diff options
-rw-r--r-- | CHANGELOG | 2 | ||||
-rw-r--r-- | installer/check.php | 12 | ||||
-rw-r--r-- | plugins/password/config.inc.php.dist | 10 | ||||
-rw-r--r-- | plugins/password/drivers/sql.php | 41 | ||||
-rw-r--r-- | program/include/rcube_imap.php | 7 | ||||
-rw-r--r-- | program/js/app.js | 2 | ||||
-rw-r--r-- | skins/classic/includes/messagetoolbar.html | 2 | ||||
-rw-r--r-- | skins/larry/includes/mailtoolbar.html | 2 |
8 files changed, 59 insertions, 19 deletions
@@ -2,6 +2,8 @@ CHANGELOG Roundcube Webmail =========================== - Use IMAP BINARY (RFC3516) extension to fetch message/part bodies +- Fix folder creation under public namespace root (#1488665) +- Fix so "Edit as new" on draft creates a new message (#1488687) - Fix invalid error message on deleting mail from read only folder (#1488694) - Fix error where session wasn't updated after folder rename/delete (#1488692) - Replace data URIs of images (pasted in HTML editor) with inline attachments (#1488502) diff --git a/installer/check.php b/installer/check.php index 52460bb0f..d6c9f5c40 100644 --- a/installer/check.php +++ b/installer/check.php @@ -35,12 +35,12 @@ $ini_checks = array( 'suhosin.session.encrypt' => 0, 'magic_quotes_runtime' => 0, 'magic_quotes_sybase' => 0, + 'date.timezone' => '-NOTEMPTY-', ); $optional_checks = array( // required for utils/modcss.inc, should we require this? 'allow_url_fopen' => 1, - 'date.timezone' => '-NOTEMPTY-', ); $source_urls = array( @@ -171,7 +171,15 @@ foreach ($ini_checks as $var => $val) { $status = ini_get($var); if ($val === '-NOTEMPTY-') { if (empty($status)) { - $RCI->fail($var, "cannot be empty and needs to be set"); + $RCI->fail($var, "empty value detected"); + } else if ($var == 'date.timezone') { + try { + $tz = new DateTimeZone($status); + $RCI->pass($var); + } + catch (Exception $e) { + $RCI->fail($var, "invalid value detected: $status"); + } } else { $RCI->pass($var); } diff --git a/plugins/password/config.inc.php.dist b/plugins/password/config.inc.php.dist index 37c79315d..8d7b433af 100644 --- a/plugins/password/config.inc.php.dist +++ b/plugins/password/config.inc.php.dist @@ -36,7 +36,8 @@ $rcmail_config['password_db_dsn'] = ''; // The query can contain the following macros that will be expanded as follows: // %p is replaced with the plaintext new password // %c is replaced with the crypt version of the new password, MD5 if available -// otherwise DES. +// otherwise DES. More hash function can be enabled using the password_crypt_hash +// configuration parameter. // %D is replaced with the dovecotpw-crypted version of the new password // %o is replaced with the password before the change // %n is replaced with the hashed version of the new password @@ -51,6 +52,13 @@ $rcmail_config['password_db_dsn'] = ''; // Default: "SELECT update_passwd(%c, %u)" $rcmail_config['password_query'] = 'SELECT update_passwd(%c, %u)'; +// By default the crypt() function which is used to create the '%c' +// parameter uses the md5 algorithm. To use different algorithms +// you can choose between: des, md5, blowfish, sha256, sha512. +// Before using other hash functions than des or md5 please make sure +// your operating system supports the other hash functions. +$rcmail_config['password_crypt_hash'] = 'md5'; + // By default domains in variables are using unicode. // Enable this option to use punycoded names $rcmail_config['password_idn_ascii'] = false; diff --git a/plugins/password/drivers/sql.php b/plugins/password/drivers/sql.php index 449e2df5b..8bdcabf83 100644 --- a/plugins/password/drivers/sql.php +++ b/plugins/password/drivers/sql.php @@ -40,13 +40,38 @@ class rcube_sql_password // crypted password if (strpos($sql, '%c') !== FALSE) { $salt = ''; - if (CRYPT_MD5) { - // Always use eight salt characters for MD5 (#1488136) - $len = 8; - } else if (CRYPT_STD_DES) { - $len = 2; - } else { - return PASSWORD_CRYPT_ERROR; + + if (!