0ct0pu5/squirrelmail
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
14888 commits 3 branches 0 tags 27 MiB
Commit graph

103 commits

Author SHA1 Message Date
pdontthink
598a599ba3
Happy New Year 2025-01-03 11:47:03 -08:00
pdontthink
39cfdaadfd
Happy New Year 2024-01-02 14:58:16 -08:00
pdontthink
380afc7213
Happy New Year 2023-01-02 22:04:25 -08:00
pdontthink
bcdfe6e9f1
Happy New Year 2022-01-26 01:06:50 -08:00
pdontthink
c4ef1a0eea
Happy New Year 2021-02-05 11:55:37 -08:00
pdontthink
fc283980d0
Happy New Year 2020-01-07 00:12:38 -08:00
pdontthink
fbcb1ca1f5
Happy New Year 2019-01-07 21:55:08 -08:00
pdontthink
23cd61b628 Happy New Year 2018-01-16 23:44:07 +00:00
pdontthink
9597f1a963 May as well grab offset info too 2017-11-10 02:39:26 +00:00
pdontthink
157e472108 Make server TZ available after it is changed 2017-05-02 19:55:46 +00:00
pdontthink
6cd24c0552 Happy 2017 2017-01-27 20:34:08 +00:00
pdontthink
2934017d92 Happy New Year 2016-01-01 20:59:53 +00:00
pdontthink
3b465a0d0f Happy 2015 2015-01-03 04:09:49 +00:00
pdontthink
581dc23061 Happy 2014 2014-01-01 20:33:20 +00:00
Fredrik Jervfors
c076a1f1ae Update copyright 2013-07-26 17:31:02 +00:00
Thijs Kinkhorst
efd75f4867 Replace calls to htmlspecialchars() with sm_encode_html_special_chars(). 
New function sm_encode_html_special_chars() encodes HTML special
characters by calling htmlspecialchars(). It sets the character set
to ISO-8859-1, to fix compatibility with PHP >= 5.4.

Patch by Paul Lesniewski.

