diff options
-rw-r--r-- | CHANGELOG | 593 | ||||
-rw-r--r-- | README | 9 | ||||
-rw-r--r-- | bin/dumpschema.php | 101 | ||||
-rwxr-xr-x | bin/makedoc.sh | 34 | ||||
-rw-r--r-- | index.php | 2 | ||||
-rwxr-xr-x | program/include/iniset.php | 2 | ||||
-rw-r--r-- | tests/mailfunc.php | 119 | ||||
-rw-r--r-- | tests/modcss.php | 45 | ||||
-rwxr-xr-x | tests/runtests.sh | 53 | ||||
-rw-r--r-- | tests/src/BID-26800.txt | 52 | ||||
-rw-r--r-- | tests/src/htmlbody.txt | 51 | ||||
-rw-r--r-- | tests/src/htmlxss.txt | 22 | ||||
-rw-r--r-- | tests/src/plainbody.txt | 37 | ||||
-rw-r--r-- | tests/src/valid.css | 30 |
14 files changed, 2 insertions, 1148 deletions
@@ -47,596 +47,3 @@ CHANGELOG RoundCube Webmail - Password Plugin: Fix %d inserts username instead of domain (#1486088) - Fix rcube_mdb2::affected_rows() (#1486082) -RELEASE 0.3-stable ------------------- -- Fix gn and givenName should be synonymous in LDAP addressbook (#1485892) -- Add mail_domain to LDAP email entries without @ sign (#1485201) -- Fix saving empty values in LDAP contact data (#1485781) -- Fix LDAP contact update when RDN field is changed (#1485788) -- Fix LDAP attributes case senitivity problems (#1485830) -- Fix LDAP addressbook browsing when only one directory is used (#1486022) -- Fix endless loop on error response for APPEND command (#1486060) -- Don't require date.timezone setting in installer (#1485989) -- Fix date sorting problem with Courier IMAP server (#1486065) -- Unselect pressed buttons on mouse up (#1485987) -- Don't set php_value error_log in .htaccess but mention in INSTALL (#1485924) -- Fix too small status/flag/attachment columns in Safari 4 (#1486063) -- Fix selection disabling while dragging splitter in webkit browsers (#1486056) -- Added 'new_messages' plugin hook (#1486005) -- Added 'logout_after' plugin hook (#1486042) -- Added 'message_compose' hook -- Added 'imap_connect' hook (#1485956) -- Fix vcard_attachments plugin (#1486035) -- Updated PEAR::Auth_SASL to 1.0.3 version -- Use sequence names only with PostgreSQL (#1486018) -- Re-designed User Preferences interface -- Fix MS SQL DDL (#1486020) -- Fix rcube_mdb2.php: call to setCharset not implemented in mssql driver (#1486019) -- Added 'display_next' option -- Fix rcube_mdb2::unixtimestamp for MS SQL (#1486015) -- Fix HTML washing to respect character encoding -- Fix endless loop in iil_C_Login() with Courier IMAP (#1486010) -- Fix #messagemenu display on IE (#1486006) -- Speedup UI by using sprites for (toolbar) buttons -- Fix charset names with X- prefix handling -- Fix displaying of HTML messages with unknown/malformed tags (#1486003) - -RELEASE 0.3-RC1 ---------------- -- Fix import of vCard entries with params (#1485453) -- Fix HTML messages output with empty block elements (#1485974) -- Use request tokens to protect POST requests from CSFR -- Added hook when killing a session -- Added hook to write_log function (#1485971) -- Performance improvements by use UID commands (#1485690) -- Fix HTML editor tabIndex setting (#1485972) -- Added 'imap_debug' and 'smtp_debug' options -- Support strftime's format modifiers in date_* options (#1484806) -- Support %h variable in 'smtp_server' option (#1485766) -- Show SMTP errors in browser (#1485927) -- Allow WBR tag in HTML message (#1485960) -- Use spl_autoload_register() instead of __autoload (#1485947) -- Add hook for identities listing (#1485958) -- Trigger hook 'smtp_connect' when opening an SMTP connection (#1485954) -- Added config option to enforce HTTPS connections -- Fix non-unicode characters caching in unicode database (#1484608) -- Performance improvements of messages caching -- Fix empty Date header issue (#1485923) -- Open collapsed folders during drag & drop (#1485914) -- Fixed link text replacements (#1485789) -- Also trigger 'insertrow' events on page load (#1485826) -- No link on subject in IE browsers (#1484913) -- Fixed filename encoding according to RFC2231 (#1485875) -- Added message Edit feature (#1483891, #1484440) -- Fix message Etag generation for counter issues (#1485623) -- Fix messages searching on MailEnable IMAP (#1485762) -- Fixed many 'skip_deleted' issues (#1485634) -- Fixed messages list sorting on servers without SORT capability -- Colorized signatures in plain text messages -- Reviewed/fixed skip_deleted/read_when_deleted/flag_for_deletion options handling in UI -- Fix displaying of big maximum upload filesize (#1485889) -- Added possibility to invert messages selection -- After move/delete from 'show' action display next message instead of messages list (#1485887) -- Fixed problem with double quote at the end of folder name (#1485884) -- Speedup UI by using CSS sprites and etags/expires/deflate in Apache config (#1484858,#1485800) -- Support UID EXPUNGE: remove only moved/deleted messages -- Add drag cancelling with ESC key (#1484344) -- Support initial identity name from virtuser_query (#1484003) -- Added message menu, removed Print and Source buttons -- Added possibility to save message as .eml file (#1485861) -- Added 1 minute interval in autosave options (#1485854) -- Support UTF-7 encoding in messages (#1485832) -- Better support for malformed character names (#1485758) - -RELEASE 0.3-BETA ----------------- -- Plugin API + jQuery engine -- Added possibility to encrypt received header, option 'http_received_header_encrypt', - added some more logic in encrypt/decrypt functions for security -- Fix Answered/Forwarded flag setting for messages in subfolders -- Fix autocomplete problem with capital letters (#1485792) -- Support UUencode content encoding (#1485839) -- Minimize chance of race condition in session handling (#1485659, #1484678) -- Fix session handling on non-session SQL query error (#1485734) -- Fix html editor mode setting when reopening draft message (#1485834) -- Added quick search box menu (#1484304) -- Fix wrong column sort order icons (#1485823) -- Updated TinyMCE to 3.2.3 version -- Fix attachment names encoding when charset isn't specified in attachment part (#1484969) -- Fix message normal priority problem (#1485820) -- Fix autocomplete spinning wheel does not disappear (#1485804) -- Added log_date_format option (#1485709) -- Fix text wrapping in HTML editor after switching from plain text to HTML (#1485521) -- Fix auto-complete function hangs with plus sign (#1485815) -- Fix AJAX requests errors handler (#1485000) -- Speed up message list displaying on IE -- Fix read/write database recognition (#1485811) - -RELEASE 0.2.2 -------------- -- Fix quicksearchbox look in Chrome and Konqueror (#1484841) -- Fix UTF-8 byte-order mark removing (#1485514) -- Fix folders subscribtions on Konqueror (#1484841) -- Fix debug console on Konqueror and Safari -- Fix messagelist focus issue when modifying status of selected messages (#1485807) -- Support STARTTLS in IMAP connection (#1485284) -- Fix DEL key problem in search boxes (#1485528) -- Support several e-mail addresses per user from virtuser_file (#1485678) -- Fix drag&drop with scrolling on IE (#1485786) -- Fix adding signature separator in html mode (#1485350) -- Fix opening attachment marks message as read (#1485803) -- Fix 'temp_dir' does not support relative path under Windows (#1484529) -- Fix "Initialize Database" button missing from installer (#1485802) -- Fix compose window doesn't fit 1024x768 window (#1485396) -- Fix service not available error when pressing back from compose dialog (#1485552) -- Fix using mail() on Windows (#1485779) -- Fix word wrapping in message-part's <PRE>s for printing (#1485787) -- Fix incorrect word wrapping in outgoing plaintext multibyte messages (#1485714) -- Fix double footer in HTML message with embedded images -- Fix TNEF implementation bug (#1485773) -- Fix incorrect row id parsing for LDAP contacts list (#1485784) -- Fix 'mode' parameter in sqlite DSN (#1485772) - -RELEASE 0.2.1 ------------------- -- Use US-ASCII as failover when Unicode searching fails (#1485762) -- Fix errors handling in IMAP command continuations (#1485762) -- Fix FETCH result parsing for servers returning flags at the end of result (#1485763) -- Fix datetime columns defaults in mysql's DDL (#1485641) -- Fix attaching more than nine inline images (#1485759) -- Support 'UNICODE-1-1-UTF-7' alias for UTF-7 encoding (#1485758) -- Fix mime-type detection using a hard-coded map (#1485311) -- Don't return empty string if charset conversion failed (#1485757) -- Disable concurrent autocomplete query results display (#1485743) -- Fix new lines stripped from message footer (#1485751) -- Fix IE problem with mouse click autocomplete (#1485739) -- Fix html body washing on reply/forward + fix attachments handling (#1485676) -- Fix multiple recipients input parsing (#1485733) -- Fix replying to message with html attachment (#1485676) -- Use default_charset for messages without specified charset (#1485661, #1484961) -- Support non-standard "GMT-XXXX" literal in date header (#1485729) -- Added TNEF support to decode MS Outlook attachments (winmail.dat) -- Fix "value continuation" MIME headers by adding required semicolon (#1485727) -- Fix pressing select all/unread multiple times (#1485723) -- Fix selecting all unread does not honor new messages (#1485724) -- Fix some base64 encoded attachments handling (#1485725) -- Support NGINX as IMAP backend: better BAD response handling (#1485720) -- Performance fix: don't fetch attachment parts headers twice to parse filename -- Fix checking for recent messages on various IMAP servers (#1485702) -- Performance fix: Don't fetch quota and recent messages in "message view" mode -- Fix displaying of alternative-inside-alternative messages (#1485713) -- Fix MDNSent flag checking, use arbitrary keywords (asterisk) flag (#1485706) -- Fix creation of folders with '&' sign in name -- Fix parsing of email addresses without angle brackets (#1485693) -- Save spellcheck corrections when switching from plain to html editor (and spellchecking is on) -- Fix large search results on server without SORT capability (#1485668) -- Get rid of preg_replace() with eval modifier and create_function usage (#1485686) -- Bring back <base> and <link> tags in HTML messages -- Fix XSS vulnerability through background attributes as reported by Julien Cayssol -- Fix problems with backslash as IMAP hierarchy delimiter (#1484467) -- Secure vcard export by getting rid of preg's 'e' modifier use (#1485689) -- Fix authentication when submitting form with existing session (#1485679) -- Allow absolute URLs to images in HTML messages/sigs (#1485666) -- Fix message body which contains both inline attachments and emotions -- Fix SQL query execution errors handling in rcube_mdb2 class (#1485509) -- Fix address names with '@' sign handling (#1485654) -- Improve messages display performance -- Fix messages searching with 'to:' modifier - -RELEASE 0.2-STABLE ------------------- -- Fix mark popup in IE 7 (#1485369) -- Fix line-break issue when copy & paste in Firefox (#1485425) -- Fix autocomplete "unknown server error" (#1485637) -- Fix STARTTLS before AUTH in SMTP connection (#1484883) -- Support multiple quota values in QUOTAROOT resonse (#1485626) -- Only abbreviate file name for IE < 7 browsers (#1485063) -- Performance: allow setting imap rootdir and delimiter before connect (#1485172) -- Fix sorting of folders with more than 2 levels (#1485569) -- Fix search results page jumps in LDAP addressbook (#1485253) -- Fix empty line before the signature in IE (#1485351) -- Fix horizontal scrollbar in preview pane on IE (#1484633) -- Add Robots meta tag in login page and installer (#1484846) -- Added 'show_images' option, removed 'addrbook_show_images' (#1485597) -- Option to check for new mails in all folders (#1484374) -- Don't set client busy when checking for new messages (#1485276) -- Allow UTF-8 folder names in config (#1485579) -- Add junk_mbox option configuration in installer (#1485579) -- Do serverside addressbook queries for autocompletion (#1485531) -- Allow setting attachment col position in 'list_cols' option -- Allow override 'list_cols' via skin (#1485577) -- Fix 'cache' table cleanup on session destroy (#1485516) -- Increase speed of session destroy and garbage clean up -- Fix session timeout when DB server got clock skew (#1485490) -- Fix handling of some malformed messages (#1484438) -- Speed up raw message body handling -- Better HTML entities conversion in html2text (#1485519) -- Fix big memory consumption and speed up searching on servers without SORT capability -- Fix setting locale to tr_TR, ku and az_AZ (#1485470) -- Use SORT for searching on servers with SORT capability -- Added message status filter -- Fix empty file sending (#1485389) -- Improved searching with many criterias (calling one SEARCH command) -- Fix HTML editor initialization on IE (#1485304) -- Add warning when switching editor mode from html to plain (#1485488) -- Make identities list scrollable (#1485538) -- Fix problem with numeric folder names (#1485527) -- Added BYE response simple support to prevent from endless loops in imap.inc (#1483956) -- Fix unread message unintentionally marked as read if read_when_deleted=true (#1485409) -- Remove port number from SERVER_NAME in smtp_helo_host (#1485518) -- Don't send disposition notification receipts for messages marked as 'read' (#1485523) -- Added 'keep_alive' and 'min_keep_alive' options (#1485360) -- Added option 'identities_level', removed 'multiple_identities' -- Allow deleting identities when multiple_identities=false (#1485435) -- Added option focus_on_new_message (#1485374) -- Fix html2text class autoloading