diff options
| author | thomascube <thomas@roundcube.net> | 2009-09-04 10:58:29 +0000 |
|---|---|---|
| committer | thomascube <thomas@roundcube.net> | 2009-09-04 10:58:29 +0000 |
| commit | a0630561cffdb366385a2c19d0ad167ee575e61f (patch) | |
| tree | 6e3d5aa2908e891b16d9d650aa522a2e69286edb | |
| parent | df5f7326f33f7741571f0df273de8cd9abb5a344 (diff) | |
Removed development stuff and updated versionsv0.3-stable@2921
| -rw-r--r-- | CHANGELOG | 560 | ||||
| -rw-r--r-- | README | 15 | ||||
| -rw-r--r-- | bin/dumpschema.php | 101 | ||||
| -rwxr-xr-x | bin/makedoc.sh | 34 | ||||
| -rw-r--r-- | index.php | 2 | ||||
| -rwxr-xr-x | program/include/iniset.php | 2 | ||||
| -rw-r--r-- | tests/mailfunc.php | 119 | ||||
| -rw-r--r-- | tests/modcss.php | 45 | ||||
| -rwxr-xr-x | tests/runtests.sh | 53 | ||||
| -rw-r--r-- | tests/src/BID-26800.txt | 52 | ||||
| -rw-r--r-- | tests/src/htmlbody.txt | 51 | ||||
| -rw-r--r-- | tests/src/htmlxss.txt | 22 | ||||
| -rw-r--r-- | tests/src/plainbody.txt | 37 | ||||
| -rw-r--r-- | tests/src/valid.css | 30 |
14 files changed, 6 insertions, 1117 deletions
@@ -1,4 +1,4 @@ -CHANGELOG RoundCube Webmail +CHANGELOG Roundcube Webmail (release 0.3-stable) =========================== - Fix gn and givenName should be synonymous in LDAP addressbook (#1485892) @@ -33,562 +33,4 @@ CHANGELOG RoundCube Webmail - Fix charset names with X- prefix handling - Fix displaying of HTML messages with unknown/malformed tags (#1486003) -RELEASE 0.3-RC1 ---------------- -- Fix import of vCard entries with params (#1485453) -- Fix HTML messages output with empty block elements (#1485974) -- Use request tokens to protect POST requests from CSFR -- Added hook when killing a session -- Added hook to write_log function (#1485971) -- Performance improvements by use UID commands (#1485690) -- Fix HTML editor tabIndex setting (#1485972) -- Added 'imap_debug' and 'smtp_debug' options -- Support strftime's format modifiers in date_* options (#1484806) -- Support %h variable in 'smtp_server' option (#1485766) -- Show SMTP errors in browser (#1485927) -- Allow WBR tag in HTML message (#1485960) -- Use spl_autoload_register() instead of __autoload (#1485947) -- Add hook for identities listing (#1485958) -- Trigger hook 'smtp_connect' when opening an SMTP connection (#1485954) -- Added config option to enforce HTTPS connections -- Fix non-unicode characters caching in unicode database (#1484608) -- Performance improvements of messages caching -- Fix empty Date header issue (#1485923) -- Open collapsed folders during drag & drop (#1485914) -- Fixed link text replacements (#1485789) -- Also trigger 'insertrow' events on page load (#1485826) -- No link on subject in IE browsers (#1484913) -- Fixed filename encoding according to RFC2231 (#1485875) -- Added message Edit feature (#1483891, #1484440) -- Fix message Etag generation for counter issues (#1485623) -- Fix messages searching on MailEnable IMAP (#1485762) -- Fixed many 'skip_deleted' issues (#1485634) -- Fixed messages list sorting on servers without SORT capability -- Colorized signatures in plain text messages -- Reviewed/fixed skip_deleted/read_when_deleted/flag_for_deletion options handling in UI -- Fix displaying of big maximum upload filesize (#1485889) -- Added possibility to invert messages selection -- After move/delete from 'show' action display next message instead of messages list (#1485887) -- Fixed problem with double quote at the end of folder name (#1485884) -- Speedup UI by using CSS sprites and etags/expires/deflate in Apache config (#1484858,#1485800) -- Support UID EXPUNGE: remove only moved/deleted messages -- Add drag cancelling with ESC key (#1484344) -- Support initial identity name from virtuser_query (#1484003) -- Added message menu, removed Print and Source buttons -- Added possibility to save message as .eml file (#1485861) -- Added 1 minute interval in autosave options (#1485854) -- Support UTF-7 encoding in messages (#1485832) -- Better support for malformed character names (#1485758) - -RELEASE 0.3-BETA ----------------- -- Plugin API + jQuery engine -- Added possibility to encrypt received header, option 'http_received_header_encrypt', - added some more logic in encrypt/decrypt functions for security -- Fix Answered/Forwarded flag setting for messages in subfolders -- Fix autocomplete problem with capital letters (#1485792) -- Support UUencode content encoding (#1485839) -- Minimize chance of race condition in session handling (#1485659, #1484678) -- Fix session handling on non-session SQL query error (#1485734) -- Fix html editor mode setting when reopening draft message (#1485834) -- Added quick search box menu (#1484304) -- Fix wrong column sort order icons (#1485823) -- Updated TinyMCE to 3.2.3 version -- Fix attachment names encoding when charset isn't specified in attachment part (#1484969) -- Fix message normal priority problem (#1485820) -- Fix autocomplete spinning wheel does not disappear (#1485804) -- Added log_date_format option (#1485709) -- Fix text wrapping in HTML editor after switching from plain text to HTML (#1485521) -- Fix auto-complete function hangs with plus sign (#1485815) -- Fix AJAX requests errors handler (#1485000) -- Speed up message list displaying on IE -- Fix read/write database recognition (#1485811) - -RELEASE 0.2.2 -------------- -- Fix quicksearchbox look in Chrome and Konqueror (#1484841) -- Fix UTF-8 byte-order mark removing (#1485514) -- Fix folders subscribtions on Konqueror (#1484841) -- Fix debug console on Konqueror and Safari -- Fix messagelist focus issue when modifying status of selected messages (#1485807) -- Support STARTTLS in IMAP connection (#1485284) -- Fix DEL key problem in search boxes (#1485528) -- Support several e-mail addresses per user from virtuser_file (#1485678) -- Fix drag&drop with scrolling on IE (#1485786) -- Fix adding signature separator in html mode (#1485350) -- Fix opening attachment marks message as read (#1485803) -- Fix 'temp_dir' does not support relative path under Windows (#1484529) -- Fix "Initialize Database" button missing from installer (#1485802) -- Fix compose window doesn't fit 1024x768 window (#1485396) -- Fix service not available error when pressing back from compose dialog (#1485552) -- Fix using mail() on Windows (#1485779) -- Fix word wrapping in message-part's <PRE>s for printing (#1485787) -- Fix incorrect word wrapping in outgoing plaintext multibyte messages (#1485714) -- Fix double footer in HTML message with embedded images -- Fix TNEF implementation bug (#1485773) -- Fix incorrect row id parsing for LDAP contacts list (#1485784) -- Fix 'mode' parameter in sqlite DSN (#1485772) - -RELEASE 0.2.1 ------------------- -- Use US-ASCII