0ct0pu5/squirrelmail
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
14888 commits 3 branches 0 tags 27 MiB
Commit graph

139 commits

Author SHA1 Message Date
pdontthink
598a599ba3
Happy New Year 2025-01-03 11:47:03 -08:00
pdontthink
39cfdaadfd
Happy New Year 2024-01-02 14:58:16 -08:00
pdontthink
380afc7213
Happy New Year 2023-01-02 22:04:25 -08:00
pdontthink
bcdfe6e9f1
Happy New Year 2022-01-26 01:06:50 -08:00
pdontthink
57be9908a6
Browser seems to respond better when deleting the cookie if you void its value also; helps actually get the cookie to be removed even though this feels more like a browser problem... maybe it does not like a date in 1970? 2021-05-07 20:27:24 -07:00
pdontthink
f732572ecb
Add cookie SameSite attribute; uses default if "Strict" but can be overridden by $same_site_cookies in config_local.php 2021-05-07 03:31:11 -07:00
pdontthink
c4ef1a0eea
Happy New Year 2021-02-05 11:55:37 -08:00
pdontthink
d07d4c1fc3
Cache $PHP_SELF value, add ability to make custom changes to $PHP_SELF by putting $php_self_pattern and $php_self_replacement in config/config_local.php 2020-03-24 18:57:29 -07:00
pdontthink
fc283980d0
Happy New Year 2020-01-07 00:12:38 -08:00
pdontthink
fbcb1ca1f5
Happy New Year 2019-01-07 21:55:08 -08:00
pdontthink
23cd61b628 Happy New Year 2018-01-16 23:44:07 +00:00
pdontthink
6cd24c0552 Happy 2017 2017-01-27 20:34:08 +00:00
pdontthink
35657ece1a Per comments in the commit - setting the session cookie over and over can be troublesome, but doing the obvious and defaulting to *replace* cookies causes logins to fail due to something I don't care to debug - session cookie is complex through all the pages involved in a login request - instead we use a simple static cache to prevent useless duplicate cookie headers 2016-04-06 05:33:06 +00:00
pdontthink
2934017d92 Happy New Year 2016-01-01 20:59:53 +00:00
pdontthink
3b465a0d0f Happy 2015 2015-01-03 04:09:49 +00:00
pdontthink
581dc23061 Happy 2014 2014-01-01 20:33:20 +00:00
Fredrik Jervfors
c076a1f1ae Update copyright 2013-07-26 17:31:02 +00:00
Thijs Kinkhorst
efd75f4867 Replace calls to htmlspecialchars() with sm_encode_html_special_chars(). 
New function sm_encode_html_special_chars() encodes HTML special
characters by calling htmlspecialchars(). It sets the character set
to ISO-8859-1, to fix compatibility with PHP >= 5.4.

Patch by Paul Lesniewski.