on Windows (#1485505) -- Fix html signature formatting when identity save error occured (#1485426) -- Add feedback and set busy when moving folder (#1485497) -- Fix 'Empty' link visibility for some languages e.g. Slovak (#1485489) -- Fix messages count bar overlapping (#1485270) -- Fix adding signature in drafts compose mode (#1485484) -- Fix iil_C_Sort() to support very long and/or divided responses (#1485283) -- Fix matching case sensitivity when setting identity on reply (#1485480) -- Prefer default identity on reply -- Fix imap searching on ISMail server (#1485466) -- Add css class for flagged messages (#1485464) -- Write username instead of id in sendmail log (#1485477) -- Fix htmlspecialchars() use for PHP version < 5.2.3 (#1485475) -- Fix js keywords escaping in json_serialize() for IE/Opera (#1485472) -- Added bin/killcache.php script (#1485434) -- Add support for SJIS, GB2312, BIG5 in rc_detect_encoding() -- Fix vCard file encoding detection for non-UTF-8 strings (#1485410) -- Add 'skip_deleted' option in User Preferences (#1485445) -- Minimize "inline" javascript scripts use (#1485433) -- Fix css class setting for folders with names matching defined classes names (#1485355) -- Fix race conditions when changing mailbox -- Fix spellchecking when switching to html editor (#1485362) -- Fix compose window width/height (#1485396) -- Allow calling msgimport.sh/msgexport.sh from any directory (#1485431) -- Localized filesize units (#1485340) -- Better handling of "no identity" and "no email in identity" situations (#1485117) -- Added 'mime_param_folding' option with possibility to choose long/non-ascii attachment names encoding eg. to be readable in MS Outlook/OE (#1485320) -- Added "advanced options" feature in User Preferences -- Fix unread counter when displaying cached massage in preview panel (#1485290) -- Fix htmleditor spellchecking on MS Windows (#1485397) -- Fix problem with non-ascii attachment names in Mail_mime (#1485267, #1485096) -- Fix language autodetection (#1485401) -- Fix button label in folders management (#1485405) -- Fix collapsed folder not indicating unread msgs count of all subfolders (#1485403) -- Fix handling of apostrophes in filenames decoded according to rfc2231 - -RELEASE 0.2-BETA ----------------- -- Made config files location configurable (#1485215) -- Reduced memory footprint when forwarding attachments (#1485345) -- Allow and use spellcheck attribute for input/textarea fields (#1485060) -- Added icons for forwarded/forwarded+replied messages (#1485257) -- Added Reply-To to forwarded emails (#1485315) -- Display progress message for folders create/delete/rename (#1485357) -- Smart Tags and NOBR tag support in html messages (#1485363, #1485327) -- Redesign of the identities settings (#1484042) -- Add config option to disable creation/deletion of identities (#1484498) -- Added 'sendmail_delay' option to restrict messages sending interval (#1484491) -- Added vertical splitter for folders list resizing -- Added possibility to view all headers in message view -- Fixed splitter drag/resize on Opera (#1485170) -- Fixed quota img height/width setting from template (#1484857) -- Refactor drag & drop functionality. Don't rely on browser events anymore (#1484453) -- Insert "virtual" folders in subscription list (#1484779) -- Added link to open message in new window -- Enable export of address book contacts as vCard -- Add feature to import contacts from vcard files (#1326103) -- Respect Content-Location headers in multipart/related messages according to RFC2110 (#1484946) -- Allowed max. attachment size now indicated in compose screen (#1485030) -- Also capture backspace key in list mode (#1484566) -- Allow application/pgp parts to be displayed (#1484753) -- Correctly handle options in mailto-links (#1485228) -- Immediately save sort_col/sort_order in user prefs (#1485265) -- Truncate very long (above 50 characters) attachment filenames when displaying -- Allow to auto-detect client language if none set (#1484434) -- Auto-detect the client timezone (user configurable) -- Add RFC2231 header value continuations support for attachment filenames + hack for servers that not support that feature -- Fix Reply-To header displaying (#1485314) -- Mark form buttons that provide the most obvious operation (mainaction) -- Added option 'quota_zero_as_unlimited' (#1484604) -- Added PRE handling in html2text class (#1484740) -- Added folder hierarchy collapsing -- Added options to use syslog instead of log file (#1484850) -- Added Logging & Debugging section in Installer -- Fix In-Reply-To and References headers when composing saved draft message (#1485288) -- Fix html message charset conversion for charsets with underline (#1485287) -- Fix buttons status after contacts deletion (#1485233) -- Fix escaping of To: and From: fields when building message body for reply or forward in the HTML editor (#1484904) -- Use current mailbox name in template (#1485256) -- Better fix for skipping untagged responses (#1485261) -- Added pspell support patch by Kris Steinhoff (#1483960) -- Enable spellchecker for HTML editor (#1485114) -- Respect spellcheck_uri in tinyMCE spellchecker (#1484196) -- Case insensitive contacts searching using PostgreSQL (#1485259) -- Make default imap folders configurable for each user (#1485075) -- Save outgoing mail to selectable folder (#1324581) -- Fix hiding of mark menu when clicking th button again (#1484944) -- Use long date format in print mode (#1485191) -- Updated TinyMCE to version 3.1.0.1 -- Re-enable autocomplete attribute for login form (#1485211) -- Check PERMANENTFLAGS before saving $MDNSent flag (#1484963, #1485163) -- Added flag column on messages list (#1484623) -- Patched Mail/MimePart.php (http://pear.php.net/bugs/bug.php?id=14232) -- Allow trash/junk subfolders to be purged (#1485085) -- Store compose parameters in session and redirect to a unique URL -- Fixed CRAM-MD5 authentication (#1484819) -- Fixed forwarding messages with one HTML attachment (#1484442) -- Fixed encoding of message/rfc822 attachments and image/pjpeg handling (#1484914) -- Added option to select skin in user preferences -- Added option to configure displaying of attached images below the message body -- Added option to display images in messages from known senders (#1484601) -- User preferences grouped in more fieldsets -- Fix corrupted MIME headers of messages in Sent folder (#1485111) -- Fixed bug in MDB2 package: http://pear.php.net/bugs/bug.php?id=14124 -- Use keypress instead of keydown to select list's row (#1484816) -- Don't call expunge and don't remove message row after message move if flag_for_deletion is set to true (#1485002) - -RELEASE 0.2-ALPHA ------------------ -- Added option to disable autocompletion from selected LDAP address books (#1484922) -- TLS support in LDAP connections: 'use_tls' property (#1485104) -- Fixed removing messages from search set after deleting them (#1485106) -- imap.inc: Fixed iil_C_FetchStructureString() to handle many - literal strings in response (#1484969) -- Support for subfolders in default/protected folders (#1484665) -- Disallowed delimiter in folder name (#1484803) -- Support " and \ in folder names -- Escape \ in login (#1484614) -- Better HTML sanitization with the DOM-based washtml script (#1484701) -- Fixed sorting of folders with non-ascii characters -- Fixed Mysql DDL for default identities creation (#1485070) -- In Preferences added possibility to configure 'read_when_deleted', - 'mdn_requests', 'flag_for_deletion' options -- Made IMAP auth type configurable (#1483825) -- Fixed empty values with FROM_UNIXTIME() in rcube_mdb2 (#1485055) -- Fixed attachment list on IE 6/7 (#1484807) -- Fixed JavaScript in compose.html that shows cc/bcc fields if populated -- Make password input fields of type password in installer (#1484886) -- Don't attempt to delete cache entries if enable_caching is FALSE (#1485051) -- Optimized messages sorting on servers without sort capability (#1485049) -- Corrected message headers decoding when charset isn't specified and improved - support for native languages (#1485050, #1485048) -- Expanded LDAP configuration options to support LDAP server writes. -- Installer: encode special characters in DB username/password (#1485042) -- Fixed management of folders with national characters in names (#1485036, #1485001) -- Fixed identities saving when using MDB2 pgsql driver (#1485032) -- Fixed BCC header reset (#1484997) -- Improved messages list performance - patch from Justin Heesemann -- Append skin_path to images location only when it starts with '/' sign (#1484859) -- Fix IMAP response in message body when message has no body (#1484964) -- Fixed non-RFC dates formatting (#1484901) -- Fixed typo in set_charset() (#1484991) -- Decode entities when inserting HTML signature to plain text message (#1484990) -- HTML editing is now working with PHP5 updates and TinyMCE v3.0.6 -- Fixed signature loading on Windows (#1484545) -- Added language support to HTML editing (#1484862) -- Fixed remove signature when replying (#1333167) -- Fixed problem with line with a space at the end (#1484916) -- Fixed <!DOCTYPE> tag filtering (#1484391) -- Fixed <?xml> tag filtering (#1484403) -- Added sections (fieldset+label) in Settings interface -- Mark as read in one action with message preview (#1484972) -- Deleted redundant quota reads (#1484972) -- Added options for empty trash and expunge inbox on logout (#1483863) -- Removed lines wrapping when displaying message -- Fixed month localization -- Changed codebase to PHP5 with autoloader - -RELEASE 0.1.1 -------------- -- Clear selection when selecting single item (#1484942) -- Remove hard-coded image size in skin templates (#1484893) -- Database schema improvements (dropped unnecessary indexes) -- Fixed creating a new folder with a comma in its name (#1484681) -- Fixed sorting of messages when default mailbox is empty (#1484317) -- Improve message previewpane - less loading (#1484316) -- Fixed login form autoompletion (#1484839) -- Fixed virtuser_query option for mdb2 backend (#1484874) -- Fixed attachment resoting from Drafts when message body was empty (#1484506) -- Fixed usage of ob_gzhandler (#1484851) -- Fixed message part window in IE6 (#1484610) -- Fixed decoding of mime-encoded strings (#1484191) -- Fixed some iconv/mb_string problems (#1484598) -- Correctly quote mailbox name when using in URL (#1484313) -- Fixed "headers already sent" errors (#1484860) - -RELEASE 0.1-STABLE ------------------- -- Added interactive installer script -- Fix folder adding/renaming inspired by #1484800 -- Localize folder name in page title (#1484785) -- Fix code using wrong variable name (#1484018) -- Allow to send mail with BCC recipients only -- condense TinyMCE toolbar down to one line, removing table buttons (#1484747) -- Add function to mark the selected messages as read/unread (#1457360) -- Also do charset decoding as suggested in RFC 2231 (fix #1484321) -- Show message count in folder list and hint when creating a subfolder -- Distinguish ssl and tls for imap connections (#1484667) -- Added some charset aliases to fix typical mis-labelling (#1484565) -- Remember decision to display images for a certain message during session (#1484754) -- Truncate attachment filenames to 55 characters due to an IE bug (#1484757) -- Make sending of read receipts configurable -- Respect config when localize folder names (#1484707) -- Also respect receipt and priority settings when re-opening a draft message -- Remember search results (closes #1483883), patch by the_glu -- Add Received header on outgoing mail -- Upgrade to TinyMCE 2.1.3 -- Allow inserting image attachments into HTML messages while composing (#1484557) -- Implement Message-Disposition-Notification (Receipts) -- Fix overriding of session vars when register_globals is on (#1484670) -- Fix bug with case-sensitive folder names (#1484245) -- Don't create default folders by default -- Fixed some potential security risks (audited by Andris) -- Only show new messages if they match the current search (#1484176) -- Switch to/from when searcing in Sent folder (#1484555) -- Correctly read the References header (#1484646) -- Unset old cookie before sending a new value (#1484639) -- Correctly decode attachments when downloading them (#1484645 and #1484642) -- Suppress IE errors when clearing attachments form (#1484356) -- Log error when login fails due to auto_create_user turned off -- Filter linked/imported CSS files (closes #1484056) -- Improve message compose screen (closes #1484383) -- Select next row after removing one from list (#1484387) - -RELEASE 0.1-RC2 ---------------- -- Enable drag-&-dropping of folders to a new parent and allow to create subfolders (#1457344) -- Suppress IE errors when clearing attachments form (#1484356) -- Set preferences field in user table to NULL (#1484386) -- Log error when login fails due to auto_create_user turned off -- Filter linked/imported CSS files (closes #1484056) -- Improve message compose screen (closes #1484383) -- Select next row after removing one from list (#1484387) -- Make smtp HELO/EHLO hostname configurable (#1484067) -- IPv6 Compatability (#1484322), Patch #1484373 -- Unlock interface when message sending fails (#1484570) -- Eval PHP code in template includes (if configured) -- Show message when folder is empty. Mo more static text in table (#1484395) -- Only display unread count in page title when new messages arrived -- Fixed wrong delete button tooltip (#1483965) -- Fixed charset encoding bug (#1484429) -- Applied patch