as failover when Unicode searching fails (#1485762) -- Fix errors handling in IMAP command continuations (#1485762) -- Fix FETCH result parsing for servers returning flags at the end of result (#1485763) -- Fix datetime columns defaults in mysql's DDL (#1485641) -- Fix attaching more than nine inline images (#1485759) -- Support 'UNICODE-1-1-UTF-7' alias for UTF-7 encoding (#1485758) -- Fix mime-type detection using a hard-coded map (#1485311) -- Don't return empty string if charset conversion failed (#1485757) -- Disable concurrent autocomplete query results display (#1485743) -- Fix new lines stripped from message footer (#1485751) -- Fix IE problem with mouse click autocomplete (#1485739) -- Fix html body washing on reply/forward + fix attachments handling (#1485676) -- Fix multiple recipients input parsing (#1485733) -- Fix replying to message with html attachment (#1485676) -- Use default_charset for messages without specified charset (#1485661, #1484961) -- Support non-standard "GMT-XXXX" literal in date header (#1485729) -- Added TNEF support to decode MS Outlook attachments (winmail.dat) -- Fix "value continuation" MIME headers by adding required semicolon (#1485727) -- Fix pressing select all/unread multiple times (#1485723) -- Fix selecting all unread does not honor new messages (#1485724) -- Fix some base64 encoded attachments handling (#1485725) -- Support NGINX as IMAP backend: better BAD response handling (#1485720) -- Performance fix: don't fetch attachment parts headers twice to parse filename -- Fix checking for recent messages on various IMAP servers (#1485702) -- Performance fix: Don't fetch quota and recent messages in "message view" mode -- Fix displaying of alternative-inside-alternative messages (#1485713) -- Fix MDNSent flag checking, use arbitrary keywords (asterisk) flag (#1485706) -- Fix creation of folders with '&' sign in name -- Fix parsing of email addresses without angle brackets (#1485693) -- Save spellcheck corrections when switching from plain to html editor (and spellchecking is on) -- Fix large search results on server without SORT capability (#1485668) -- Get rid of preg_replace() with eval modifier and create_function usage (#1485686) -- Bring back <base> and <link> tags in HTML messages -- Fix XSS vulnerability through background attributes as reported by Julien Cayssol -- Fix problems with backslash as IMAP hierarchy delimiter (#1484467) -- Secure vcard export by getting rid of preg's 'e' modifier use (#1485689) -- Fix authentication when submitting form with existing session (#1485679) -- Allow absolute URLs to images in HTML messages/sigs (#1485666) -- Fix message body which contains both inline attachments and emotions -- Fix SQL query execution errors handling in rcube_mdb2 class (#1485509) -- Fix address names with '@' sign handling (#1485654) -- Improve messages display performance -- Fix messages searching with 'to:' modifier - -RELEASE 0.2-STABLE ------------------- -- Fix mark popup in IE 7 (#1485369) -- Fix line-break issue when copy & paste in Firefox (#1485425) -- Fix autocomplete "unknown server error" (#1485637) -- Fix STARTTLS before AUTH in SMTP connection (#1484883) -- Support multiple quota values in QUOTAROOT resonse (#1485626) -- Only abbreviate file name for IE < 7 browsers (#1485063) -- Performance: allow setting imap rootdir and delimiter before connect (#1485172) -- Fix sorting of folders with more than 2 levels (#1485569) -- Fix search results page jumps in LDAP addressbook (#1485253) -- Fix empty line before the signature in IE (#1485351) -- Fix horizontal scrollbar in preview pane on IE (#1484633) -- Add Robots meta tag in login page and installer (#1484846) -- Added 'show_images' option, removed 'addrbook_show_images' (#1485597) -- Option to check for new mails in all folders (#1484374) -- Don't set client busy when checking for new messages (#1485276) -- Allow UTF-8 folder names in config (#1485579) -- Add junk_mbox option configuration in installer (#1485579) -- Do serverside addressbook queries for autocompletion (#1485531) -- Allow setting attachment col position in 'list_cols' option -- Allow override 'list_cols' via skin (#1485577) -- Fix 'cache' table cleanup on session destroy (#1485516) -- Increase speed of session destroy and garbage clean up -- Fix session timeout when DB server got clock skew (#1485490) -- Fix handling of some malformed messages (#1484438) -- Speed up raw message body handling -- Better HTML entities conversion in html2text (#1485519) -- Fix big memory consumption and speed up searching on servers without SORT capability -- Fix setting locale to tr_TR, ku and az_AZ (#1485470) -- Use SORT for searching on servers with SORT capability -- Added message status filter -- Fix empty file sending (#1485389) -- Improved searching with many criterias (calling one SEARCH command) -- Fix HTML editor initialization on IE (#1485304) -- Add warning when switching editor mode from html to plain (#1485488) -- Make identities list scrollable (#1485538) -- Fix problem with numeric folder names (#1485527) -- Added BYE response simple support to prevent from endless loops in imap.inc (#1483956) -- Fix unread message unintentionally marked as read if read_when_deleted=true (#1485409) -- Remove port number from SERVER_NAME in smtp_helo_host (#1485518) -- Don't send disposition notification receipts for messages marked as 'read' (#1485523) -- Added 'keep_alive' and 'min_keep_alive' options (#1485360) -- Added option 'identities_level', removed 'multiple_identities' -- Allow deleting identities when multiple_identities=false (#1485435) -- Added option focus_on_new_message (#1485374) -- Fix html2text class autoloading on Windows (#1485505) -- Fix html signature formatting when identity save error occured (#1485426) -- Add feedback and set busy when moving folder (#1485497) -- Fix 'Empty' link visibility for some languages e.g. Slovak (#1485489) -- Fix messages count bar overlapping (#1485270) -- Fix adding signature in drafts compose mode (#1485484) -- Fix iil_C_Sort() to support very long and/or divided responses (#1485283) -- Fix matching case sensitivity when setting identity on reply (#1485480) -- Prefer default identity on reply -- Fix imap searching on ISMail server (#1485466) -- Add css class for flagged messages (#1485464) -- Write username instead of id in sendmail log (#1485477) -- Fix htmlspecialchars() use for PHP version < 5.2.3 (#1485475) -- Fix js keywords escaping in json_serialize() for IE/Opera (#1485472) -- Added bin/killcache.php script (#1485434) -- Add support for SJIS, GB2312, BIG5 in rc_detect_encoding() -- Fix vCard file encoding detection for non-UTF-8 strings (#1485410) -- Add 'skip_deleted' option