0ct0pu5/squirrelmail
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
14888 commits 3 branches 0 tags 27 MiB
Commit graph

347 commits

Author SHA1 Message Date
pdontthink
3e5f552776 Unify address book searches. See ChangeLog comments. Also, fixed bug wherein file backend wasn't escaping regular expression correctly. File based backend used to search all fields at once, concatenated by spaces, which 'worked', but is misleading and nothing like the other backends. 2011-12-28 02:59:31 +00:00
pdontthink
ca4a7512dc Verify Reply To still has its uses 2011-11-29 13:13:42 +00:00
pdontthink
c438744674 Ensure that Reply-To isn't missing domain - we already do the same for the From header in functions/identity.php 2011-11-29 12:44:31 +00:00
pdontthink
d7ee5f0bba Fix hook name clash: new smtp_auth hook added recently (a few months ago) has been renamed to smtp_authenticate 2011-09-05 07:00:18 +00:00
Thijs Kinkhorst
268dd25b44 document cve id's for posterity 2011-07-26 20:28:11 +00:00
pdontthink
9b7080ad98 Fix XSS problem with unsanitized style tags in messages [CVE-2011-2023] 2011-07-12 04:59:12 +00:00
pdontthink
e61d33ae49 Fix XSS holes in generic options inputs, XSS hole in the SquirrelSpell plugin, and added anti-CSRF protection to the empty trash feature (thanks to Nicholas Carlini for finding all these issues) [CVE-2010-4555] 2011-07-12 04:45:49 +00:00
pdontthink
361b09f7a2 Add clickjacking protection (thanks to Asbjorn Thorsen and Geir Hansen for bringing this to our attention) [CVE-2010-4554] 2011-07-12 03:44:23 +00:00
pdontthink
76e21b5573 Allow administrators to configure subfolders of user INBOXes to be treated as special folders by adding $subfolders_of_inbox_are_special to config_local.php 2011-05-03 06:05:08 +00:00
pdontthink
eee0c34977 Add smtp_auth hook (thanks to Emmanuel Dreyfus) 2011-04-02 19:19:45 +00:00
pdontthink
fc57bf2b59 Happy New Year! 2011-01-06 03:16:21 +00:00
pdontthink
c4785809ee Force the addition of a file suffix to attachments that lack a filename (helps forwarded messages avoid spam filters) (Thanks to Petr Kletecka) (#3139004) 2010-12-17 21:41:39 +00:00
pdontthink
d31ba01582 Fix sqauth_read_password() for plugins running on the login_verified hook when the 'key' cookie isn't yet set 2010-09-25 04:08:03 +00:00
pdontthink
35efbd5e30 Now allow multiple plugins to handle (add links for) a single attachment MIME type 2010-09-12 06:02:18 +00:00
pdontthink
1b8c0c2308 Fixed system lock-ups caused by a combination of certain rare, malformed message headers and buggy versions of PHP mbstring (#3053349, 987016) 2010-09-03 03:09:51 +00:00
pdontthink
75e709daea Retiring Seth per his request 2010-07-22 01:24:53 +00:00
pdontthink
44c2b2187a Fix attachment filename decoding (#2994865) 2010-07-21 19:19:07 +00:00
pdontthink
7cab7f11c4 Fix issues caused by use of PostgreSQL keyword 'user' in SquirrelMail's default preferences database schema (#2943483) 2010-07-21 07:06:12 +00:00
pdontthink
df33f83d11 Add information about online documentation 2010-07-21 06:14:08 +00:00
pdontthink
c11a9c5420 Retire Marc. We should probably retire some others who haven't contributed in the last few years 2010-07-21 05:46:42 +00:00
pdontthink
55cfe728a0 Now fill in default subject when forwarding as attachment (#2936541) 2010-06-21 08:16:05 +00:00
pdontthink
e560eba6a3 Now properly quote personal part of encoded addresses when replying 2010-06-21 07:58:11 +00:00
pdontthink
8e90c103d4 Fixed minor vulnerability in Mail Fetch plugin [CVE-2010-1637/TEHTRI-SA-2010-009] 2010-06-21 07:18:55 +00:00
pdontthink
6a87c99bc2 Reduced default time security tokens stay valid from 30 days to 2 days (reduces chances of session data growing too large) 2010-06-21 07:01:16 +00:00
pdontthink
e85832efce Synchronize no-cache headers. This reverses revision 13940 because no-cahce headers were already being sent in displayHtmlHeader() for left_main.php and right_main.php (the tracker referred to in that revision only applies to SquirrelMail 1.4.x). 2010-06-21 00:39:12 +00:00
jangliss
3dc0e61960 - Fix error with SpamCop reporting plugin not being able to send report as 
emails (#1795310).
