Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-03-26 | Remove usage of $RCMAIL global variable | Felix Eckhofer | |
2014-03-26 | Add config variable 'proxy_whitelist' | Felix Eckhofer | |
HTTP headers X_FORWARDED_* and X_REAL_IP are only evaluated when received from an IP listed in proxy_whitelist. Furthermore, only the last non-trusted IP from X-Forwarded-For is used in place of the real ip. Without this, an attacker can easily spoof the headers and control the result of the ip or ssl check. This fixes several problems with [3a4c9f42], [4d480b36] and [a520f331] as mentioned in #1489729. | |||
2014-02-07 | Fix directories check in Installer on Windows (#1489576) | Aleksander Machniak | |
Added rcube_utils::is_absolute_path() method | |||
2013-12-20 | Fix PHP warning when 1st argument of parse_host() is not a string (#1489486) | Aleksander Machniak | |
2013-12-17 | Fix handling of X-Forwarded-For header with multiple addresses (#1489481) | Aleksander Machniak | |
2013-12-12 | In normalize_string() replace 4-byte unicode characters with '?' character. | Aleksander Machniak | |
These are not supported in default utf-8 charset on mysql, the chance we'd need them in searching is very low. | |||
2013-10-28 | Fixed saving contact birthday/anniversary dates before 01-01-1970 | Aleksander Machniak | |
2013-10-26 | Fix CSS selector modifications when nested in @media blocks | Thomas Bruederli | |
2013-10-13 | Some micro-optimizations | Aleksander Machniak | |
2013-10-12 | Fix infinite loop in rcube_utils::mod_css_styles() after recent changes in ↵ | Aleksander Machniak | |
rcube_string_replacer | |||
2013-10-04 | Fixed issues where HTML comments inside style tag would hang Internet Explorer | Aleksander Machniak | |
2013-10-03 | Improved mailto: link arguments handling (#1489363) | Aleksander Machniak | |
2013-09-10 | Improve handling of date strings and DateTime values in contacts | Thomas Bruederli | |
2013-08-24 | Fix handling of non-default date formats (#1489294) | Aleksander Machniak | |
- remove ambiguous m/d/Y format from default config | |||
2013-07-17 | Respect HTTP_X_FORWARDED_FOR and HTTP_X_REAL_IP variables for session IP check | Thomas Bruederli | |
2013-06-20 | Canonize boolean ini_get() results (#1489189) | Aleksander Machniak | |
2013-05-28 | Add more rcube_utils tests | Aleksander Machniak | |
2013-05-28 | Improve rcube_utils::file2class() to not return duplicates | Aleksander Machniak | |
2013-05-07 | Avoid uninitialized/unused variables | Aleksander Machniak | |
2013-04-15 | Fix parsing invalid date string (#1489035) | Aleksander Machniak | |
2013-01-23 | Use the right variable for IPv6 check | Thomas Bruederli | |
2012-12-18 | Cleanup, remove file paths from doc | Aleksander Machniak | |
2012-11-27 | Separate the very application-specific output classes from the Roundcube ↵ | Thomas Bruederli | |
framework; add autoloader for rmail* classes | |||
2012-11-21 | Framework files moved to lib/Roundcube | Aleksander Machniak | |