for LDAP version (#1484552) -- Improved XHTML validation -- Fix message list selection (#1484550) -- Better fix lowercased usernames (#1484473) -- Update pngbehavior Script as suggested in #1484490 -- Fixed moving/deleting messages when more than 1 is selected -- Applied patch for LDAP contacts listing by Glen Ogilvie -- Applied patch for more address fields in LDAP contacts (#1484402) -- Add alternative for getallheaders() (fix #1484508) -- Identify mailboxes case-sensitive -- Sort mailbox list case-insensitive (closes #1484338) -- Fix display of multipart messages from Apple Mail (closes #1484027) -- Protect AJAX request from being fetched by a foreign site (XSS) -- Make autocomplete for loginform configurable by the skin template -- Fix compose function from address book (closes #1484426) -- Added //IGNORE to iconv call (patch #1484420, closes #1484023) -- Check if mbstring supports charset (#1484290 and #1484292) -- Prefer iconv over mbstring (as suggested in #1484292) -- Check filesize of template includes (#1484409) -- Fixed bug with buttons not dimming/enabling properly after switching folders -- Fixed compose window becoming unresponsive after saving a draft (#1484487) -- Re-enabled "Back" button in compose window now that bug #1484487 is fixed -- Fixed unresponsive interface issue when downloading attachments (#1484496) -- Lowered status message time from 5 to 3 seconds to improve responsiveness -- Raised .htaccess upload_max_filesize from 2M to 5M to differ from default php.ini -- Increased "mailboxcontrols" mail.css width from 160 to 170px to fix non-english languages (#1484499) -- Fix status message bug #1484464 with regard to #1484353 -- Fix address adding bug reported by David Koblas -- Applied socket error patch by Thomas Mangin -- Pass-by-reference workarround for PHP5 in sendmail.inc -- Fixed buggy imap_root settings (closes #1484379) -- Prevent default events on subject links (#1484399) -- Use HTTP-POST requests for actions that change state - -RELEASE 0.1-RC1 ---------------- -- Use global filters and bind username/ for Ldap searches (#1484159) -- Hide quota display if imap server does not support it -- Hide address groups if no LDAP servers configured -- Add link to message subjects (closes #1484257) -- Better SQL query for contact listing/search (closes #1484369) -- Fixed marking as read in preview pane (closes #1484364) -- CSS hack to display attachments correctly in IE6 -- Wrap message body text (closes #1484148) -- LDAP access is back in address book (closes #1484087) -- Added search function for contacts -- New Template parsing and output encoding -- Fixed bugs #1484119 and #1483978 -- Fixed message moving procedure (closes #1484308) -- Fixed display of multiple attachments (closes #1466563) -- Fixed check for new messages (closes #1484310) -- List attachments without filename -- New session authentication: Change sessid cookie when login, authentication with sessauth cookie is now configurable. - Should close bugs #1483951 and #1484299 -- Correctly translate mailbox names (closes #1484276) -- Quote e-mail address links (closes #1484300) -- Updated PEAR::Mail_mime package -- Accept single quotes for HTML attributes when modifying message body (thanks Jason) -- Sanitize input for new users/identities (thanks Colin Alston) -- Don't download HTML message parts -- Convert HTML parts to plaintext if 'prefer_html' is off -- Correctly parse message/rfc822 parts (closes #1484045) -- Also use user_id for unique key in messages table (closes #1484074) -- Hide contacts drop down on blur (closes #1484203) -- Make entries in contacts drop down clickable -- Turn off browser autocompletion on login page -- Quote <? in text/html message parts -- Hide border around radio buttons -- Applied patch for attachment download by crichardson (closes #1484198) -- Fixed bug in Postgres DB handling (closes #1484068) -- Fixed bug of invalid calls to fetchRow() in rcube_db.inc (closes #1484280) -- Fixed array_merge bug (closes #1484281) -- Fixed flag for deletion in list view (closes #1484264) -- Finally support semicolons as recipient separator (closes ##1484251) -- Fixed message headers (subject) encoding -- check if safe mode is on or not (closes #1484269) -- Show "no subject" in message list if subject is missing (closes #1484243) -- Solved page caching of message preview (closes #1484153) -- Only use gzip compression if configured (closes #1484236) -- Fixed priority selector issue (#1484150) -- Fixed some CSS issues in default skin (closes #1484210 and #1484161) -- Prevent from double quoting of numeric HTML character references (closes #1484253) -- Fixed display of HTML message attachments (closes #1484178) -- Applied patch for preview caching (closes #1484186) -- Added error handling for attachment uploads -- Use multibyte safe string functions where necessary (closes #1483988) -- Applied security patch to validate the submitted host value (by Kees Cook) -- Applied security patch to validate input values when deleting contacts (by Kees Cook) -- Applied security patch that sanitizes emoticon paths when attaching them (by Kees Cook) -- Applied a patch to more aggressively sanitize a HTML message -- Visualize blocked images in HTML messages -- Fixed wrong message listing when showing search results (closes #1484131) -- Show remote images when opening HTML message part as attachment -- Improve memory usage when sending mail (closes #1484098) -- Mark messages as read once the preview is loaded (closes #1484132) -- Include smtp final response in log (closes #1484081) -- Corrected date string in sent message header (closes #1484125) -- Correclty choose "To" column in sent and draft mailboxes (closes #1483943) -- Changed srong tooltips for message browse buttons (closes #1483930) -- Fixed signature delimeter character to be standard (Bug #1484035) -- Fixed XSS vulnerability (Bug #1484109) -- Remove newlines from mail headers (Bug #1484031) -- Selection issues when moving/deleting (Bug #1484044) -- Applied patch of Clement Moulin for imap host auto-selection -- ISO-encode IMAP password for plaintext login (Bugs #1483977 & #1483886) -- Fixed folder name encoding in subscription list (Bug #1484113) -- Fixed JS errors in identity list (Bug #1484120) -- Translate foldernames in folder form (closes #1484113) -- Added first and last buttons to message list, address book - and message detail -- Pressing Shift-Del bypasses Trash folder -- Enable purge command for Junk folder -- Fetch all aliases if virtuser_query is used instead -- Re-enabled multi select of contacts (Bug #1484017) -- Enable contact editing right after creation (Bug #1459641) -- Correct UTF-7 to UTF-8 conversion if mbstring is not available -- Fixed IMAP fetch of message body (Bug #1484019) -- Fixed safe_mode