diff options
-rw-r--r-- | CHANGELOG | 4 | ||||
-rw-r--r-- | installer/check.php | 7 | ||||
-rw-r--r-- | installer/config.php | 7 | ||||
-rw-r--r-- | installer/rcube_install.php | 7 | ||||
-rw-r--r-- | installer/test.php | 7 | ||||
-rw-r--r-- | program/js/app.js | 2 | ||||
-rw-r--r-- | program/lib/washtml.php | 2 | ||||
-rw-r--r-- | program/steps/mail/func.inc | 2 | ||||
-rw-r--r-- | program/steps/mail/get.inc | 7 | ||||
-rw-r--r-- | skins/classic/iehacks.css | 8 | ||||
-rw-r--r-- | skins/larry/iehacks.css | 6 | ||||
-rw-r--r-- | skins/larry/mail.css | 3 | ||||
-rw-r--r-- | skins/larry/styles.css | 1 |
13 files changed, 50 insertions, 13 deletions
@@ -1,6 +1,10 @@ CHANGELOG Roundcube Webmail =========================== +- Fix #countcontrols issue in IE<=8 when text is very long (#1488890) +- Fix unwanted horizontal scrollbar in message preview header (#1488866) +- Add workaround for IE<=8 bug where Content-Disposition:inline was ignored (#1488844) +- Fix XSS vulnerability in vbscript: and data:text links handling (#1488850) - Fix absolute positioning in HTML messages (#1488819) - Fix keybord events on messages list in opera browser (#1488823) - Fix cache (in)validation after setting \Deleted flag diff --git a/installer/check.php b/installer/check.php index 5cb30225e..514ec42a9 100644 --- a/installer/check.php +++ b/installer/check.php @@ -1,3 +1,10 @@ +<?php + +if (!class_exists('rcube_install') || !is_object($RCI)) { + die("Not allowed! Please open installer/index.php instead."); +} + +?> <form action="index.php" method="get"> <?php diff --git a/installer/config.php b/installer/config.php index bd676b12e..41aa36e10 100644 --- a/installer/config.php +++ b/installer/config.php @@ -1,3 +1,10 @@ +<?php + +if (!class_exists('rcube_install') || !is_object($RCI)) { + die("Not allowed! Please open installer/index.php instead."); +} + +?> <form action="index.php" method="post"> <input type="hidden" name="_step" value="2" /> <?php diff --git a/installer/rcube_install.php b/installer/rcube_install.php index 2688bd721..6c6555f91 100644 --- a/installer/rcube_install.php +++ b/installer/rcube_install.php @@ -251,7 +251,12 @@ class rcube_install $seen[$prop] = true; } } - + + // the old default mime_magic reference is obsolete + if ($this->config['mime_magic'] == '/usr/share/misc/magic') { + $out['obsolete'][] = array('prop' => 'mime_magic', 'explain' => "Set value to null in order to use system default"); + } + // iterate over default config foreach ($defaults as $prop => $value) { if (!isset($seen[$prop]) && isset($required[$prop]) && !(is_bool($this->config[$prop]) || strlen($this->config[$prop]))) diff --git a/installer/test.php b/installer/test.php index 2dd330531..b8b60cf3d 100644 --- a/installer/test.php +++ b/installer/test.php @@ -1,3 +1,10 @@ +<?php + +if (!class_exists('rcube_install') || !is_object($RCI)) { + die("Not allowed! Please open installer/index.php instead."); +} + +?> <form action="index.php?_step=3" method="post"> <h3>Check config files</h3> diff --git a/program/js/app.js b/program/js/app.js index 8fe68bf9e..08411f0e2 100644 --- a/program/js/app.js +++ b/program/js/app.js @@ -2541,7 +2541,7 @@ function rcube_webmail() for (i=0, len=selection.length; i<len; i++) { uid = selection[i]; if (list.rows[uid].has_children && !list.rows[uid].expanded) - list.select_childs(uid); + list.select_children(uid); } // if config is set to flag for deletion diff --git a/program/lib/washtml.php b/program/lib/washtml.php index 0d4ffdb4b..d13d66404 100644 --- a/program/lib/washtml.php +++ b/program/lib/washtml.php @@ -214,7 +214,7 @@ class washtml $key = strtolower($key); $value = $node->getAttribute($key); if (isset($this->_html_attribs[$key]) || - ($key == 'href' && !preg_match('!