in User Preferences (#1485445) -- Minimize "inline" javascript scripts use (#1485433) -- Fix css class setting for folders with names matching defined classes names (#1485355) -- Fix race conditions when changing mailbox -- Fix spellchecking when switching to html editor (#1485362) -- Fix compose window width/height (#1485396) -- Allow calling msgimport.sh/msgexport.sh from any directory (#1485431) -- Localized filesize units (#1485340) -- Better handling of "no identity" and "no email in identity" situations (#1485117) -- Added 'mime_param_folding' option with possibility to choose long/non-ascii attachment names encoding eg. to be readable in MS Outlook/OE (#1485320) -- Added "advanced options" feature in User Preferences -- Fix unread counter when displaying cached massage in preview panel (#1485290) -- Fix htmleditor spellchecking on MS Windows (#1485397) -- Fix problem with non-ascii attachment names in Mail_mime (#1485267, #1485096) -- Fix language autodetection (#1485401) -- Fix button label in folders management (#1485405) -- Fix collapsed folder not indicating unread msgs count of all subfolders (#1485403) -- Fix handling of apostrophes in filenames decoded according to rfc2231 - -RELEASE 0.2-BETA ----------------- -- Made config files location configurable (#1485215) -- Reduced memory footprint when forwarding attachments (#1485345) -- Allow and use spellcheck attribute for input/textarea fields (#1485060) -- Added icons for forwarded/forwarded+replied messages (#1485257) -- Added Reply-To to forwarded emails (#1485315) -- Display progress message for folders create/delete/rename (#1485357) -- Smart Tags and NOBR tag support in html messages (#1485363, #1485327) -- Redesign of the identities settings (#1484042) -- Add config option to disable creation/deletion of identities (#1484498) -- Added 'sendmail_delay' option to restrict messages sending interval (#1484491) -- Added vertical splitter for folders list resizing -- Added possibility to view all headers in message view -- Fixed splitter drag/resize on Opera (#1485170) -- Fixed quota img height/width setting from template (#1484857) -- Refactor drag & drop functionality. Don't rely on browser events anymore (#1484453) -- Insert "virtual" folders in subscription list (#1484779) -- Added link to open message in new window -- Enable export of address book contacts as vCard -- Add feature to import contacts from vcard files (#1326103) -- Respect Content-Location headers in multipart/related messages according to RFC2110 (#1484946) -- Allowed max. attachment size now indicated in compose screen (#1485030) -- Also capture backspace key in list mode (#1484566) -- Allow application/pgp parts to be displayed (#1484753) -- Correctly handle options in mailto-links (#1485228) -- Immediately save sort_col/sort_order in user prefs (#1485265) -- Truncate very long (above 50 characters) attachment filenames when displaying -- Allow to auto-detect client language if none set (#1484434) -- Auto-detect the client timezone (user configurable) -- Add RFC2231 header value continuations support for attachment filenames + hack for servers that not support that feature -- Fix Reply-To header displaying (#1485314) -- Mark form buttons that provide the most obvious operation (mainaction) -- Added option 'quota_zero_as_unlimited' (#1484604) -- Added PRE handling in html2text class (#1484740) -- Added folder hierarchy collapsing -- Added options to use syslog instead of log file (#1484850) -- Added Logging & Debugging section in Installer -- Fix In-Reply-To and References headers when composing saved draft message (#1485288) -- Fix html message charset conversion for charsets with underline (#1485287) -- Fix buttons status after contacts deletion (#1485233) -- Fix escaping of To: and From: fields when building message body for reply or forward in the HTML editor (#1484904) -- Use current mailbox name in template (#1485256) -- Better fix for skipping untagged responses (#1485261) -- Added pspell support patch by Kris Steinhoff (#1483960) -- Enable spellchecker for HTML editor (#1485114) -- Respect spellcheck_uri in tinyMCE spellchecker (#1484196) -- Case insensitive contacts searching using PostgreSQL (#1485259) -- Make default imap folders configurable for each user (#1485075) -- Save outgoing mail to selectable folder (#1324581) -- Fix hiding of mark menu when clicking th button again (#1484944) -- Use long date format in print mode (#1485191) -- Updated TinyMCE to version 3.1.0.1 -- Re-enable autocomplete attribute for login form (#1485211) -- Check PERMANENTFLAGS before saving $MDNSent flag (#1484963, #1485163) -- Added flag column on messages list (#1484623) -- Patched Mail/MimePart.php (http://pear.php.net/bugs/bug.php?id=14232) -- Allow trash/junk subfolders to be purged (#1485085) -- Store compose parameters in session and redirect to a unique URL -- Fixed CRAM-MD5 authentication (#1484819) -- Fixed forwarding messages with one HTML attachment (#1484442) -- Fixed encoding of message/rfc822 attachments and image/pjpeg handling (#1484914) -- Added option to select skin in user preferences -- Added option to configure displaying of attached images below the message body -- Added option to display images in messages from known senders (#1484601) -- User preferences grouped in more fieldsets -- Fix corrupted MIME headers of messages in Sent folder (#1485111) -- Fixed bug in MDB2 package: http://pear.php.net/bugs/bug.php?id=14124 -- Use keypress instead of keydown to select list's row (#1484816) -- Don't call expunge and don't remove message row after message move if flag_for_deletion is set to true (#1485002) - -RELEASE 0.2-ALPHA ------------------ -- Added option to disable autocompletion from selected LDAP address books (#1484922) -- TLS support in LDAP connections: 'use_tls' property (#1485104) -- Fixed removing messages from search set after deleting them (#1485106) -- imap.inc: Fixed iil_C_FetchStructureString() to handle many - literal strings in response (#1484969) -- Support for subfolders in default/protected folders (#1484665) -- Disallowed delimiter in folder name (#1484803) -- Support " and \ in folder names -- Escape \ in login (#1484614) -- Better HTML sanitization with the DOM-based washtml script (#1484701) -- Fixed sorting of folders with non-ascii characters -- Fixed Mysql DDL for default identities creation (#1485070) -- In Preferences added possibility to configure 'read_when_deleted', - 'mdn_requests', 'flag_for_deletion' options -- Made IMAP auth type configurable (#1483825) -- Fixed empty values with FROM_UNIXTIME() in rcube_mdb2 (#1485055) -- Fixed attachment list on IE 6/7 (#1484807) -- Fixed JavaScript in compose.html that shows cc/bcc