summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG2
-rw-r--r--installer/check.php12
-rw-r--r--plugins/password/config.inc.php.dist10
-rw-r--r--plugins/password/drivers/sql.php41
-rw-r--r--program/include/rcube_imap.php7
-rw-r--r--program/js/app.js2
-rw-r--r--skins/classic/includes/messagetoolbar.html2
-rw-r--r--skins/larry/includes/mailtoolbar.html2
8 files changed, 59 insertions, 19 deletions
diff --git a/CHANGELOG b/CHANGELOG
index babd05368..ce8547dd9 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -2,6 +2,8 @@ CHANGELOG Roundcube Webmail
===========================
- Use IMAP BINARY (RFC3516) extension to fetch message/part bodies
+- Fix folder creation under public namespace root (#1488665)
+- Fix so "Edit as new" on draft creates a new message (#1488687)
- Fix invalid error message on deleting mail from read only folder (#1488694)
- Fix error where session wasn't updated after folder rename/delete (#1488692)
- Replace data URIs of images (pasted in HTML editor) with inline attachments (#1488502)
diff --git a/installer/check.php b/installer/check.php
index 52460bb0f..d6c9f5c40 100644
--- a/installer/check.php
+++ b/installer/check.php
@@ -35,12 +35,12 @@ $ini_checks = array(
'suhosin.session.encrypt' => 0,
'magic_quotes_runtime' => 0,
'magic_quotes_sybase' => 0,
+ 'date.timezone' => '-NOTEMPTY-',
);
$optional_checks = array(
// required for utils/modcss.inc, should we require this?
'allow_url_fopen' => 1,
- 'date.timezone' => '-NOTEMPTY-',
);
$source_urls = array(
@@ -171,7 +171,15 @@ foreach ($ini_checks as $var => $val) {
$status = ini_get($var);
if ($val === '-NOTEMPTY-') {
if (empty($status)) {
- $RCI->fail($var, "cannot be empty and needs to be set");
+ $RCI->fail($var, "empty value detected");
+ } else if ($var == 'date.timezone') {
+ try {
+ $tz = new DateTimeZone($status);
+ $RCI->pass($var);
+ }
+ catch (Exception $e) {
+ $RCI->fail($var, "invalid value detected: $status");
+ }
} else {
$RCI->pass($var);
}
diff --git a/plugins/password/config.inc.php.dist b/plugins/password/config.inc.php.dist
index 37c79315d..8d7b433af 100644
--- a/plugins/password/config.inc.php.dist
+++ b/plugins/password/config.inc.php.dist
@@ -36,7 +36,8 @@ $rcmail_config['password_db_dsn'] = '';
// The query can contain the following macros that will be expanded as follows:
// %p is replaced with the plaintext new password
// %c is replaced with the crypt version of the new password, MD5 if available
-// otherwise DES.
+// otherwise DES. More hash function can be enabled using the password_crypt_hash
+// configuration parameter.
// %D is replaced with the dovecotpw-crypted version of the new password
// %o is replaced with the password before the change
// %n is replaced with the hashed version of the new password
@@ -51,6 +52,13 @@ $rcmail_config['password_db_dsn'] = '';
// Default: "SELECT update_passwd(%c, %u)"
$rcmail_config['password_query'] = 'SELECT update_passwd(%c, %u)';
+// By default the crypt() function which is used to create the '%c'
+// parameter uses the md5 algorithm. To use different algorithms
+// you can choose between: des, md5, blowfish, sha256, sha512.
+// Before using other hash functions than des or md5 please make sure
+// your operating system supports the other hash functions.
+$rcmail_config['password_crypt_hash'] = 'md5';
+
// By default domains in variables are using unicode.
