Age | Commit message (Collapse) | Author |
|
(#1489746)
|
|
|
|
(#1489595)
Conflicts:
CHANGELOG
|
|
|
|
(#1489819)
We also skip ajax request in such a case. We assume "empty" here means "with no text excluding whitespace".
Conflicts:
program/js/app.js
|
|
|
|
- Move DDL script execution code to rcube_db class(es).
- Improve prefix replacement code, so index names are also modified
|
|
|
|
HTTP headers X_FORWARDED_* and X_REAL_IP are only evaluated when
received from an IP listed in proxy_whitelist. Furthermore, only the
last non-trusted IP from X-Forwarded-For is used in place of the real
ip.
Without this, an attacker can easily spoof the headers and control the
result of the ip or ssl check.
This fixes several problems with [3a4c9f42], [4d480b36] and [a520f331] as
mentioned in #1489729.
Conflicts:
CHANGELOG
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Conflicts:
tests/Framework/Washtml.php
|
|
|
|
after return from mail view (#1489774)
Conflicts:
CHANGELOG
|
|
Conflicts:
CHANGELOG
|
|
|
|
|
|
|
|
(#1489634)
|
|
(#1489627)
|
|
Conflicts:
CHANGELOG
|
|
|
|
|
|
Added rcube_utils::is_absolute_path() method
|
|
|
|
Conflicts:
tests/Framework/Browser.php
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(#1489507)
|
|
|
|
|
|
(#1488768)
|
|
|
|
|
|
refresh (#1485186)
|