fields if populated -- Make password input fields of type password in installer (#1484886) -- Don't attempt to delete cache entries if enable_caching is FALSE (#1485051) -- Optimized messages sorting on servers without sort capability (#1485049) -- Corrected message headers decoding when charset isn't specified and improved - support for native languages (#1485050, #1485048) -- Expanded LDAP configuration options to support LDAP server writes. -- Installer: encode special characters in DB username/password (#1485042) -- Fixed management of folders with national characters in names (#1485036, #1485001) -- Fixed identities saving when using MDB2 pgsql driver (#1485032) -- Fixed BCC header reset (#1484997) -- Improved messages list performance - patch from Justin Heesemann -- Append skin_path to images location only when it starts with '/' sign (#1484859) -- Fix IMAP response in message body when message has no body (#1484964) -- Fixed non-RFC dates formatting (#1484901) -- Fixed typo in set_charset() (#1484991) -- Decode entities when inserting HTML signature to plain text message (#1484990) -- HTML editing is now working with PHP5 updates and TinyMCE v3.0.6 -- Fixed signature loading on Windows (#1484545) -- Added language support to HTML editing (#1484862) -- Fixed remove signature when replying (#1333167) -- Fixed problem with line with a space at the end (#1484916) -- Fixed <!DOCTYPE> tag filtering (#1484391) -- Fixed <?xml> tag filtering (#1484403) -- Added sections (fieldset+label) in Settings interface -- Mark as read in one action with message preview (#1484972) -- Deleted redundant quota reads (#1484972) -- Added options for empty trash and expunge inbox on logout (#1483863) -- Removed lines wrapping when displaying message -- Fixed month localization -- Changed codebase to PHP5 with autoloader - -RELEASE 0.1.1 -------------- -- Clear selection when selecting single item (#1484942) -- Remove hard-coded image size in skin templates (#1484893) -- Database schema improvements (dropped unnecessary indexes) -- Fixed creating a new folder with a comma in its name (#1484681) -- Fixed sorting of messages when default mailbox is empty (#1484317) -- Improve message previewpane - less loading (#1484316) -- Fixed login form autoompletion (#1484839) -- Fixed virtuser_query option for mdb2 backend (#1484874) -- Fixed attachment resoting from Drafts when message body was empty (#1484506) -- Fixed usage of ob_gzhandler (#1484851) -- Fixed message part window in IE6 (#1484610) -- Fixed decoding of mime-encoded strings (#1484191) -- Fixed some iconv/mb_string problems (#1484598) -- Correctly quote mailbox name when using in URL (#1484313) -- Fixed "headers already sent" errors (#1484860) - -RELEASE 0.1-STABLE ------------------- -- Added interactive installer script -- Fix folder adding/renaming inspired by #1484800 -- Localize folder name in page title (#1484785) -- Fix code using wrong variable name (#1484018) -- Allow to send mail with BCC recipients only -- condense TinyMCE toolbar down to one line, removing table buttons (#1484747) -- Add function to mark the selected messages as read/unread (#1457360) -- Also do charset decoding as suggested in RFC 2231 (fix #1484321) -- Show message count in folder list and hint when creating a subfolder -- Distinguish ssl and tls for imap connections (#1484667) -- Added some charset aliases to fix typical mis-labelling (#1484565) -- Remember decision to display images for a certain message during session (#1484754) -- Truncate attachment filenames to 55 characters due to an IE bug (#1484757) -- Make sending of read receipts configurable -- Respect config when localize folder names (#1484707) -- Also respect receipt and priority settings when re-opening a draft message -- Remember search results (closes #1483883), patch by the_glu -- Add Received header on outgoing mail -- Upgrade to TinyMCE 2.1.3 -- Allow inserting image attachments into HTML messages while composing (#1484557) -- Implement Message-Disposition-Notification (Receipts) -- Fix overriding of session vars when register_globals is on (#1484670) -- Fix bug with case-sensitive folder names (#1484245) -- Don't create default folders by default -- Fixed some potential security risks (audited by Andris) -- Only show new messages if they match the current search (#1484176) -- Switch to/from when searcing in Sent folder (#1484555) -- Correctly read the References header (#1484646) -- Unset old cookie before sending a new value (#1484639) -- Correctly decode attachments when downloading them (#1484645 and #1484642) -- Suppress IE errors when clearing attachments form (#1484356) -- Log error when login fails due to auto_create_user turned off -- Filter linked/imported CSS files (closes #1484056) -- Improve message compose screen (closes #1484383) -- Select next row after removing one from list (#1484387) - -RELEASE 0.1-RC2 ---------------- -- Enable drag-&-dropping of folders to a new parent and allow to create subfolders (#1457344) -- Suppress IE errors when clearing attachments form (#1484356) -- Set preferences field in user table to NULL (#1484386) -- Log error when login fails due to auto_create_user turned off -- Filter linked/imported CSS files (closes #1484056) -- Improve message compose screen (closes #1484383) -- Select next row after removing one from list (#1484387) -- Make smtp HELO/EHLO hostname configurable (#1484067) -- IPv6 Compatability (#1484322), Patch #1484373 -- Unlock interface when message sending fails (#1484570) -- Eval PHP code in template includes (if configured) -- Show message when folder is empty. Mo more static text in table (#1484395) -- Only display unread count in page title when new messages arrived -- Fixed wrong delete button tooltip (#1483965) -- Fixed charset encoding bug (#1484429) -- Applied patch for LDAP version (#1484552) -- Improved XHTML validation -- Fix message list selection (#1484550) -- Better fix lowercased usernames (#1484473) -- Update pngbehavior Script as suggested in #1484490 -- Fixed moving/deleting messages when more than 1 is selected -- Applied patch for LDAP contacts listing by Glen Ogilvie -- Applied patch for more address fields in LDAP contacts (#1484402) -- Add alternative for getallheaders() (fix #1484508) -- Identify mailboxes case-sensitive -- Sort mailbox list case-insensitive (closes #1484338) -- Fix display of multipart messages from Apple Mail (closes #1484027) -- Protect AJAX request from being fetched by a foreign site (XSS) -- Make autocomplete for loginform configurable by the skin template -- Fix compose function from address book (closes #1484426) -- Added //IGNORE to iconv call (patch #1484420, closes #1484023) -- Check if mbstring