  - Fix typo in SpamCop plugin.
  - Tidy some output (slightly personal to stop Eclipse complaining about errors in the code)
 2010-06-20 16:58:46 +00:00
jangliss
360e86143a Explicitly disable caching for left_main and right_main pages (#2983134) 2010-06-20 14:37:16 +00:00
pdontthink
71d5bdf227 Grammar 2010-02-13 23:13:56 +00:00
pdontthink
ff7e42bca1 Added ability to configure Google Mail (Gmail) as the mail server behind SquirrelMail 2010-02-13 23:11:28 +00:00
Thijs Kinkhorst
a9d46c71ad Send X-DNS-Prefetch-Control: off header to browsers to prevent information 
leakage when Firefox does DNS prefetching for URL's contained in emails.
https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail
 2010-02-13 16:27:52 +00:00
pdontthink
a651189f84 Multibyte strings (notably subjects) are now handled correctly (#2824813, #2925731) 2010-02-04 20:05:51 +00:00
pdontthink
83236fcc19 Encoded From headers now properly quoted (#2830141). A better fix might be to re-write encodeHeader() 2010-01-30 17:10:07 +00:00
pdontthink
7aa0e60863 Update copyrights to 2010 2010-01-25 03:23:30 +00:00
pdontthink
64202ea4f4 Make base URL autodetection more robust (probably #1741469). Sorry, this should have been included in the last commit. 2010-01-21 14:55:19 +00:00
jangliss
191a822dcc Fix for mailto: URLs containing a + sign. Thanks to Michael Puls II for the patch. 2010-01-19 03:17:14 +00:00
jangliss
fe144bc255 Fix for security token missing in newmail plugin (#2919418). 2009-12-22 17:15:34 +00:00
jangliss
aeef8c04ba Fix issue with multi-part related messages not showing all attachments (#2830140). 2009-11-22 16:19:52 +00:00
Fredrik Jervfors
134d462c94 The copyright symbol isn't really needed since the word "copyright" is there. Also it doesn't display right in the documentation. 2009-09-29 12:15:33 +00:00
pdontthink
b28d767437 Implemented security token system. (Secunia Advisory SA34627) 2009-08-12 08:28:38 +00:00
pdontthink
585c624f80 Implemented page referal verification mechanism. (Secunia Advisory SA34627) 2009-08-12 08:20:46 +00:00
pdontthink
6092b83f73 Remove personal data from Message ID seed. (#880029/847107) 2009-07-31 05:23:04 +00:00
pdontthink
bc3fb36016 Stop using deprecated ereg() functions (#2820952) 2009-07-29 01:55:21 +00:00
pdontthink
9eb98bb9a1 Remove possible bad system admin typos (#2827153). 2009-07-28 23:24:11 +00:00
jangliss
df73f17aef Fixed broken RFC1918 reference in contrib/.htaccess and doc/.htaccess (#2798839). 
This probably needs further discussion
 2009-06-02 02:10:56 +00:00
Fredrik Jervfors
0be42f8b9b Removing the shut down DSBL blocklists. Thanks to Martin Jalakas for the report (#2796734). 2009-05-26 11:52:09 +00:00
jangliss
278e0f1e3a Fix for bug_report plugin not handling multiple values for same key (AUTH= AUTH=) 2009-05-24 06:08:56 +00:00
Thijs Kinkhorst
6f1f3d6b35 The shell escaping fix in map_yp_alias (CVE-2009-1579) was incomplete. 
Thanks Michal Hlavinka for noticing this. [CVE-2009-1381]
 2009-05-21 17:11:22 +00:00
Thijs Kinkhorst
a869fd2529 update changelog 2009-05-21 10:23:43 +00:00
pdontthink
64d68af4df - Fixed the Filters plugin to allow commas in filter criteria text 2009-05-19 01:51:16 +00:00
jangliss
e14c336ac3 - Cleanup variable name in address search for compose to clearup confusion. 
- Remove Javascript from address search page when JavaScript is disabled.
  - Add "Check All" function to address book when using "in-page" addressbook.
 2009-05-17 00:38:30 +00:00