problems (Bug #1418381) -- Fixed wrong header encoding (Bug #1483976) -- Made automatic draft saving configurable -- Fixed JS bug when renaming folders (Bug #1483989) -- Added quota display as image (by Brett Patterson) -- Corrected creation of a message-id -- New indentation for quoted message text -- Improved HTML validity -- Fixed URL character set (Ticket #1445501) -- Fixed saving of contact into MySQL from LDAP query results (Ticket #1483820) -- Fixed folder renaming: unsubscribe before rename (Bug #1483920) -- Finalized new message parsing (+ chaching) -- Fixed wrong usage of mbstring (Bug #1462439) -- Set default spelling language (Ticket #1483938) -- Added support for Nox Spell Server -- Re-built message parsing (Bug #1327068) - Now based on the message structure delivered by the IMAP server. -- Fixed some XSS and SQL injection issues -- Fixed charset problems with folder renaming - - - - @@ -1,15 +1,6 @@ RoundCube Webmail (http://roundcube.net) -ATTENTION ---------- -This is just a snapshot of the current SVN repository and is NOT A STABLE -version of RoundCube. Unlike the latest release this version requires PHP 5 -and does not work on a webserver with PHP 4. It's not recommended to -replace an existing installation of RoundCube with this version. Also using -a separate database for this installation is highly recommended. - - Introduction: ------------- RoundCube Webmail is a browser-based multilingual IMAP client with an diff --git a/bin/dumpschema.php b/bin/dumpschema.php deleted file mode 100644 index b9a76e419..000000000 --- a/bin/dumpschema.php +++ /dev/null @@ -1,101 +0,0 @@ -#!/usr/bin/env php -<?php -/* - - +-----------------------------------------------------------------------+ - | bin/dumpschema.php | - | | - | This file is part of the RoundCube Webmail client | - | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland | - | Licensed under the GNU GPL | - | | - | PURPOSE: | - | Dumps database schema in XML format using MDB2_Schema | - | | - +-----------------------------------------------------------------------+ - | Author: Thomas Bruederli <roundcube@gmail.com> | - +-----------------------------------------------------------------------+ - - $Id$ - -*/ - -if (php_sapi_name() != 'cli') { - die('Not on the "shell" (php-cli).'); -} - -define('INSTALL_PATH', realpath(dirname(__FILE__) . '/..') . '/' ); -require INSTALL_PATH.'program/include/iniset.php'; - -/** callback function for schema dump **/ -function print_schema($dump) -{ - foreach ((array)$dump as $part) - echo $dump . "\n"; -} - -$config = new rcube_config(); - -// don't allow public access if not in devel_mode -if (!$config->get('devel_mode') && $_SERVER['REMOTE_ADDR']) { - header("HTTP/1.0 401 Access denied"); - die("Access denied!"); -} - -$options = array( - 'use_transactions' => false, - 'log_line_break' => "\n", - 'idxname_format' => '%s', - 'debug' => false, - 'quote_identifier' => true, - 'force_defaults' => false, - 'portability' => false, -); - -$dsnw = $config->get('db_dsnw'); -$dsn_array = MDB2::parseDSN($dsnw); - -// set options for postgres databases -if ($dsn_array['phptype'] == 'pgsql') { - $options['disable_smart_seqname'] = true; - $options['seqname_format'] = '%s'; -} - -$schema =& MDB2_Schema::factory($dsnw, $options); -$schema->db->supported['transactions'] = false; - - -// send as text/xml when opened in browser -if ($_SERVER['REMOTE_ADDR']) - header('Content-Type: text/xml'); - - -if (PEAR::isError($schema)) { - $error = $schema->getMessage() . ' ' . $schema->getUserInfo(); -} -else { - $dump_config = array( - // 'output_mode' => 'file', - 'output' => 'print_schema', - ); - - $definition = $schema->getDefinitionFromDatabase(); - $definition['charset'] = 'utf8'; - - if (PEAR::isError($definition)) { - $error = $definition->getMessage() . ' ' . $definition->getUserInfo(); - } - else { - $operation = $schema->dumpDatabase($definition, $dump_config, MDB2_SCHEMA_DUMP_STRUCTURE); - if (PEAR::isError($operation)) { - $error = $operation->getMessage() . ' ' . $operation->getUserInfo(); - } - } -} - -$schema->disconnect(); - -if ($error && !$_SERVER['REMOTE_ADDR']) - fputs(STDERR, $error); - -?> diff --git a/bin/makedoc.sh b/bin/makedoc.sh deleted file mode 100755 index 26757c0a7..000000000 --- a/bin/makedoc.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env bash - -if [ -z "$SSH_TTY" ] -then - if [ -z "$DEV_TTY" ] - then - echo "Not on the shell." - exit 1 - fi -fi - -TITLE="RoundCube Classes" -PACKAGES="Core" - -INSTALL_PATH="`dirname $0`/.." -PATH_PROJECT=$INSTALL_PATH/program/include -PATH_DOCS=$INSTALL_PATH/doc/phpdoc -BIN_PHPDOC="`/usr/bin/which phpdoc`" - -if [ ! -x "$BIN_PHPDOC" ] -then - echo "phpdoc not found: $BIN_PHPDOC" - exit 1 -fi - -OUTPUTFORMAT=HTML -CONVERTER=frames -TEMPLATE=earthli -PRIVATE=off - -# make documentation -$BIN_PHPDOC -d $PATH_PROJECT -t $PATH_DOCS -ti "$TITLE" -dn $PACKAGES \ --o $OUTPUTFORMAT:$CONVERTER:$TEMPLATE -pp $PRIVATE - @@ -2,7 +2,7 @@ /* +-------------------------------------------------------------------------+ | RoundCube Webmail IMAP Client | - | Version 0.3-20090814 | + | Version 0.3.1-20091031 | | | | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland | | | diff --git a/program/include/iniset.php b/program/include/iniset.php index 1332c8d0e..a31c5b759 100755 --- a/program/include/iniset.php +++ b/program/include/iniset.php @@ -22,7 +22,7 @@ // application constants -define('RCMAIL_VERSION', '0.3-trunk'); +define('RCMAIL_VERSION', '0.3.1'); define('RCMAIL_CHARSET', 'UTF-8'); define('JS_OBJECT_NAME', 'rcmail'); diff --git a/tests/mailfunc.php b/tests/mailfunc.php deleted file mode 100644 index ae35c5d77..000000000 --- a/tests/mailfunc.php +++ /dev/null @@ -1,119 +0,0 @@ -<?php - -/** - * Test class to test steps/mail/func.inc functions - * - * @package Tests - */ -class rcube_test_mailfunc extends UnitTestCase -{ - - function __construct() - { - $this->UnitTestCase('Mail body rendering tests'); - - // simulate environment to successfully include func.inc - $GLOBALS['RCMAIL'] = $RCMAIL = rcmail::get_instance(); - $GLOBALS['OUTPUT'] = $OUTPUT = $RCMAIL->load_gui(); - $RCMAIL->action = 'spell'; - $IMAP = $RCMAIL->imap; - - require_once 'steps/mail/func.inc'; - - $GLOBALS['EMAIL_ADDRESS_PATTERN'] = $EMAIL_ADDRESS_PATTERN; - } - - /** - * Helper method to create a HTML message part object - */ - function get_html_part($body) - { - $part = new rcube_message_part; - $part->ctype_primary = 'text'; - $part->ctype_secondary = 'html'; - $part->body = file_get_contents(TESTS_DIR . $body); - $part->replaces = array(); - return $part; - } - - /** - * Test sanitization of a "normal" html message - */ - function test_html() - { - $part = $this->get_html_part('src/htmlbody.txt'); - $part->replaces = array('ex1.jpg' => 'part_1.2.jpg', 'ex2.jpg' => 'part_1.2.jpg'); - - // render HTML in normal mode - $html = rcmail_html4inline(rcmail_print_body($part, array('safe' => false)), 'foo'); - - $this->assertPattern('/src="'.