supports charset (#1484290 and #1484292) -- Prefer iconv over mbstring (as suggested in #1484292) -- Check filesize of template includes (#1484409) -- Fixed bug with buttons not dimming/enabling properly after switching folders -- Fixed compose window becoming unresponsive after saving a draft (#1484487) -- Re-enabled "Back" button in compose window now that bug #1484487 is fixed -- Fixed unresponsive interface issue when downloading attachments (#1484496) -- Lowered status message time from 5 to 3 seconds to improve responsiveness -- Raised .htaccess upload_max_filesize from 2M to 5M to differ from default php.ini -- Increased "mailboxcontrols" mail.css width from 160 to 170px to fix non-english languages (#1484499) -- Fix status message bug #1484464 with regard to #1484353 -- Fix address adding bug reported by David Koblas -- Applied socket error patch by Thomas Mangin -- Pass-by-reference workarround for PHP5 in sendmail.inc -- Fixed buggy imap_root settings (closes #1484379) -- Prevent default events on subject links (#1484399) -- Use HTTP-POST requests for actions that change state - -RELEASE 0.1-RC1 ---------------- -- Use global filters and bind username/ for Ldap searches (#1484159) -- Hide quota display if imap server does not support it -- Hide address groups if no LDAP servers configured -- Add link to message subjects (closes #1484257) -- Better SQL query for contact listing/search (closes #1484369) -- Fixed marking as read in preview pane (closes #1484364) -- CSS hack to display attachments correctly in IE6 -- Wrap message body text (closes #1484148) -- LDAP access is back in address book (closes #1484087) -- Added search function for contacts -- New Template parsing and output encoding -- Fixed bugs #1484119 and #1483978 -- Fixed message moving procedure (closes #1484308) -- Fixed display of multiple attachments (closes #1466563) -- Fixed check for new messages (closes #1484310) -- List attachments without filename -- New session authentication: Change sessid cookie when login, authentication with sessauth cookie is now configurable. - Should close bugs #1483951 and #1484299 -- Correctly translate mailbox names (closes #1484276) -- Quote e-mail address links (closes #1484300) -- Updated PEAR::Mail_mime package -- Accept single quotes for HTML attributes when modifying message body (thanks Jason) -- Sanitize input for new users/identities (thanks Colin Alston) -- Don't download HTML message parts -- Convert HTML parts to plaintext if 'prefer_html' is off -- Correctly parse message/rfc822 parts (closes #1484045) -- Also use user_id for unique key in messages table (closes #1484074) -- Hide contacts drop down on blur (closes #1484203) -- Make entries in contacts drop down clickable -- Turn off browser autocompletion on login page -- Quote <? in text/html message parts -- Hide border around radio buttons -- Applied patch for attachment download by crichardson (closes #1484198) -- Fixed bug in Postgres DB handling (closes #1484068) -- Fixed bug of invalid calls to fetchRow() in rcube_db.inc (closes #1484280) -- Fixed array_merge bug (closes #1484281) -- Fixed flag for deletion in list view (closes #1484264) -- Finally support semicolons as recipient separator (closes ##1484251) -- Fixed message headers (subject) encoding -- check if safe mode is on or not (closes #1484269) -- Show "no subject" in message list if subject is missing (closes #1484243) -- Solved page caching of message preview (closes #1484153) -- Only use gzip compression if configured (closes #1484236) -- Fixed priority selector issue (#1484150) -- Fixed some CSS issues in default skin (closes #1484210 and #1484161) -- Prevent from double quoting of numeric HTML character references (closes #1484253) -- Fixed display of HTML message attachments (closes #1484178) -- Applied patch for preview caching (closes #1484186) -- Added error handling for attachment uploads -- Use multibyte safe string functions where necessary (closes #1483988) -- Applied security patch to validate the submitted host value (by Kees Cook) -- Applied security patch to validate input values when deleting contacts (by Kees Cook) -- Applied security patch that sanitizes emoticon paths when attaching them (by Kees Cook) -- Applied a patch to more aggressively sanitize a HTML message -- Visualize blocked images in HTML messages -- Fixed wrong message listing when showing search results (closes #1484131) -- Show remote images when opening HTML message part as attachment -- Improve memory usage when sending mail (closes #1484098) -- Mark messages as read once the preview is loaded (closes #1484132) -- Include smtp final response in log (closes #1484081) -- Corrected date string in sent message header (closes #1484125) -- Correclty choose "To" column in sent and draft mailboxes (closes #1483943) -- Changed srong tooltips for message browse buttons (closes #1483930) -- Fixed signature delimeter character to be standard (Bug #1484035) -- Fixed XSS vulnerability (Bug #1484109) -- Remove newlines from mail headers (Bug #1484031) -- Selection issues when moving/deleting (Bug #1484044) -- Applied patch of Clement Moulin for imap host auto-selection -- ISO-encode IMAP password for plaintext login (Bugs #1483977 & #1483886) -- Fixed folder name encoding in subscription list (Bug #1484113) -- Fixed JS errors in identity list (Bug #1484120) -- Translate foldernames in folder form (closes #1484113) -- Added first and last buttons to message list, address book - and message detail -- Pressing Shift-Del bypasses Trash folder -- Enable purge command for Junk folder -- Fetch all aliases if virtuser_query is used instead -- Re-enabled multi select of contacts (Bug #1484017) -- Enable contact editing right after creation (Bug #1459641) -- Correct UTF-7 to UTF-8 conversion if mbstring is not available -- Fixed IMAP fetch of message body (Bug #1484019) -- Fixed safe_mode problems (Bug #1418381) -- Fixed wrong header encoding (Bug #1483976) -- Made automatic draft saving configurable -- Fixed JS bug when renaming folders (Bug #1483989) -- Added quota display as image (by Brett Patterson) -- Corrected creation of a message-id -- New indentation for quoted message text -- Improved HTML validity -- Fixed URL character set (Ticket #1445501) -- Fixed saving of contact into MySQL from LDAP query results (Ticket #1483820) -- Fixed folder renaming: unsubscribe before rename (Bug #1483920) -- Finalized new message parsing (+ chaching) -- Fixed wrong usage of mbstring (Bug #1462439) -- Set default spelling language (Ticket #1483938) -- Added support for Nox Spell Server -- Re-built message parsing (Bug #1327068) - Now based on the message structure delivered by the IMAP server. -- Fixed some