0ct0pu5/squirrelmail
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
14888 commits 3 branches 0 tags 27 MiB
Commit graph

3121 commits

Author SHA1 Message Date
pdontthink
55cfe728a0 Now fill in default subject when forwarding as attachment (#2936541) 2010-06-21 08:16:05 +00:00
pdontthink
6a87c99bc2 Reduced default time security tokens stay valid from 30 days to 2 days (reduces chances of session data growing too large) 2010-06-21 07:01:16 +00:00
pdontthink
e85832efce Synchronize no-cache headers. This reverses revision 13940 because no-cahce headers were already being sent in displayHtmlHeader() for left_main.php and right_main.php (the tracker referred to in that revision only applies to SquirrelMail 1.4.x). 2010-06-21 00:39:12 +00:00
Thijs Kinkhorst
a9d46c71ad Send X-DNS-Prefetch-Control: off header to browsers to prevent information 
leakage when Firefox does DNS prefetching for URL's contained in emails.
https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail
 2010-02-13 16:27:52 +00:00
pdontthink
a651189f84 Multibyte strings (notably subjects) are now handled correctly (#2824813, #2925731) 2010-02-04 20:05:51 +00:00
pdontthink
83236fcc19 Encoded From headers now properly quoted (#2830141). A better fix might be to re-write encodeHeader() 2010-01-30 17:10:07 +00:00
pdontthink
7aa0e60863 Update copyrights to 2010 2010-01-25 03:23:30 +00:00
pdontthink
d4ceecd391 Slight rewrite of php_self() 2010-01-24 23:26:33 +00:00
pdontthink
cb5a6093d9 Make php_self() more robust. Seems to fix certain lighttpd issues, such as probably #1741469 2010-01-21 14:40:52 +00:00
jangliss
191a822dcc Fix for mailto: URLs containing a + sign. Thanks to Michael Puls II for the patch. 2010-01-19 03:17:14 +00:00
pdontthink
172b91e466 Quote dynamic regex contents to be safe. Thanks to Daniel Hahler. 2010-01-05 08:58:04 +00:00
Thijs Kinkhorst
e895b91d5d need to move strtolower inside if-block to prevent notice when attached 
file has no extention
 2009-11-27 09:25:08 +00:00
pdontthink
a5644b2e2d NULL not accepted as a replacement for empty arrays as of PHP 5.3 2009-11-01 08:02:25 +00:00
pdontthink
39008a1693 Avoid prefixing global $check_referrer value with protocol prefix - use local variable instead 2009-10-12 22:11:35 +00:00
pdontthink
3c1837c21b Fix wrong doc 2009-10-04 22:58:41 +00:00
Fredrik Jervfors
1e590d028b Adding and improving comments. 2009-09-29 12:37:05 +00:00
Fredrik Jervfors
134d462c94 The copyright symbol isn't really needed since the word "copyright" is there. Also it doesn't display right in the documentation. 2009-09-29 12:15:33 +00:00
pdontthink
09891dc083 Fix broken'Thread' and the no-javascript 'All' links (add security tokens) 2009-09-19 20:22:15 +00:00
pdontthink
ab0d2b2c66 Fix broken search pagination (add security tokens) 2009-09-19 20:11:13 +00:00
pdontthink
8ee030800c Delete requests can come via GET or POST 2009-08-17 23:47:07 +00:00
pdontthink
4c66f74f5c Protect message deletion with security token system. (Secunia Advisory SA34627) 2009-08-17 23:18:47 +00:00
pdontthink
04498a59be Correct documentation 2009-08-12 08:36:13 +00:00
pdontthink
b28d767437 Implemented security token system. (Secunia Advisory SA34627) 2009-08-12 08:28:38 +00:00
pdontthink