$part->replaces['ex1.jpg'].'"/', $html, "Replace reference to inline image"); - $this->assertPattern('#background="./program/blocked.gif"#', $html, "Replace external background image"); - $this->assertNoPattern('/ex3.jpg/', $html, "No references to external images"); - $this->assertNoPattern('/<meta [^>]+>/', $html, "No meta tags allowed"); - $this->assertNoPattern('/<style [^>]+>/', $html, "No style tags allowed"); - $this->assertNoPattern('/<form [^>]+>/', $html, "No form tags allowed"); - $this->assertPattern('/Subscription form/', $html, "Include <form> contents"); - $this->assertPattern('/<!-- input not allowed -->/', $html, "No input elements allowed"); - $this->assertPattern('/<!-- link not allowed -->/', $html, "No external links allowed"); - $this->assertPattern('/<a[^>]+ target="_blank">/', $html, "Set target to _blank"); - $this->assertTrue($GLOBALS['REMOTE_OBJECTS'], "Remote object detected"); - - // render HTML in safe mode - $html2 = rcmail_html4inline(rcmail_print_body($part, array('safe' => true)), 'foo'); - - $this->assertPattern('/<style [^>]+>/', $html2, "Allow styles in safe mode"); - $this->assertPattern('#src="http://evilsite.net/mailings/ex3.jpg"#', $html2, "Allow external images in HTML (safe mode)"); - $this->assertPattern("#url\('http://evilsite.net/newsletter/image/bg/bg-64.jpg'\)#", $html2, "Allow external images in CSS (safe mode)"); - - $css = '<link rel="stylesheet" type="text/css" href="./bin/modcss.php?u='.urlencode('http://anysite.net/styles/mail.css').'&c=foo"'; - $this->assertPattern('#'.preg_quote($css).'#', $html2, "Filter external styleseehts with bin/modcss.php"); - } - - /** - * Test the elimination of some trivial XSS vulnerabilities - */ - function test_html_xss() - { - $part = $this->get_html_part('src/htmlxss.txt'); - $washed = rcmail_print_body($part, array('safe' => true)); - - $this->assertNoPattern('/src="skins/', $washed, "Remove local references"); - $this->assertNoPattern('/\son[a-z]+/', $washed, "Remove on* attributes"); - - $html = rcmail_html4inline($washed, 'foo'); - $this->assertNoPattern('/onclick="return rcmail.command(\'compose\',\'xss@somehost.net\',this)"/', $html, "Clean mailto links"); - $this->assertNoPattern('/alert/', $html, "Remove alerts"); - } - - /** - * Test HTML sanitization to fix the CSS Expression Input Validation Vulnerability - * reported at http://www.securityfocus.com/bid/26800/ - */ - function test_html_xss2() - { - $part = $this->get_html_part('src/BID-26800.txt'); - $washed = rcmail_print_body($part, array('safe' => true)); - - $this->assertNoPattern('/alert|expression|javascript|xss/', $washed, "Remove evil style blocks"); - $this->assertNoPattern('/font-style:italic/', $washed, "Allow valid styles"); - } - - /** - * Test links pattern replacements in plaintext messages - */ - function test_plaintext() - { - $part = new rcube_message_part; - $part->ctype_primary = 'text'; - $part->ctype_secondary = 'plain'; - $part->body = quoted_printable_decode(file_get_contents(TESTS_DIR . 'src/plainbody.txt')); - $html = rcmail_print_body($part, array('safe' => true)); - - $this->assertPattern('/<a href="mailto:nobody@roundcube.net" onclick="return rcmail.command\(\'compose\',\'nobody@roundcube.net\',this\)">nobody@roundcube.net<\/a>/', $html, "Mailto links with onclick"); - $this->assertPattern('#<a href="http://www.apple.com/legal/privacy/" target="_blank">http://www.apple.com/legal/privacy/</a>#', $html, "Links with target=_blank"); - } - -} - -?>
\ No newline at end of file diff --git a/tests/modcss.php b/tests/modcss.php deleted file mode 100644 index f9271ff65..000000000 --- a/tests/modcss.php +++ /dev/null @@ -1,45 +0,0 @@ -<?php - -/** - * Test class to test rcmail_mod_css_styles and XSS vulnerabilites - * - * @package Tests - */ -class rcube_test_modcss extends UnitTestCase -{ - - function __construct() - { - $this->UnitTestCase('CSS modification and vulnerability tests'); - } - - function test_modcss() - { - $css = file_get_contents(TESTS_DIR . 'src/valid.css'); - $mod = rcmail_mod_css_styles($css, 'rcmbody'); - - $this->assertPattern('/#rcmbody div.rcmBody\s+\{/', $mod, "Replace body style definition"); - $this->assertPattern('/#rcmbody h1\s\{/', $mod, "Prefix tag styles (single)"); - $this->assertPattern('/#rcmbody h1, #rcmbody h2, #rcmbody h3, #rcmbody textarea\s+\{/', $mod, "Prefix tag styles (multiple)"); - $this->assertPattern('/#rcmbody \.noscript\s+\{/', $mod, "Prefix class styles"); - } - - function test_xss() - { - $mod = rcmail_mod_css_styles("body.main2cols { background-image: url('../images/leftcol.png'); }", 'rcmbody'); - $this->assertEqual("/* evil! */", $mod, "No url() values allowed"); - - $mod = rcmail_mod_css_styles("@import url('http://localhost/somestuff/css/master.css');", 'rcmbody'); - $this->assertEqual("/* evil! */", $mod, "No import statements"); - - $mod = rcmail_mod_css_styles("left:expression(document.body.offsetWidth-20)", 'rcmbody'); - $this->assertEqual("/* evil! */", $mod, "No expression properties"); - - $mod = rcmail_mod_css_styles("left:exp/* */ression( alert('xss3') )", 'rcmbody'); - $this->assertEqual("/* evil! */", $mod, "Don't allow encoding quirks"); - - $mod = rcmail_mod_css_styles("background:\\0075\\0072\\006c( javascript:alert('xss') )", 'rcmbody'); - $this->assertEqual("/* evil! */", $mod, "Don't allow encoding quirks (2)"); - } - -}
\ No newline at end of file diff --git a/tests/runtests.sh b/tests/runtests.sh deleted file mode 100755 index 04a9a3745..000000000 --- a/tests/runtests.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/env php -<?php - -/* - +-----------------------------------------------------------------------+ - | tests/runtests.sh | - | | - | This file is part of the RoundCube Webmail client | - | Copyright (C) 2009, RoundCube Dev. - Switzerland | - | Licensed under the GNU GPL | - | | - | PURPOSE: | - | Run-script for unit tests based on http://simpletest.org | - | All .php files in this folder will be treated as tests | - +-----------------------------------------------------------------------+ - | Author: Thomas Bruederli <roundcube@gmail.com> | - +-----------------------------------------------------------------------+ - - $Id: $ - -*/ - -if (php_sapi_name() != 'cli') - die("Not in shell mode (php-cli)"); - -if (!defined('SIMPLETEST')) define('SIMPLETEST', '/www/simpletest/'); -if (!defined('INSTALL_PATH')) define('INSTALL_PATH', realpath(dirname(__FILE__) . '/..') . '/' ); - -define('TESTS_DIR', dirname(__FILE__) . '/'); - -require_once(SIMPLETEST . 'unit_tester.php'); -require_once(SIMPLETEST . 'reporter.php'); -require_once(INSTALL_PATH . 'program/include/iniset.php'); - -if (count($_SERVER['argv']) > 1) { - $testfiles = array(); - for ($i=1; $i < count($_SERVER['argv']); $i++) - $testfiles[] = realpath('./' . $_SERVER['argv'][$i]); -} -else { - $testfiles = glob(TESTS_DIR . '*.php'); -} - -$test = new TestSuite('RoundCube unit tests'); -$reporter = new TextReporter(); - -foreach ($testfiles as $fn) { - $test->addTestFile($fn); -} - -$test->run($reporter); - -?>