See #3491925
 2012-12-09 12:06:30 +00:00
pdontthink
209efe7644 Separate E_STRICT reporting from E_ALL in internal debug mode (E_STRICT is included in E_ALL only as of PHP 5.4.0) 2012-07-28 05:57:50 +00:00
pdontthink
acc409fb2a Updating copyrights. Happy New Year. 2012-01-02 02:09:17 +00:00
pdontthink
fc57bf2b59 Happy New Year! 2011-01-06 03:16:21 +00:00
pdontthink
b1e39e16f1 Aggressive sanitizing of REQUEST_URI, PHP_SELF, and QUERY_STRING corrupted page URIs by encoding ampersands in the query string, so we have to un-sanitize ampersands. Will this cause any security/XSS issues? 2010-06-26 10:15:49 +00:00
pdontthink
b786dff83a Avoid notices in some environments 2010-01-27 23:36:52 +00:00
pdontthink
e4c71602cd REQUEST_URI is used in php_self(), so make sure it's sanitized too 2010-01-27 23:05:18 +00:00
pdontthink
7aa0e60863 Update copyrights to 2010 2010-01-25 03:23:30 +00:00
Fredrik Jervfors
134d462c94 The copyright symbol isn't really needed since the word "copyright" is there. Also it doesn't display right in the documentation. 2009-09-29 12:15:33 +00:00
pdontthink
585c624f80 Implemented page referal verification mechanism. (Secunia Advisory SA34627) 2009-08-12 08:20:46 +00:00
pdontthink
7e85ed842b Fixed improper sanitizing of PHP_SELF and the lack of sanitizing of QUERY_STRING server environment variables. Thanks to Niels Teusink and Christian Balzer. (CVE-2009-1578) 2009-05-11 21:49:23 +00:00
pdontthink
7d285b51a0 Fix HTTPS detection under Windows IIS (#2318118) 2008-11-26 02:56:42 +00:00
pdontthink
d01c63496a The random number seed generator was creating float values that, when fed to mt_srand(), which expects an integer, were seen as zero on some systems because it was such a large number. This fix takes a sub-string of the seed's MD5 before converting it to an integer in order to fix that problem. 2008-11-20 22:32:32 +00:00
pdontthink
bf4627edd2 Add a functions file for file utility functions (say that 10 times fast) along with some new file functions 2008-11-20 21:46:12 +00:00
pdontthink
f211155993 Add global variable indicating server OS 2008-11-20 20:05:35 +00:00
pdontthink
9682ef20f6 Add native output buffering capability. 2008-09-24 03:24:08 +00:00
pdontthink
5ab583832d Fix session autostart code - session_name() return value does not indicate session has started; Remove dead code (cookie cleanup) 2008-09-23 01:12:29 +00:00
pdontthink
2b7b60067b Removing irrelevant comments 2008-09-19 00:22:16 +00:00
pdontthink
68e7ef6f2e RPC requests should use their own template sets with different content-type. 2008-09-10 06:48:00 +00:00
pdontthink
fa7436a9de Allow template sets to define what the content-type of their output is. 2008-09-10 03:04:14 +00:00
Thijs Kinkhorst
833746dca6 rework seed generation: this is something that really belongs in init.php 
so do it there. Input enough random components from diferent dimensions,
so hard to predict.
 2008-08-21 12:16:20 +00:00
pdontthink
46b21f8d48 Fix prefs_backend hook and remove config_override hook - plugin authors take note 2008-07-03 01:08:25 +00:00
Thijs Kinkhorst
8f8a7ea706 get_magic_quotes_* functions deprecated in PHP 5.3.x. Check for 
existance and ignore deprecation warnings.
 2008-03-03 14:03:22 +00:00
pdontthink
642f901396 A few output elements are used often, so just retrieve them once and make them globally available 2008-01-06 06:01:10 +00:00
pdontthink
a5ae8eddb5 Comment and linguistic fixes 2008-01-04 04:12:12 +00:00
pdontthink
55de62d7d3 Adding debug mode to core. Please run the configuration utility once after retrieving this update. Note that this update includes a change that makes it possible to use SquirrelMail constants in the configuration file(s). 2007-11-27 09:12:05 +00:00
pdontthink
23efc6b619 Fixed mailto: again. Should work with all the cc, bcc, subject parameters as well. Sample Windows registry entry for HKEY_CLASSES_ROOT\mailto\shell\open\command is "C:\Program Files\Mozilla Firefox\firefox.exe" "http://example.org/webmail/src/mailto.php?emailaddress=%1" or "C:\Program Files\Internet Explorer\IEXPLORE.EXE" "http://example.org/webmail/src/mailto.php?emailaddress=%1" 2007-11-27 01:50:43 +00:00
pdontthink
990a2741a3 Allow custom session handlers to work correctly (and be defined at the application level with SquirrelMail) -- TODO: Cannot forget to add info about this to the docs! 2007-11-02 18:51:38 +00:00
pdontthink
68a5991e02 Add note that config_override should probably be removed pending previous noted fix 2007-11-01 19:53:00 +00:00
pdontthink
e932e013ab Add note about erroneous hook placement - PLEASE read the comment and reply if you have any input 2007-11-01 19:34:39 +00:00
pdontthink
b0dbc77d53 Minor wording and spacing fixes 2007-08-31 23:21:17 +00:00
pdontthink
b80d382d2a Make sure to use correct template set after login 2007-08-29 07:24:27 +00:00
pdontthink
13d8258aec Make session restore work in compose_in_new. Cannot do login session reset until after correct session has been started once. 2007-08-28 23:36:51 +00:00
pdontthink
a8acce202c Finally fix up session restore functionality. Move session handling from login.php into init.php and fix the mess in redirect.php. There are some important notes that need to be reviewed in redirect.php, which I am including here to get your attention: FIXME! IMPORTANT! SOMEONE PLEASE EXPLAIN THE SECURITY CONCERN HERE; THIS session_destroy() BORKS ANY SESSION INFORMATION ADDED ON THE LOGIN PAGE (SPECIFICALLY THE SESSION RESTORE DATA, BUT ALSO ANYTHING ADDED BY PLUGINS, ETC)... I HAVE DISABLED THIS (AND NOTE THAT THE LOGIN PAGE ALREADY EXECUTES A session_destroy() (see includes/init.php)), SO PLEASE, WHOEVER ADDED THIS, PLEASE ANALYSE THIS SITUATION AND COMMENT ON IF IT IS OK LIKE THISsvn diff include/init.php src/login.php src/redirect.php src/compose.php WHAT HIJACKING ISSUES ARE WE SUPPOSED TO BE PREVENTING HERE? 2007-08-28 21:31:04 +00:00
pdontthink
af9ab09c24 Fix mixup of session restore location 2007-08-28 20:09:41 +00:00