - only digits allowed 2011-12-29 06:56:03 +00:00
pdontthink
3e5f552776 Unify address book searches. See ChangeLog comments. Also, fixed bug wherein file backend wasn't escaping regular expression correctly. File based backend used to search all fields at once, concatenated by spaces, which 'worked', but is misleading and nothing like the other backends. 2011-12-28 02:59:31 +00:00
pdontthink
dc5d34683d addrsrch_fullname is already fetched by load_prefs.php 2011-12-21 13:27:54 +00:00
pdontthink
d7ee5f0bba Fix hook name clash: new smtp_auth hook added recently (a few months ago) has been renamed to smtp_authenticate 2011-09-05 07:00:18 +00:00
Thijs Kinkhorst
2f36c7bb19 attary may be empty at this point and the sq_fixatts call will generate PHP 
Warnings. Wrap it in a conditional just like the other sq_fixatts call.
 2011-07-13 08:44:04 +00:00
pdontthink
9b7080ad98 Fix XSS problem with unsanitized style tags in messages [CVE-2011-2023] 2011-07-12 04:59:12 +00:00
pdontthink
e61d33ae49 Fix XSS holes in generic options inputs, XSS hole in the SquirrelSpell plugin, and added anti-CSRF protection to the empty trash feature (thanks to Nicholas Carlini for finding all these issues) [CVE-2010-4555] 2011-07-12 04:45:49 +00:00
pdontthink
361b09f7a2 Add clickjacking protection (thanks to Asbjorn Thorsen and Geir Hansen for bringing this to our attention) [CVE-2010-4554] 2011-07-12 03:44:23 +00:00
pdontthink
f21d866a51 2011-05-03 06:23:56 +00:00
pdontthink
76e21b5573 Allow administrators to configure subfolders of user INBOXes to be treated as special folders by adding $subfolders_of_inbox_are_special to config_local.php 2011-05-03 06:05:08 +00:00
pdontthink
af4a1ec714 Remove quotes around personal names in message list (#3292587) 2011-04-27 09:43:25 +00:00
pdontthink
c46be6d696 Undelete button shouldn't be related to whether or not a trash folder is in use - it's just a product of auto-expunge 2011-03-11 02:22:57 +00:00
pdontthink
353fa70bf7 Don't use regular expressions when you don't need to 2011-03-04 01:19:33 +00:00
pdontthink
fc57bf2b59 Happy New Year! 2011-01-06 03:16:21 +00:00
pdontthink
393975f23a Refine HMAC-MD5 generator; use native PHP Hash extension if available 2010-12-27 00:35:24 +00:00
pdontthink
d31ba01582 Fix sqauth_read_password() for plugins running on the login_verified hook when the 'key' cookie isn't yet set 2010-09-25 04:08:03 +00:00
pdontthink
35efbd5e30 Now allow multiple plugins to handle (add links for) a single attachment MIME type 2010-09-12 06:02:18 +00:00
pdontthink
1b8c0c2308 Fixed system lock-ups caused by a combination of certain rare, malformed message headers and buggy versions of PHP mbstring (#3053349, 987016) 2010-09-03 03:09:51 +00:00
pdontthink
7cab7f11c4 Fix issues caused by use of PostgreSQL keyword 'user' in SquirrelMail's default preferences database schema (#2943483) 2010-07-21 07:06:12 +00:00
pdontthink
55cfe728a0 Now fill in default subject when forwarding as attachment (#2936541) 2010-06-21 08:16:05 +00:00
pdontthink
6a87c99bc2 Reduced default time security tokens stay valid from 30 days to 2 days (reduces chances of session data growing too large) 2010-06-21 07:01:16 +00:00
pdontthink
e85832efce Synchronize no-cache headers. This reverses revision 13940 because no-cahce headers were already being sent in displayHtmlHeader() for left_main.php and right_main.php (the tracker referred to in that revision only applies to SquirrelMail 1.4.x). 2010-06-21 00:39:12 +00:00
Thijs Kinkhorst
a9d46c71ad Send X-DNS-Prefetch-Control: off header to browsers to prevent information 
leakage when Firefox does DNS prefetching for URL's contained in emails.
https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail
 2010-02-13 16:27:52 +00:00
pdontthink
a651189f84 Multibyte strings (notably subjects) are now handled correctly (#2824813, #2925731) 2010-02-04 20:05:51 +00:00
pdontthink
83236fcc19 Encoded From headers now properly quoted (#2830141). A better fix might be to re-write encodeHeader() 2010-01-30 17:10:07 +00:00
pdontthink
7aa0e60863 Update copyrights to 2010 2010-01-25 03:23:30 +00:00
pdontthink
d4ceecd391 Slight rewrite of php_self() 2010-01-24 23:26:33 +00:00