($crypt_hash = $rcmail->config->get('password_crypt_hash'))) + { + if (CRYPT_MD5) + $crypt_hash = 'md5'; + else if (CRYPT_STD_DES) + $crypt_hash = 'des'; + } + + switch ($crypt_hash) + { + case 'md5': + $len = 8; + $salt_hashindicator = '$1$'; + break; + case 'des': + $len = 2; + break; + case 'blowfish': + $len = 22; + $salt_hashindicator = '$2a$'; + break; + case 'sha256': + $len = 16; + $salt_hashindicator = '$5$'; + break; + case 'sha512': + $len = 16; + $salt_hashindicator = '$6$'; + break; + default: + return PASSWORD_CRYPT_ERROR; } //Restrict the character set used as salt (#1488136) @@ -55,7 +80,7 @@ class rcube_sql_password $salt .= $seedchars[rand(0, 63)]; } - $sql = str_replace('%c', $db->quote(crypt($passwd, CRYPT_MD5 ? '$1$'.$salt.'$' : $salt)), $sql); + $sql = str_replace('%c', $db->quote(crypt($passwd, $salt_hashindicator ? $salt_hashindicator .$salt.'$' : $salt)), $sql); } // dovecotpw diff --git a/program/include/rcube_imap.php b/program/include/rcube_imap.php index 0b2f84d4f..ebf31d578 100644 --- a/program/include/rcube_imap.php +++ b/program/include/rcube_imap.php @@ -3297,11 +3297,8 @@ class rcube_imap extends rcube_storage } // Get folder rights (MYRIGHTS) - if ($acl && !$options['noselect']) { - // skip shared roots - if (!$options['is_root'] || $options['namespace'] == 'personal') { - $options['rights'] = (array)$this->my_rights($folder); - } + if ($acl && ($rights = $this->my_rights($folder))) { + $options['rights'] = $rights; } // Set 'norename' flag diff --git a/program/js/app.js b/program/js/app.js index 48de21764..2182a2b88 100644 --- a/program/js/app.js +++ b/program/js/app.js @@ -669,7 +669,7 @@ function rcube_webmail() this.load_identity(props, 'edit-identity'); else if (this.task == 'mail' && (cid = this.get_single_uid())) { url = { _mbox: this.env.mailbox }; - url[this.env.mailbox == this.env.drafts_mailbox ? '_draft_uid' : '_uid'] = cid; + url[this.env.mailbox == this.env.drafts_mailbox && props != 'new' ? '_draft_uid' : '_uid'] = cid; this.goto_url('compose', url, true); } break; diff --git a/skins/classic/includes/messagetoolbar.html b/skins/classic/includes/messagetoolbar.html index 3f4995b83..ecaf8f79b 100644 --- a/skins/classic/includes/messagetoolbar.html +++ b/skins/classic/includes/messagetoolbar.html @@ -45,7 +45,7 @@ <ul class="toolbarmenu"> <li><roundcube:button class="printlink" command="print" label="printmessage" classAct="printlink active" /></li> <li><roundcube:button class="downloadlink" command="download" label="emlsave" classAct="downloadlink active" /></li> - <li><roundcube:button class="editlink" command="edit" label="editasnew" classAct="editlink active" /></li> + <li><roundcube:button class="editlink" command="edit" prop="new" label="editasnew" classAct="editlink active" /></li> <li class="separator_below"><roundcube:button class="sourcelink" command="viewsource" label="viewsource" classAct="sourcelink active" /></li> <li><roundcube:button class="openlink" command="open" label="openinextwin" target="_blank" classAct="openlink active" /></li> <roundcube:container name="messagemenu" id="messagemenu" /> diff --git a/skins/larry/includes/mailtoolbar.html b/skins/larry/includes/mailtoolbar.html index f750e061a..60cebe01b 100644 --- a/skins/larry/includes/mailtoolbar.html +++ b/skins/larry/includes/mailtoolbar.html @@ -37,7 +37,7 @@ <ul class="toolbarmenu iconized"> <li><roundcube:button command="print" label="printmessage" class="icon" classAct="icon active" innerclass="icon print" /></li> <li><roundcube:button command="download" label="emlsave" class="icon" classAct="icon active" innerclass="icon download" /></li> - <li><roundcube:button command="edit" label="editasnew" class="icon" classAct="icon active" innerclass="icon edit" /></li> + <li><roundcube:button command="edit" prop="new" label="editasnew" class="icon" classAct="icon active" innerclass="icon edit" /></li> <li><roundcube:button command="viewsource" label="viewsource" class="icon" classAct="icon active" innerclass="icon viewsource" /></li> <li><roundcube:button command="open" label="openinextwin" target="_blank" class="icon" classAct="icon active" innerclass="icon extwin" /></li> <roundcube:container name="messagemenu" id="messagemenu" /> |