\ No newline at end of file diff --git a/tests/src/BID-26800.txt b/tests/src/BID-26800.txt deleted file mode 100644 index 513516c09..000000000 --- a/tests/src/BID-26800.txt +++ /dev/null @@ -1,52 +0,0 @@ -<html> -<head> -</head> -<body> -<h1>1 test</h1> -<p><style> block</p> -<style>input { left:expression( alert('expression!') ) }</style> -<style>div { background:url(alert('URL!') ) }</style> - -<h1>2 test</h1> -<p><div> block</p> -<div style="font-style:italic">valid css</div> -<div style="{ left:expression( alert('expression!') ) }"> -<div style="{ background:url( alert('URL!') ) }"> - -<h1>3 test</h1> -<p>Inject comment text</p> -<div style="{ left:exp/* */ression( alert('xss3') ) }"> -<div style="{ background:u/* */rl( alert('xssurl3') ) }"> - -<h1>4 test</h1> -<p>Using reverse solid to directe the codepoint</p> -<div style="{ left:\0065\0078pression( alert('xss4') ) }"> -<div style="{ background:\0075rl( alert('xssurl4') ) }"> - -<h1>5 test</h1> -<p>Character entity references</p> -<p>Character entity references is acceptable in "inline styles"</p> -<div style="{ left:expression( alert('xss') ) }"> -<div style="{ left:expression( alert('xss') ) }"> -<div style="{ background:url( alert('URL!') ) }"> -<div style="{ background:url( alert('URL!') ) }"> -<div style="{ left:expression( alert('xss') ) }"> - -<div style="{ left:..p.....o.( alert('xss') ) }"> -<div style="{ left:../**/pression( alert('xss') ) }"> -<div style="{ left:expʀessioɴ( alert('xss') ) }"> -<div style="{ left:\0065\0078pression( alert('xss') ) }"> -<div style="{ left:ex p ression( alert('xss') ) }"> - -<div style="{ background:...( javascript:alert('xss') ) }"> -<div style="{ background:u/**/rl( javascript:alert('xss') ) }"> -<div style="{ background:\0075\0072\006c( javascript:alert('xss') ) }"> -<div style="{ background:uʀʟ( javascript:alert('xss') ) -}"> -<div style="{ background:\0075\0280l( javascript:alert('xss') -) }"> -<div style="{ background:u r l( javascript:alert('xss') ) }"> - -</body> -</html> - diff --git a/tests/src/htmlbody.txt b/tests/src/htmlbody.txt deleted file mode 100644 index a10bfe10e..000000000 --- a/tests/src/htmlbody.txt +++ /dev/null @@ -1,51 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> -<head> -<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1"> -<title>RoundCube Test Message</title> -<link rel="stylesheet" type="text/css" href="http://anysite.net/styles/mail.css"> -<style type="text/css"> - -p, a { - font-family: Arial, 'Bitstream Vera Sans', Helvetica; - margin-top: 0px; - margin-bottom: 0px; - padding-top: 0px; - padding-bottom: 0px; -} - -</style> -</head> -<body style="margin: 0 0 0 0;"> - -<table width="100%" cellpadding="0" cellspacing="20" style="background-image:url(http://evilsite.net/newsletter/image/bg/bg-64.jpg);background-attachment:fixed;" background="http://evilsite.net/newsletter/image/bg/bg-64.jpg" border="0"> -<tr> -<td> - -<h1>This is a HTML message</h1> - -<p>See nice pictures like the following:</p> - -<div> - <img src="ex1.jpg" width="320" height="320" alt="Example 1"> - <img src="ex2.jpg" width="320" height="320" alt="Example 2"> - <img src="http://evilsite.net/mailings/ex3.jpg" width="320" height="320" alt="Example 3"> -</div> - -<form action="http://evilsite.net/subscribe.php"> - <p>Subscription form</p> - - E-Mail: <input type="text" name="mail" value=""><br/> - <input type="submit" value="Subscribe"> - -</form> - -<p>To unsubscribe click here <a href="http://evilsite.net/unsubscribe.php?mail=foo@bar.com"> or - send a mail to <a href="mailto:unsubscribe@evilsite.net">unsubscribe@evilsite.net</a></p> - -</td> -</tr> -</table> - -</body> -</html>
\ No newline at end of file diff --git a/tests/src/htmlxss.txt b/tests/src/htmlxss.txt deleted file mode 100644 index f6c43e353..000000000 --- a/tests/src/htmlxss.txt +++ /dev/null @@ -1,22 +0,0 @@ -<html> -<body> - -<p><img onLoad.="alert(document.cookie)" src="skins/default/images/roundcube_logo.png" /></p> - -<p><a href="mailto:xss@somehost.net') && alert(document.cookie) || ignore('">mail me!</a> -<a href="http://roundcube.net" target="_self">roundcube.net</a> -<a href="http://roundcube.net" \onmouseover="alert('XSS')">roundcube.net (2)</a> - -</p> - -<div>Brilliant!</div> - -<table><tbody><tr><td background="javascript:alert('XSS')">BBBBBB</td></tr></tbody></table> - -<p> -Have a nice Christmas time.<br /> -Thomas -</p> - -</body> -</html> diff --git a/tests/src/plainbody.txt b/tests/src/plainbody.txt deleted file mode 100644 index 7ebfe429b..000000000 --- a/tests/src/plainbody.txt +++ /dev/null @@ -1,37 +0,0 @@ -From: iPhone Developer Program <noreply-iphonedev@apple.com> -To: nobody@roundcube.net - -*iPhone Developer Program* - ------------------------------------ -iPhone SDK 2.2.1 is now available -https://daw.apple.com/cgi-bin/WebObjects/DSAuthWeb.woa/wa/login?appIdKey=3D= -D635F5C417E087A3B9864DAC5D25920C4E9442C9339FA9277951628F0291F620&path=3D//i= -phone/login.action - -Log in to the iPhone Dev Center to download iPhone SDK for iPhone OS 2.2.1.= - Installation of iPhone SDK 2.2.1 is required for development with devices = -updated to iPhone OS 2.2.1. Please view the Read Me before installing the n= -ew version of the iPhone SDK. - -Log in now -https://daw.apple.com/cgi-bin/WebObjects/DSAuthWeb.woa/wa/login?appIdKey=3D= -D635F5C417E087A3B9864DAC5D25920C4E9442C9339FA9277951628F0291F620&path=3D//i= -phone/login.action - ------------------------------------ -Copyright (c) 2009 Apple Inc. 1 Infinite Loop, MS 303-3DM, Cupertino, CA 95= -014. - -All Rights Reserved -http://www.apple.com/legal/default.html - -Keep Informed -http://www.apple.com/enews/subscribe/ - -Privacy Policy -http://www.apple.com/legal/privacy/ - -My Info -https://myinfo.apple.com/cgi-bin/WebObjects/MyInfo - diff --git a/tests/src/valid.css b/tests/src/valid.css deleted file mode 100644 index 340fa9a87..000000000 --- a/tests/src/valid.css +++ /dev/null @@ -1,30 +0,0 @@ -/** Master style definitions **/ - -body, p, div, h1, h2, h3, textarea { - font-family: "Lucida Grande", Helvetica, sans-serif; - font-size: 8.8pt; - color: #333; -} - -body { - background-color: white; - margin: 0; -} - -h1 { - color: #1F519A; - font-size: 1.7em; - font-weight: normal; - margin-top: 0; - margin-bottom: 1em; -} - -.noscript { - display: none; -} - -.hint, .username { - color: #999; -} - - |