0ct0pu5/squirrelmail
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
14888 commits 3 branches 0 tags 27 MiB
Commit graph

93 commits

Author SHA1 Message Date
pdontthink
44c2b2187a Fix attachment filename decoding (#2994865) 2010-07-21 19:19:07 +00:00
pdontthink
7cab7f11c4 Fix issues caused by use of PostgreSQL keyword 'user' in SquirrelMail's default preferences database schema (#2943483) 2010-07-21 07:06:12 +00:00
pdontthink
55cfe728a0 Now fill in default subject when forwarding as attachment (#2936541) 2010-06-21 08:16:05 +00:00
pdontthink
e560eba6a3 Now properly quote personal part of encoded addresses when replying 2010-06-21 07:58:11 +00:00
pdontthink
8e90c103d4 Fixed minor vulnerability in Mail Fetch plugin [CVE-2010-1637/TEHTRI-SA-2010-009] 2010-06-21 07:18:55 +00:00
pdontthink
6a87c99bc2 Reduced default time security tokens stay valid from 30 days to 2 days (reduces chances of session data growing too large) 2010-06-21 07:01:16 +00:00
pdontthink
e85832efce Synchronize no-cache headers. This reverses revision 13940 because no-cahce headers were already being sent in displayHtmlHeader() for left_main.php and right_main.php (the tracker referred to in that revision only applies to SquirrelMail 1.4.x). 2010-06-21 00:39:12 +00:00
jangliss
3dc0e61960 - Fix error with SpamCop reporting plugin not being able to send report as 
emails (#1795310).
  - Fix typo in SpamCop plugin.
  - Tidy some output (slightly personal to stop Eclipse complaining about errors in the code)
 2010-06-20 16:58:46 +00:00
jangliss
360e86143a Explicitly disable caching for left_main and right_main pages (#2983134) 2010-06-20 14:37:16 +00:00
pdontthink
71d5bdf227 Grammar 2010-02-13 23:13:56 +00:00
pdontthink
ff7e42bca1 Added ability to configure Google Mail (Gmail) as the mail server behind SquirrelMail 2010-02-13 23:11:28 +00:00
Thijs Kinkhorst
a9d46c71ad Send X-DNS-Prefetch-Control: off header to browsers to prevent information 
leakage when Firefox does DNS prefetching for URL's contained in emails.
https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail
 2010-02-13 16:27:52 +00:00
pdontthink
a651189f84 Multibyte strings (notably subjects) are now handled correctly (#2824813, #2925731) 2010-02-04 20:05:51 +00:00
pdontthink
83236fcc19 Encoded From headers now properly quoted (#2830141). A better fix might be to re-write encodeHeader() 2010-01-30 17:10:07 +00:00
pdontthink
64202ea4f4 Make base URL autodetection more robust (probably #1741469). Sorry, this should have been included in the last commit. 2010-01-21 14:55:19 +00:00
jangliss
191a822dcc Fix for mailto: URLs containing a + sign. Thanks to Michael Puls II for the patch. 2010-01-19 03:17:14 +00:00
jangliss
fe144bc255 Fix for security token missing in newmail plugin (#2919418). 2009-12-22 17:15:34 +00:00
jangliss
aeef8c04ba Fix issue with multi-part related messages not showing all attachments (#2830140). 2009-11-22 16:19:52 +00:00
pdontthink
b28d767437 Implemented security token system. (Secunia Advisory SA34627) 2009-08-12 08:28:38 +00:00
pdontthink
585c624f80 Implemented page referal verification mechanism. (Secunia Advisory SA34627) 2009-08-12 08:20:46 +00:00
pdontthink
6092b83f73 Remove personal data from Message ID seed. (#880029/847107) 2009-07-31 05:23:04 +00:00
pdontthink
bc3fb36016 Stop using deprecated ereg() functions (#2820952) 2009-07-29 01:55:21 +00:00
jangliss
df73f17aef Fixed broken RFC1918 reference in contrib/.htaccess and doc/.htaccess (#2798839). 