XSS and SQL injection issues -- Fixed charset problems with folder renaming - - - @@ -1,18 +1,9 @@ -RoundCube Webmail (http://roundcube.net) - - -ATTENTION ---------- -This is just a snapshot of the current SVN repository and is NOT A STABLE -version of RoundCube. Unlike the latest release this version requires PHP 5 -and does not work on a webserver with PHP 4. It's not recommended to -replace an existing installation of RoundCube with this version. Also using -a separate database for this installation is highly recommended. +Roundcube Webmail (http://roundcube.net) Introduction: ------------- -RoundCube Webmail is a browser-based multilingual IMAP client with an +Roundcube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder management, message searching and spell checking. RoundCube Webmail is written in PHP and @@ -43,7 +34,7 @@ LICENSE for more information about our license. Contribution: ------------- -Want to help make RoundCube the best webmail solution ever? +Want to help make Roundcube the best webmail solution ever? RoundCube is open source software. Our developers and contributors all are volunteers and we're always looking for new additions and resources. For more information visit http://roundcube.net/contribute diff --git a/bin/dumpschema.php b/bin/dumpschema.php deleted file mode 100644 index b9a76e419..000000000 --- a/bin/dumpschema.php +++ /dev/null @@ -1,101 +0,0 @@ -#!/usr/bin/env php -<?php -/* - - +-----------------------------------------------------------------------+ - | bin/dumpschema.php | - | | - | This file is part of the RoundCube Webmail client | - | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland | - | Licensed under the GNU GPL | - | | - | PURPOSE: | - | Dumps database schema in XML format using MDB2_Schema | - | | - +-----------------------------------------------------------------------+ - | Author: Thomas Bruederli <roundcube@gmail.com> | - +-----------------------------------------------------------------------+ - - $Id$ - -*/ - -if (php_sapi_name() != 'cli') { - die('Not on the "shell" (php-cli).'); -} - -define('INSTALL_PATH', realpath(dirname(__FILE__) . '/..') . '/' ); -require INSTALL_PATH.'program/include/iniset.php'; - -/** callback function for schema dump **/ -function print_schema($dump) -{ - foreach ((array)$dump as $part) - echo $dump . "\n"; -} - -$config = new rcube_config(); - -// don't allow public access if not in devel_mode -if (!$config->get('devel_mode') && $_SERVER['REMOTE_ADDR']) { - header("HTTP/1.0 401 Access denied"); - die("Access denied!"); -} - -$options = array( - 'use_transactions' => false, - 'log_line_break' => "\n", - 'idxname_format' => '%s', - 'debug' => false, - 'quote_identifier' => true, - 'force_defaults' => false, - 'portability' => false, -); - -$dsnw = $config->get('db_dsnw'); -$dsn_array = MDB2::parseDSN($dsnw); - -// set options for postgres databases -if ($dsn_array['phptype'] == 'pgsql') { - $options['disable_smart_seqname'] = true; - $options['seqname_format'] = '%s'; -} - -$schema =& MDB2_Schema::factory($dsnw, $options); -$schema->db->supported['transactions'] = false; - - -// send as text/xml when opened in browser -if ($_SERVER['REMOTE_ADDR']) - header('Content-Type: text/xml'); - - -if (PEAR::isError($schema)) { - $error = $schema->getMessage() . ' ' . $schema->getUserInfo(); -} -else { - $dump_config = array( - // 'output_mode' => 'file', - 'output' => 'print_schema', - ); - - $definition = $schema->getDefinitionFromDatabase(); - $definition['charset'] = 'utf8'; - - if (PEAR::isError($definition)) { - $error = $definition->getMessage() . ' ' . $definition->getUserInfo(); - } - else { - $operation = $schema->dumpDatabase($definition, $dump_config, MDB2_SCHEMA_DUMP_STRUCTURE); - if (PEAR::isError($operation)) { - $error = $operation->getMessage() . ' ' . $operation->getUserInfo(); - } - } -} - -$schema->disconnect(); - -if ($error && !$_SERVER['REMOTE_ADDR']) - fputs(STDERR, $error); - -?> diff --git a/bin/makedoc.sh b/bin/makedoc.sh deleted file mode 100755 index 26757c0a7..000000000 --- a/bin/makedoc.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env bash - -if [ -z "$SSH_TTY" ] -then - if [ -z "$DEV_TTY" ] - then - echo "Not on the shell." - exit 1 - fi -fi - -TITLE="RoundCube Classes" -PACKAGES="Core" - -INSTALL_PATH="`dirname $0`/.." -PATH_PROJECT=$INSTALL_PATH/program/include -PATH_DOCS=$INSTALL_PATH/doc/phpdoc -BIN_PHPDOC="`/usr/bin/which phpdoc`" - -if [ ! -x "$BIN_PHPDOC" ] -then - echo "phpdoc not found: $BIN_PHPDOC" - exit 1 -fi - -OUTPUTFORMAT=HTML -CONVERTER=frames -TEMPLATE=earthli -PRIVATE=off - -# make documentation -$BIN_PHPDOC -d $PATH_PROJECT -t $PATH_DOCS -ti "$TITLE" -dn $PACKAGES \ --o $OUTPUTFORMAT:$CONVERTER:$TEMPLATE -pp $PRIVATE - @@ -2,7 +2,7 @@ /* +-------------------------------------------------------------------------+ | RoundCube Webmail IMAP Client | - | Version 0.3-20090814 | + | Version 0.3-stable | | | | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland | | | diff --git a/program/include/iniset.php b/program/include/iniset.php index a58845366..ada025026 100755 --- a/program/include/iniset.php +++ b/program/include/iniset.php @@ -22,7 +22,7 @@ // application constants -define('RCMAIL_VERSION', '0.3-trunk'); +define('RCMAIL_VERSION', '0.3-stable'); define('RCMAIL_CHARSET', 'UTF-8'); define('JS_OBJECT_NAME', 'rcmail'); diff --git a/tests/mailfunc.php b/tests/mailfunc.php deleted file mode 100644 index ae35c5d77..000000000 --- a/tests/mailfunc.php +++ /dev/null @@ -1,119 +0,0 @@ -<?php - -/** - * Test class to test steps/mail/func.inc functions - * - * @package Tests - */ -class rcube_test_mailfunc extends UnitTestCase -{ - - function __construct() - { - $this->UnitTestCase('Mail body rendering tests'); - - // simulate environment to successfully include func.inc - $GLOBALS['RCMAIL'] = $RCMAIL = rcmail::get_instance(); - $GLOBALS['OUTPUT'] = $OUTPUT = $RCMAIL->load_gui(); - $RCMAIL->action = 'spell'; - $IMAP = $RCMAIL->imap; - - require_once 'steps/mail/func.inc'; - - $GLOBALS['EMAIL_ADDRESS_PATTERN'] = $EMAIL_ADDRESS_PATTERN; - } - - /** - * Helper method to create a HTML message part object - */ - function get_html_part($body) - { - $part = new rcube_message_part; - $part->ctype_primary = 'text'; - $part->ctype_secondary = 'html'; - $part->body = file_get_contents(TESTS_DIR . $body); - $part->replaces = array(); - return $part; - } - - /** - * Test sanitization of a "normal" html message - */ - function test_html() - { - $part = $this->get_html_part('src/htmlbody.txt'); - $part->replaces = array('ex1.jpg' => 'part_1.2.jpg', 'ex2.jpg' => 'part_1.2.jpg'); - - // render HTML in normal mode - $html = rcmail_html4inline(rcmail_print_body($part, array('safe' => false)), 'foo'); - - $this->assertPattern('/src="'.