585c624f80 Implemented page referal verification mechanism. (Secunia Advisory SA34627) 2009-08-12 08:20:46 +00:00
pdontthink
08fc33cf6c Fix incorrect stristr() parameter order 2009-08-10 23:18:20 +00:00
pdontthink
dab583acb0 Don't encode stuff that's used in hyperlink addresses 2009-08-08 20:15:19 +00:00
pdontthink
beff3aec0d Fix broken regular expression 2009-08-01 19:17:55 +00:00
pdontthink
ccac44cd17 Fix broken regular expression 2009-08-01 19:15:13 +00:00
pdontthink
ec7a4430aa This time really make abook files get created with correct permissions 2009-07-29 03:35:07 +00:00
pdontthink
bc3fb36016 Stop using deprecated ereg() functions (#2820952) 2009-07-29 01:55:21 +00:00
pdontthink
35ee98eeb8 PHP 5.3 deprecated ereg() function (#2820952) 2009-07-28 23:13:45 +00:00
pdontthink
79cebcc00d Port Thijs fix (rev.13790) to DEVEL: no words must be an empty array, not a string, to prevent notices when later array operations are done on $words. 2009-07-28 22:50:12 +00:00
Fredrik Jervfors
2ff6db700e Adding comments to the translators. 2009-05-28 06:22:05 +00:00
pdontthink
e4156b6cb1 QUERY_STRING is already sanitized 2009-05-26 18:05:35 +00:00
Thijs Kinkhorst
e6f959fbd1 add more labling for options pages 2009-05-24 10:00:10 +00:00
Thijs Kinkhorst
6f1f3d6b35 The shell escaping fix in map_yp_alias (CVE-2009-1579) was incomplete. 
Thanks Michal Hlavinka for noticing this. [CVE-2009-1381]
 2009-05-21 17:11:22 +00:00
pdontthink
683f761cc1 Add FIXME 2009-05-20 17:22:31 +00:00
pdontthink
84a468306b Clarify docs and use correct $nbsp 2009-05-14 17:20:47 +00:00
pdontthink
10804e03a1 Always generate $base_uri for every page request as opposed to doing it only on some pages. Always regenerate session ID at login to prevent session fixation by an attacker who has set a malicious cookie on the client browser. Try to clean up extraneous cookies, such as ones some browsers might actually obey from the src/ directory. Thanks to Tomas Hoger. (CVE-2009-1580) 2009-05-11 22:50:16 +00:00
pdontthink
eda7b9b157 OMG - unsanitized shell command. Thanks to Niels Teusink. (CVE-2009-1579) 2009-05-11 22:17:46 +00:00
pdontthink
dba77072d2 Dunno why this was never implemented, but the comments say it's OK, so here goes... 2009-05-11 22:08:25 +00:00
pdontthink
d0fd71bf6e Remove ability for HTML emails to use CSS positioning to overlay SquirrelMail content. Thanks to Luc Beurton. (#2723196/CVE-2009-1581) 2009-05-11 21:19:52 +00:00
pdontthink
7443fe3229 Stop using session_unregister() 2009-05-08 17:53:37 +00:00
pdontthink
930f6456fc Reduce confusion about what user is running the web server 2009-04-28 22:03:23 +00:00
pdontthink
4e08ebbbc0 Add display indicator for forwarded messages 2009-04-17 10:49:38 +00:00
pdontthink
5b84abc4c7 Fix: Messages forwarded as attachments from message list were not getting flagged as forwarded 2009-04-17 05:46:18 +00:00
Fredrik Jervfors
0a6245814a There are too many modified files being committed without the copyright year being updated, so here's a copyright year update the old-fashioned style. 2009-04-15 22:00:49 +00:00
pdontthink
ffc720544d Translate special folders doesn't mean translate any folder 2009-04-06 10:48:28 +00:00
pdontthink
c07775cdaa Moving function to its rightful place 2009-04-05 04:26:27 +00:00
pdontthink
c3051ee704 FIXME 2009-04-05 04:13:39 +00:00