This probably needs further discussion
 2009-06-02 02:10:56 +00:00
Fredrik Jervfors
0be42f8b9b Removing the shut down DSBL blocklists. Thanks to Martin Jalakas for the report (#2796734). 2009-05-26 11:52:09 +00:00
jangliss
278e0f1e3a Fix for bug_report plugin not handling multiple values for same key (AUTH= AUTH=) 2009-05-24 06:08:56 +00:00
Thijs Kinkhorst
6f1f3d6b35 The shell escaping fix in map_yp_alias (CVE-2009-1579) was incomplete. 
Thanks Michal Hlavinka for noticing this. [CVE-2009-1381]
 2009-05-21 17:11:22 +00:00
Thijs Kinkhorst
a869fd2529 update changelog 2009-05-21 10:23:43 +00:00
pdontthink
64d68af4df - Fixed the Filters plugin to allow commas in filter criteria text 2009-05-19 01:51:16 +00:00
jangliss
e14c336ac3 - Cleanup variable name in address search for compose to clearup confusion. 
- Remove Javascript from address search page when JavaScript is disabled.
  - Add "Check All" function to address book when using "in-page" addressbook.
 2009-05-17 00:38:30 +00:00
pdontthink
98b8e57444 Forgot to mention PHP 5.3/6 compatibility update the other day 2009-05-12 07:42:28 +00:00
pdontthink
10804e03a1 Always generate $base_uri for every page request as opposed to doing it only on some pages. Always regenerate session ID at login to prevent session fixation by an attacker who has set a malicious cookie on the client browser. Try to clean up extraneous cookies, such as ones some browsers might actually obey from the src/ directory. Thanks to Tomas Hoger. (CVE-2009-1580) 2009-05-11 22:50:16 +00:00
pdontthink
eda7b9b157 OMG - unsanitized shell command. Thanks to Niels Teusink. (CVE-2009-1579) 2009-05-11 22:17:46 +00:00
pdontthink
da050015d2 Sanitize decrypt_headers.php form input (base64 decoding is not the same as sanitizing), general cleanup and grammatical fixes. Thanks to Niels Teusink. (also CVE-2009-1578) 2009-05-11 22:04:40 +00:00
pdontthink
7e85ed842b Fixed improper sanitizing of PHP_SELF and the lack of sanitizing of QUERY_STRING server environment variables. Thanks to Niels Teusink and Christian Balzer. (CVE-2009-1578) 2009-05-11 21:49:23 +00:00
pdontthink
d0fd71bf6e Remove ability for HTML emails to use CSS positioning to overlay SquirrelMail content. Thanks to Luc Beurton. (#2723196/CVE-2009-1581) 2009-05-11 21:19:52 +00:00
pdontthink
3d29cfb9fd Adding Khmer translation. Thanks to Khoem Sokhem. 2009-05-07 21:55:41 +00:00
pdontthink
4e08ebbbc0 Add display indicator for forwarded messages 2009-04-17 10:49:38 +00:00
pdontthink
fe3be0637d Massive update. Fixed several reported issues and some I discovered along the way. Also added quite a few new features including hashed directory support and fully dynamic database, table and field names. This closes #1940328 and #2007554 amongst other things (like multiple --user arguments failing). 2009-04-04 02:29:19 +00:00
pdontthink
5649dd2701 Update 2009-04-03 08:32:30 +00:00
pdontthink
266023c1b8 Updates 2009-04-02 00:40:45 +00:00
pdontthink
83854bb3e4 Add RFC 2231 support. Thanks to Piotr Pawlow. (#2501379) 2009-04-01 08:24:48 +00:00
pdontthink
66c769fc92 Moved documentation to doc/ directory and added example .htaccess files in all directories that browsers don't need direct access to 2009-03-26 22:35:06 +00:00
pdontthink
a6976d0b7b Move docs to doc/ directory 2009-03-26 21:38:33 +00:00
Renamed from ChangeLog (Browse further)