^javascript!i', $value) + ($key == 'href' && !preg_match('!^(javascript|vbscript|data:text)!i', $value) && preg_match('!^([a-z][a-z0-9.+-]+:|//|#).+!i', $value)) ) { $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"'; diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 5fa5ad6e4..e486cc6e6 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -1414,7 +1414,7 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null, if ($addicon && $_SESSION['writeable_abook']) { $address .= html::a(array( 'href' => "#add", - 'onclick' => sprintf("return %s.command('add-contact','%s',this)", JS_OBJECT_NAME, $string), + 'onclick' => sprintf("return %s.command('add-contact','%s',this)", JS_OBJECT_NAME, JQ($string)), 'title' => rcube_label('addtoaddressbook'), 'class' => 'rcmaddcontact', ), diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc index 924433df3..2cc2f12ca 100644 --- a/program/steps/mail/get.inc +++ b/program/steps/mail/get.inc @@ -150,6 +150,13 @@ else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) { $disposition = !empty($plugin['download']) ? 'attachment' : 'inline'; + // Workaround for nasty IE bug (#1488844) + // If Content-Disposition header contains string "attachment" e.g. in filename + // IE handles data as attachment not inline + if ($disposition == 'inline' && $browser->ie && $browser->ver < 9) { + $filename = str_ireplace('attachment', 'attach', $filename); + } + header("Content-Disposition: $disposition; filename=\"$filename\""); // do content filtering to avoid XSS through fake images diff --git a/skins/classic/iehacks.css b/skins/classic/iehacks.css index 2bd3ce865..c8b9b3740 100644 --- a/skins/classic/iehacks.css +++ b/skins/classic/iehacks.css @@ -184,13 +184,7 @@ body.iframe div.messageheaderbox overflow: hidden; } -#countcontrols -{ - width: 24em; - padding-right: 10px; -} - -body.iframe +body.iframe { width: expression((parseInt(document.documentElement.clientWidth))+'px'); } diff --git a/skins/larry/iehacks.css b/skins/larry/iehacks.css index 93f483c11..c10ad2306 100644 --- a/skins/larry/iehacks.css +++ b/skins/larry/iehacks.css @@ -65,6 +65,12 @@ input.button:active { filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#404040', endColorstr='#060606', GradientType=0); } +#toplogo { + position: absolute; + top: 0px; + left: 10px; +} + .records-table tr.selected td { filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#019bc6', endColorstr='#017cb4', GradientType=0); } diff --git a/skins/larry/mail.css b/skins/larry/mail.css index e2702cff1..9eda4a3e5 100644 --- a/skins/larry/mail.css +++ b/skins/larry/mail.css @@ -717,7 +717,7 @@ h2.subject { h3.subject { font-size: 14px; - margin: 0 8em 0 0; + margin: 0 12em 0 0; padding: 8px 8px 4px 8px; white-space: nowrap; overflow: hidden; @@ -885,7 +885,6 @@ div.hide-headers { position: absolute; top: 8px; right: 8px; - width: 18em; text-align: right; white-space: nowrap; } diff --git a/skins/larry/styles.css b/skins/larry/styles.css index 199969810..c0e0e5a53 100644 --- a/skins/larry/styles.css +++ b/skins/larry/styles.css @@ -513,6 +513,7 @@ a.iconlink.upload { } #topnav { + position: relative; height: 46px; margin-bottom: 10px; padding: 0 0 0 10px; |