summaryrefslogtreecommitdiff
path: root/program/lib/Roundcube/rcube_utils.php
AgeCommit message (Collapse)Author
2014-03-26Remove usage of $RCMAIL global variableFelix Eckhofer
2014-03-26Add config variable 'proxy_whitelist'Felix Eckhofer
HTTP headers X_FORWARDED_* and X_REAL_IP are only evaluated when received from an IP listed in proxy_whitelist. Furthermore, only the last non-trusted IP from X-Forwarded-For is used in place of the real ip. Without this, an attacker can easily spoof the headers and control the result of the ip or ssl check. This fixes several problems with [3a4c9f42], [4d480b36] and [a520f331] as mentioned in #1489729.
2014-02-07Fix directories check in Installer on Windows (#1489576)Aleksander Machniak
Added rcube_utils::is_absolute_path() method
2013-12-20Fix PHP warning when 1st argument of parse_host() is not a string (#1489486)Aleksander Machniak
2013-12-17Fix handling of X-Forwarded-For header with multiple addresses (#1489481)Aleksander Machniak
2013-12-12In normalize_string() replace 4-byte unicode characters with '?' character.Aleksander Machniak
These are not supported in default utf-8 charset on mysql, the chance we'd need them in searching is very low.
2013-10-28Fixed saving contact birthday/anniversary dates before 01-01-1970Aleksander Machniak
2013-10-26Fix CSS selector modifications when nested in @media blocksThomas Bruederli
2013-10-13Some micro-optimizationsAleksander Machniak
2013-10-12Fix infinite loop in rcube_utils::mod_css_styles() after recent changes in ↵Aleksander Machniak
rcube_string_replacer
2013-10-04Fixed issues where HTML comments inside style tag would hang Internet ExplorerAleksander Machniak
2013-10-03Improved mailto: link arguments handling (#1489363)Aleksander Machniak
2013-09-10Improve handling of date strings and DateTime values in contactsThomas Bruederli
2013-08-24Fix handling of non-default date formats (#1489294)Aleksander Machniak
- remove ambiguous m/d/Y format from default config
2013-07-17Respect HTTP_X_FORWARDED_FOR and HTTP_X_REAL_IP variables for session IP checkThomas Bruederli
2013-06-20Canonize boolean ini_get() results (#1489189)Aleksander Machniak
2013-05-28Add more rcube_utils testsAleksander Machniak
2013-05-28Improve rcube_utils::file2class() to not return duplicatesAleksander Machniak
2013-05-07Avoid uninitialized/unused variablesAleksander Machniak
2013-04-15Fix parsing invalid date string (#1489035)Aleksander Machniak
2013-01-23Use the right variable for IPv6 checkThomas Bruederli
2012-12-18Cleanup, remove file paths from docAleksander Machniak
2012-11-27Separate the very application-specific output classes from the Roundcube ↵Thomas Bruederli
framework; add autoloader for rmail* classes
2012-11-21Framework files moved to lib/RoundcubeAleksander Machniak