See #3491925
 2012-12-09 12:06:30 +00:00
pdontthink
acc409fb2a Updating copyrights. Happy New Year. 2012-01-02 02:09:17 +00:00
pdontthink
fc57bf2b59 Happy New Year! 2011-01-06 03:16:21 +00:00
pdontthink
7aa0e60863 Update copyrights to 2010 2010-01-25 03:23:30 +00:00
pdontthink
d4ceecd391 Slight rewrite of php_self() 2010-01-24 23:26:33 +00:00
pdontthink
cb5a6093d9 Make php_self() more robust. Seems to fix certain lighttpd issues, such as probably #1741469 2010-01-21 14:40:52 +00:00
pdontthink
a5644b2e2d NULL not accepted as a replacement for empty arrays as of PHP 5.3 2009-11-01 08:02:25 +00:00
Fredrik Jervfors
1e590d028b Adding and improving comments. 2009-09-29 12:37:05 +00:00
Fredrik Jervfors
134d462c94 The copyright symbol isn't really needed since the word "copyright" is there. Also it doesn't display right in the documentation. 2009-09-29 12:15:33 +00:00
pdontthink
683f761cc1 Add FIXME 2009-05-20 17:22:31 +00:00
pdontthink
10804e03a1 Always generate $base_uri for every page request as opposed to doing it only on some pages. Always regenerate session ID at login to prevent session fixation by an attacker who has set a malicious cookie on the client browser. Try to clean up extraneous cookies, such as ones some browsers might actually obey from the src/ directory. Thanks to Tomas Hoger. (CVE-2009-1580) 2009-05-11 22:50:16 +00:00
pdontthink
7443fe3229 Stop using session_unregister() 2009-05-08 17:53:37 +00:00
Fredrik Jervfors
0a6245814a There are too many modified files being committed without the copyright year being updated, so here's a copyright year update the old-fashioned style. 2009-04-15 22:00:49 +00:00
pdontthink
3bdb47ac83 Add typecast type for bigint 2009-01-23 20:42:43 +00:00
pdontthink
03b26f2c81 Sync with 1.4.x wherein REQUEST_URI isn't always trustable under some PHP versions for use as our PHP_SELF variable value 2008-12-05 08:41:09 +00:00
pdontthink
7f8dd6cd77 Put info about the user/group of the web server in the configtest. Grabbing that info is implemented as a core function so plugins (such as ones that need to check SUID script permissions) can also make use of it. 2008-12-04 09:35:41 +00:00
pdontthink
7d285b51a0 Fix HTTPS detection under Windows IIS (#2318118) 2008-11-26 02:56:42 +00:00
pdontthink
bf4627edd2 Add a functions file for file utility functions (say that 10 times fast) along with some new file functions 2008-11-20 21:46:12 +00:00
pdontthink
d7f614d31b Forgot @since info for sqsetcookie 2008-11-20 20:08:16 +00:00
pdontthink
36a6401ac7 Remove obsolete comments 2008-09-26 19:09:30 +00:00
pdontthink
cb1d5f52ff Make more readable; expose header replace parameter when setting cookies 2008-09-26 19:08:20 +00:00
pdontthink
cfcffdbead Use sqsetcookie(), not setcookie() 2008-09-24 19:58:23 +00:00
Thijs Kinkhorst
833746dca6 rework seed generation: this is something that really belongs in init.php 
so do it there. Input enough random components from diferent dimensions,
so hard to predict.
 2008-08-21 12:16:20 +00:00
Thijs Kinkhorst
1413ea0073 use our existing random seeder function 2008-08-21 11:33:11 +00:00
pdontthink
ea52535e53 Added "Secured Configuration" mode 2008-01-13 04:09:43 +00:00
pdontthink
dbbbf4ce15 sqsetcookie is called every time sqsession_is_active is called, which results in headers-already-sent notices after output has been initiated... here is a fix 2008-01-06 04:42:42 +00:00
jangliss
8ef79891ad Added code to stop PHP using 'deleted' as a value for the session cookies on expiring them, and forcing a really old date for the expiry time (#1829098). 2007-11-28 02:46:02 +00:00
pdontthink
55de62d7d3 Adding debug mode to core. Please run the configuration utility once after retrieving this update. Note that this update includes a change that makes it possible to use SquirrelMail constants in the configuration file(s). 2007-11-27 09:12:05 +00:00
pdontthink
d54a607107 Adding new function that allows us to stop using the @ error suppression operator but still keep notices and errors off screen. Includes two sample uses: file uploads on the compose screen and session_start(), although the latter is very noisy in both the logs and in DEVEL's on-screen developer error handler display. It might be best to add a flag to turn these errors off in the logs too. 2007-11-13 00:11:15 +00:00
pdontthink
f583a44d45 Was a nice idea, but not all that useful and some processes might hang under certain conditions; remove all the sq_popen() stuff. 2007-07-19 12:28:16 +00:00
pdontthink
f3d08902ec Typos in sqsetcookie. This might explain a few things. :-) 2007-07-01 07:28:59 +00:00
pdontthink
85527a0081 Few tweaks to list_files() and add new sq_popen() and friends. PLEASE NOTE that the lass commit mistakenly added sq_htmlspecialchars(), but I think we can leave it in. 2007-06-24 05:39:04 +00:00
pdontthink
b060e92949 Handle change of behavior with session ID being left after session close (see #1685031) 2007-03-29 21:03:53 +00:00