$part->replaces['ex1.jpg'].'"/', $html, "Replace reference to inline image"); - $this->assertPattern('#background="./program/blocked.gif"#', $html, "Replace external background image"); - $this->assertNoPattern('/ex3.jpg/', $html, "No references to external images"); - $this->assertNoPattern('/<meta [^>]+>/', $html, "No meta tags allowed"); - $this->assertNoPattern('/<style [^>]+>/', $html, "No style tags allowed"); - $this->assertNoPattern('/<form [^>]+>/', $html, "No form tags allowed"); - $this->assertPattern('/Subscription form/', $html, "Include <form> contents"); - $this->assertPattern('/<!-- input not allowed -->/', $html, "No input elements allowed"); - $this->assertPattern('/<!-- link not allowed -->/', $html, "No external links allowed"); - $this->assertPattern('/<a[^>]+ target="_blank">/', $html, "Set target to _blank"); - $this->assertTrue($GLOBALS['REMOTE_OBJECTS'], "Remote object detected"); - - // render HTML in safe mode - $html2 = rcmail_html4inline(rcmail_print_body($part, array('safe' => true)), 'foo'); - - $this->assertPattern('/<style [^>]+>/', $html2, "Allow styles in safe mode"); - $this->assertPattern('#src="http://evilsite.net/mailings/ex3.jpg"#', $html2, "Allow external images in HTML (safe mode)"); - $this->assertPattern("#url\('http://evilsite.net/newsletter/image/bg/bg-64.jpg'\)#", $html2, "Allow external images in CSS (safe mode)"); - - $css = '<link rel="stylesheet" type="text/css" href="./bin/modcss.php?u='.urlencode('http://anysite.net/styles/mail.css').'&c=foo"'; - $this->assertPattern('#'.preg_quote($css).'#', $html2, "Filter external styleseehts with bin/modcss.php"); - } - - /** - * Test the elimination of some trivial XSS vulnerabilities - */ - function test_html_xss() - { - $part = $this->get_html_part('src/htmlxss.txt'); - $washed = rcmail_print_body($part, array('safe' => true)); - - $this->assertNoPattern('/src="skins/', $washed, "Remove local references"); - $this->assertNoPattern('/\son[a-z]+/', $washed, "Remove on* attributes"); - - $html = rcmail_html4inline($washed, 'foo'); - $this->assertNoPattern('/onclick="return rcmail.command(\'compose\',\'xss@somehost.net\',this)"/', $html, "Clean mailto links"); - $this->assertNoPattern('/alert/', $html, "Remove alerts"); - } - - /** - * Test HTML sanitization to fix the CSS Expression Input Validation Vulnerability - * reported at http://www.securityfocus.com/bid/26800/ - */ - function test_html_xss2() - { - $part = $this->get_html_part('src/BID-26800.txt'); - $washed = rcmail_print_body($part, array('safe' => true)); - - $this->assertNoPattern('/alert|expression|javascript|xss/', $washed, "Remove evil style blocks"); - $this->assertNoPattern('/font-style:italic/', $washed, "Allow valid styles"); - } - - /** - * Test links pattern replacements in plaintext messages - */ - function test_plaintext() - { - $part = new rcube_message_part; - $part->ctype_primary = 'text'; - $part->ctype_secondary = 'plain'; - $part->body = quoted_printable_decode(file_get_contents(TESTS_DIR . 'src/plainbody.txt')); - $html = rcmail_print_body($part, array('safe' => true)); - - $this->assertPattern('/<a href="mailto:nobody@roundcube.net" onclick="return rcmail.command\(\'compose\',\'nobody@roundcube.net\',this\)">nobody@roundcube.net<\/a>/', $html, "Mailto links with onclick"); - $this->assertPattern('#<a href="http://www.apple.com/legal/privacy/" target="_blank">http://www.apple.com/legal/privacy/</a>#', $html, "Links with target=_blank"); - } - -} - -?>
\ No newline at end of file diff --git a/tests/modcss.php b/tests/modcss.php deleted file mode 100644 index f9271ff65..000000000 --- a/tests/modcss.php +++ /dev/null @@ -1,45 +0,0 @@ -<?php - -/** - * Test class to test rcmail_mod_css_styles and XSS vulnerabilites - * - * @package Tests - */ -class rcube_test_modcss extends UnitTestCase -{ - - function __construct() - { - $this->UnitTestCase('CSS modification and vulnerability tests'); - } - - function test_modcss() - { - $css = file_get_contents(TESTS_DIR . 'src/valid.css'); - $mod = rcmail_mod_css_styles($css, 'rcmbody'); - - $this->assertPattern('/#rcmbody div.rcmBody\s+\{/', $mod, "Replace body style definition"); - $this->assertPattern('/#rcmbody h1\s\{/', $mod, "Prefix tag styles (single)"); - $this->assertPattern('/#rcmbody h1, #rcmbody h2, #rcmbody h3, #rcmbody textarea\s+\{/', $mod, "Prefix tag styles (multiple)"); - $this->assertPattern('/#rcmbody \.noscript\s+\{/', $mod, "Prefix class styles"); - } - - function test_xss() - { - $mod = rcmail_mod_css_styles("body.main2cols { background-image: url('../images/leftcol.png'); }", 'rcmbody'); - $this->assertEqual("/* evil! */", $mod, "No url() values allowed"); - - $mod = rcmail_mod_css_styles("@import url('http://localhost/somestuff/css/master.css');", 'rcmbody'); - $this->assertEqual("/* evil! */", $mod, "No import statements"); - - $mod = rcmail_mod_css_styles("left:expression(document.body.offsetWidth-20)", 'rcmbody'); - $this->assertEqual("/* evil! */", $mod, "No expression properties"); - - $mod = rcmail_mod_css_styles("left:exp/* */ression( alert('xss3') )", 'rcmbody'); - $this->assertEqual("/* evil! */", $mod, "Don't allow encoding quirks"); - - $mod = rcmail_mod_css_styles("background:\\0075\\0072\\006c( javascript:alert('xss') )", 'rcmbody'); - $this->assertEqual("/* evil! */", $mod, "Don't allow encoding quirks (2)"); - } - -}
\ No newline at end of file diff --git a/tests/runtests.sh b/tests/runtests.sh deleted file mode 100755 index 04a9a3745..000000000 --- a/tests/runtests.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/env php -<?php - -/* - +-----------------------------------------------------------------------+ - | tests/runtests.sh | - | | - | This file is part of the RoundCube Webmail client | - | Copyright (C) 2009, RoundCube Dev. - Switzerland | - | Licensed under the GNU GPL | - | | - | PURPOSE: | - | Run-script for unit tests based on http://simpletest.org | - | All .php files in this folder will be treated as tests | - +-----------------------------------------------------------------------+ - | Author: Thomas Bruederli <roundcube@gmail.com> | - +-----------------------------------------------------------------------+ - - $Id: $ - -*/ - -if (php_sapi_name() != 'cli') - die("Not in shell mode (php-cli)"); - -if (!defined('SIMPLETEST')) define('SIMPLETEST', '/www/simpletest/'); -if (!defined('INSTALL_PATH')) define('INSTALL_PATH', realpath(dirname(__FILE__) . '/..') . '/' ); - -define('TESTS_DIR', dirname(__FILE__) . '/'); - -require_once(SIMPLETEST . 'unit_tester.php'); -require_once(SIMPLETEST . 'reporter.php'); -require_once(INSTALL_PATH . 'program/include/iniset.php'); - -if (count($_SERVER['argv']) > 1) { - $testfiles = array(); - for ($i=1; $i < count($_SERVER['argv']); $i++) - $testfiles[] = realpath('./' . $_SERVER['argv'][$i]); -} -else { - $testfiles = glob(TESTS_DIR . '*.php'); -} - -$test = new TestSuite('RoundCube unit tests'); -$reporter = new TextReporter(); - -foreach ($testfiles as $fn) { - $test->addTestFile($fn); -} - -$test->run($reporter); - -?>
