summaryrefslogtreecommitdiff
path: root/index.php
AgeCommit message (Collapse)Author
2014-12-16Improve system security by using optional special URL with security tokenAleksander Machniak
Allows to define separate server/path for image/js/css files Fix bugs where CSRF attacks were still possible on some requests
2014-10-14Fix login error message display broken in b51de327Thomas Bruederli
2014-10-14Display custom error messages from plugins hooks (as documented in the API spec)Thomas Bruederli
2014-08-27Give precedence to plugin.* actions over custom tasks registered by pluginsThomas Bruederli
2014-08-04Add option (disabled_actions) to disable UI elements/actions (#1489638)Aleksander Machniak
2014-07-09Warn for unsent/unsaved message when closing compose window; remove ↵Thomas Bruederli
localStorage copy if page was left intentionally but not on session errors (#1489818)
2014-07-08Remove obsolete code that disables session check on 'send' actionAleksander Machniak
2014-06-09Send X-UA-Compatible as HTTP header instead of meta tagAleksander Machniak
2014-05-12Small code improvementAleksander Machniak
2014-03-19Bump version number to 1.1-gitAleksander Machniak
2014-02-21Prevent from "Call to undefined method rcmail_output_json::add_footer()" errorAleksander Machniak
2014-01-01CS fixesAleksander Machniak
2013-11-10First version of the local storage compose data saving feature; some ↵Thomas Bruederli
behavioral improvements and encrytion are still to be added
2013-10-21Send last fetch time with 'refresh' requests and allow plugins to alter ↵Thomas Bruederli
query parameters of http requests
2013-09-02Log also failed logins to userlogins logAleksander Machniak
2013-07-12Allow to load config files for different environments (#1487311); keep ↵Thomas Bruederli
(non-default) filename in URLs throughout the webmail app
2013-04-24Fix error when using check_referer=trueAleksander Machniak
2013-03-15Bump version number up to 1.0-gitAleksander Machniak
2013-01-09Welcome to 2013Thomas Bruederli
2012-11-12Plugin API: Add 'refresh' hookAleksander Machniak
2012-11-11Added cross-task 'refresh' request for system state updatesAleksander Machniak
2012-08-08- Fix (disable) request validation for spell and spell_html actionsAleksander Machniak
Consider action whitelist also for ajax requests
2012-08-08- Check request tokens also in devel_modeAleksander Machniak
2012-07-05Plugin API: Add 'unauthenticated' hook (#1488138)Aleksander Machniak
2012-06-30Show explicit error message when provided hostname is invalid (#1488550)Aleksander Machniak
2012-05-22Removed $Id$Aleksander Machniak
2012-05-09Also, the license commentsBrian Ronald
2012-04-26- Fix redirect to mail/compose on re-login (1488226)alecpl
2012-04-16- Framework refactoring (I hope it's the last one):alecpl
rcube,rcmail,rcube_ui -> rcube,rcmail,rcube_utils renamed main.inc into rcube_bc.inc
2012-04-13- Merge devel-framework branch, resolved conflictsalecpl
2012-01-18Changed license to GNU GPLv3+ with exceptions for skins and pluginsthomascube
2012-01-16Merged devel-framework branch (r5746:5779) back into trunkthomascube
2012-01-03- Move some checks into login() methodalecpl
2011-12-07- Remove deprecated global $IMAP variable usage (#1488148)alecpl
2011-11-24- Change version number to 0.8-svnalecpl
2011-10-30Allow cross-task ajax requeststhomascube
2011-10-07- Plugin API: added 'ready' hook (#1488073)alecpl
2011-09-29We're on the road towards 0.7 nowthomascube
2011-09-23- Make the whole PHP output non-cacheable (#1487797)alecpl
2011-08-24Fix r5117: don't show error on default login pagethomascube
2011-08-24Don't rely on rcmail->task for session error check; use _REQUEST data insteadthomascube
2011-07-30Don't show session error message on logoutthomascube
2011-07-30Log session validation errors; keep error message when redirecting to login ↵thomascube
after session error
2011-05-24Let plugins hook into keep-alive requeststhomascube
2011-05-02Default action for plugin tasks is 'index'thomascube
2011-04-20- Improve performance by including files with absolute path (#1487849) alecpl
2011-03-22Revert r4609 and use stateless request tokens; no need to save them in ↵thomascube
session and thus no keep-alive necessary; fixes #1487829
2011-03-15Keep session alive while showing login page (request token is stored in ↵thomascube
session data)
2011-03-08- small code cleanupalecpl
2011-03-08- Performance improvement: Remove redundant DELETE query (for old session ↵alecpl
deletion) on login