// Enable this option to use punycoded names
$rcmail_config['password_idn_ascii'] = false;
diff --git a/plugins/password/drivers/sql.php b/plugins/password/drivers/sql.php
index 449e2df5b..8bdcabf83 100644
--- a/plugins/password/drivers/sql.php
+++ b/plugins/password/drivers/sql.php
@@ -40,13 +40,38 @@ class rcube_sql_password
// crypted password
if (strpos($sql, '%c') !== FALSE) {
$salt = '';
- if (CRYPT_MD5) {
- // Always use eight salt characters for MD5 (#1488136)
- $len = 8;
- } else if (CRYPT_STD_DES) {
- $len = 2;
- } else {
- return PASSWORD_CRYPT_ERROR;
+
+ if (!($crypt_hash = $rcmail->config->get('password_crypt_hash')))
+ {
+ if (CRYPT_MD5)
+ $crypt_hash = 'md5';
+ else if (CRYPT_STD_DES)
+ $crypt_hash = 'des';
+ }
+
+ switch ($crypt_hash)
+ {
+ case 'md5':
+ $len = 8;
+ $salt_hashindicator = '$1$';
+ break;
+ case 'des':
+ $len = 2;
+ break;
+ case 'blowfish':
+ $len = 22;
+ $salt_hashindicator = '$2a$';
+ break;
+ case 'sha256':
+ $len = 16;
+ $salt_hashindicator = '$5$';
+ break;
+ case 'sha512':
+ $len = 16;
+ $salt_hashindicator = '$6$';
+ break;
+ default:
+ return PASSWORD_CRYPT_ERROR;
}
//Restrict the character set used as salt (#1488136)
@@ -55,7 +80,7 @@ class rcube_sql_password
$salt .= $seedchars[rand(0, 63)];
}
- $sql = str_replace('%c', $db->quote(crypt($passwd, CRYPT_MD5 ? '$1$'.$salt.'$' : $salt)), $sql);
+ $sql = str_replace('%c', $db->quote(crypt($passwd, $salt_hashindicator ? $salt_hashindicator .$salt.'$' : $salt)), $sql);
}
// dovecotpw
diff --git a/program/include/rcube_imap.php b/program/include/rcube_imap.php
index 0b2f84d4f..ebf31d578 100644
--- a/program/include/rcube_imap.php
+++ b/program/include/rcube_imap.php
@@ -3297,11 +3297,8 @@ class rcube_imap extends rcube_storage
}
// Get folder rights (MYRIGHTS)
- if ($acl && !$options['noselect']) {
- // skip shared roots
- if (!$options['is_root'] || $options['namespace'] == 'personal') {
- $options['rights'] = (array)$this->my_rights($folder);
- }
+ if ($acl && ($rights = $this->my_rights($folder))) {
+ $options['rights'] = $rights;
}
// Set 'norename' flag
diff --git a/program/js/app.js b/program/js/app.js
index 48de21764..2182a2b88 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -669,7 +669,7 @@ function rcube_webmail()
this.load_identity(props, 'edit-identity');
else if (this.task == 'mail' && (cid = this.get_single_uid())) {
url = { _mbox: this.env.mailbox };
- url[this.env.mailbox == this.env.drafts_mailbox ? '_draft_uid' : '_uid'] = cid;
+ url[this.env.mailbox == this.env.drafts_mailbox && props != 'new' ? '_draft_uid' : '_uid'] = cid;
this.goto_url('compose', url, true);
}
break;
diff --git a/skins/classic/includes/messagetoolbar.html b/skins/classic/includes/messagetoolbar.html
index 3f4995b83..ecaf8f79b 100644
--- a/skins/classic/includes/messagetoolbar.html
+++ b/skins/classic/includes/messagetoolbar.html
@@ -45,7 +45,7 @@
<ul class="toolbarmenu">
<li><roundcube:button class="printlink" command="print" label="printmessage" classAct="printlink active" /></li>
<li><roundcube:button class="downloadlink" command="download" label="emlsave" classAct="downloadlink active" /></li>
- <li><roundcube:button class="editlink" command="edit" label="editasnew" classAct="editlink active" /></li>
+ <li><roundcube:button class="editlink" command="edit" prop="new" label="editasnew" classAct="editlink active" /></li>
<li class="separator_below"><roundcube:button class="sourcelink" command="viewsource" label="viewsource" classAct="sourcelink active" /></li>
<li><roundcube:button class="openlink" command="open" label="openinextwin" target="_blank" classAct="openlink active" /></li>
<roundcube:container name="messagemenu" id="messagemenu" />
diff --git a/skins/larry/includes/mailtoolbar.html b/skins/larry/includes/mailtoolbar.html
index f750e061a..60cebe01b 100644
--- a/skins/larry/includes/mailtoolbar.html
+++ b/skins/larry/includes/mailtoolbar.html
@@ -37,7 +37,7 @@
<ul class="toolbarmenu iconized">
<li><roundcube:button command="print" label="printmessage" class="icon" classAct="icon active" innerclass="icon print" /></li>
<li><roundcube:button command="download" label="emlsave" class="icon" classAct="icon active" innerclass="icon download" /></li>
- <li><roundcube:button command="edit" label="editasnew" class="icon" classAct="icon active" innerclass="icon edit" /></li>
+ <li><roundcube:button command="edit" prop="new" label="editasnew" class="icon" classAct="icon active" innerclass="icon edit" /></li>
<li><roundcube:button command="viewsource" label="viewsource" class="icon" classAct="icon active" innerclass="icon viewsource" /></li>
<li><roundcube:button command="open" label="openinextwin" target="_blank" class="icon" classAct="icon active" innerclass="icon extwin" /></li>
<roundcube:container name="messagemenu" id="messagemenu" />