\ No newline at end of file diff --git a/tests/src/BID-26800.txt b/tests/src/BID-26800.txt deleted file mode 100644 index 513516c09..000000000 --- a/tests/src/BID-26800.txt +++ /dev/null @@ -1,52 +0,0 @@ -<html> -<head> -</head> -<body> -<h1>1 test</h1> -<p><style> block</p> -<style>input { left:expression( alert('expression!') ) }</style> -<style>div { background:url(alert('URL!') ) }</style> - -<h1>2 test</h1> -<p><div> block</p> -<div style="font-style:italic">valid css</div> -<div style="{ left:expression( alert('expression!') ) }"> -<div style="{ background:url( alert('URL!') ) }"> - -<h1>3 test</h1> -<p>Inject comment text</p> -<div style="{ left:exp/* */ression( alert('xss3') ) }"> -<div style="{ background:u/* */rl( alert('xssurl3') ) }"> - -<h1>4 test</h1> -<p>Using reverse solid to directe the codepoint</p> -<div style="{ left:\0065\0078pression( alert('xss4') ) }"> -<div style="{ background:\0075rl( alert('xssurl4') ) }"> - -<h1>5 test</h1> -<p>Character entity references</p> -<p>Character entity references is acceptable in "inline styles"</p> -<div style="{ left:expression( alert('xss') ) }"> -<div style="{ left:expression( alert('xss') ) }"> -<div style="{ background:url( alert('URL!') ) }"> -<div style="{ background:url( alert('URL!') ) }"> -<div style="{ left:expression( alert('xss') ) }"> - -<div style="{ left:..p.....o.( alert('xss') ) }"> -<div style="{ left:../**/pression( alert('xss') ) }"> -<div style="{ left:expʀessioɴ( alert('xss') ) }"> -<div style="{ left:\0065\0078pression( alert('xss') ) }"> -<div style="{ left:ex p ression( alert('xss') ) }"> - -<div style="{ background:...( javascript:alert('xss') ) }"> -<div style="{ background:u/**/rl( javascript:alert('xss') ) }"> -<div style="{ background:\0075\0072\006c( javascript:alert('xss') ) }"> -<div style="{ background:uʀʟ( javascript:alert('xss') ) -}"> -<div style="{ background:\0075\0280l( javascript:alert('xss') -) }"> -<div style="{ background:u r l( javascript:alert('xss') ) }"> - -</body> -</html> - diff --git a/tests/src/htmlbody.txt b/tests/src/htmlbody.txt deleted file mode 100644 index a10bfe10e..000000000 --- a/tests/src/htmlbody.txt +++ /dev/null @@ -1,51 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> -<head> -<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1"> -<title>RoundCube Test Message</title> -<link rel="stylesheet" type="text/css" href="http://anysite.net/styles/mail.css"> -<style type="text/css"> - -p, a { - font-family: Arial, 'Bitstream Vera Sans', Helvetica; - margin-top: 0px; - margin-bottom: 0px; - padding-top: 0px; - padding-bottom: 0px; -} - -</style> -</head> -<body style="margin: 0 0 0 0;"> - -<table width="100%" cellpadding="0" cellspacing="20" style="background-image:url(http://evilsite.net/newsletter/image/bg/bg-64.jpg);background-attachment:fixed;" background="http://evilsite.net/newsletter/image/bg/bg-64.jpg" border="0"> -<tr> -<td> - -<h1>This is a HTML message</h1> - -<p>See nice pictures like the following:</p> - -<div> - <img src="ex1.jpg" width="320" height="320" alt="Example 1"> - <img src="ex2.jpg" width="320" height="320" alt="Example 2"> - <img src="http://evilsite.net/mailings/ex3.jpg" width="320" height="320" alt="Example 3"> -</div> - -<form action="http://evilsite.net/subscribe.php"> - <p>Subscription form</p> - - E-Mail: <input type="text" name="mail" value=""><br/> - <input type="submit" value="Subscribe"> - -</form> - -<p>To unsubscribe click here <a href="http://evilsite.net/unsubscribe.php?mail=foo@bar.com"> or - send a mail to <a href="mailto:unsubscribe@evilsite.net">unsubscribe@evilsite.net</a></p> - -</td> -</tr> -</table> - -</body> -</html>
\ No newline at end of file diff --git a/tests/src/htmlxss.txt b/tests/src/htmlxss.txt deleted file mode 100644 index f6c43e353..000000000 --- a/tests/src/htmlxss.txt +++ /dev/null @@ -1,22 +0,0 @@ -<html> -<body> - -<p><img onLoad.="alert(document.cookie)" src="skins/default/images/roundcube_logo.png" /></p> - -<p><a href="mailto:xss@somehost.net') && alert(document.cookie) || ignore('">mail me!</a> -<a href="http://roundcube.net" target="_self">roundcube.net</a> -<a href="http://roundcube.net" \onmouseover="alert('XSS')">roundcube.net (2)</a> - -</p> - -<div>Brilliant!</div> - -<table><tbody><tr><td background="javascript:alert('XSS')">BBBBBB</td></tr></tbody></table> - -<p> -Have a nice Christmas time.<br /> -Thomas -</p> - -</body> -</html> diff --git a/tests/src/plainbody.txt b/tests/src/plainbody.txt deleted file mode 100644 index 7ebfe429b..000000000 --- a/tests/src/plainbody.txt +++ /dev/null @@ -1,37 +0,0 @@ -From: iPhone Developer Program <noreply-iphonedev@apple.com> -To: nobody@roundcube.net - -*iPhone Developer Program* - ------------------------------------ -iPhone SDK 2.2.1 is now available -https://daw.apple.com/cgi-bin/WebObjects/DSAuthWeb.woa/wa/login?appIdKey=3D= -D635F5C417E087A3B9864DAC5D25920C4E9442C9339FA9277951628F0291F620&path=3D//i= -phone/login.action - -Log in to the iPhone Dev Center to download iPhone SDK for iPhone OS 2.2.1.= - Installation of iPhone SDK 2.2.1 is required for development with devices = -updated to iPhone OS 2.2.1. Please view the Read Me before installing the n= -ew version of the iPhone SDK. - -Log in now -https://daw.apple.com/cgi-bin/WebObjects/DSAuthWeb.woa/wa/login?appIdKey=3D= -D635F5C417E087A3B9864DAC5D25920C4E9442C9339FA9277951628F0291F620&path=3D//i= -phone/login.action - ------------------------------------ -Copyright (c) 2009 Apple Inc. 1 Infinite Loop, MS 303-3DM, Cupertino, CA 95= -014. - -All Rights Reserved -http://www.apple.com/legal/default.html - -Keep Informed -http://www.apple.com/enews/subscribe/ - -Privacy Policy -http://www.apple.com/legal/privacy/ - -My Info -https://myinfo.apple.com/cgi-bin/WebObjects/MyInfo - diff --git a/tests/src/valid.css b/tests/src/valid.css deleted file mode 100644 index 340fa9a87..000000000 --- a/tests/src/valid.css +++ /dev/null @@ -1,30 +0,0 @@ -/** Master style definitions **/ - -body, p, div, h1, h2, h3, textarea { - font-family: "Lucida Grande", Helvetica, sans-serif; - font-size: 8.8pt; - color: #333; -} - -body { - background-color: white; - margin: 0; -} - -h1 { - color: #1F519A; - font-size: 1.7em; - font-weight: normal; - margin-top: 0; - margin-bottom: 1em; -} - -.noscript { - display: none; -} - -.hint, .username { - color: #999; -} - - |