summaryrefslogtreecommitdiff
path: root/program
AgeCommit message (Collapse)Author
2013-10-17Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)Aleksander Machniak
Conflicts: CHANGELOG program/lib/Roundcube/rcube_plugin_api.php program/steps/utils/save_pref.inc
2013-03-27Bump version for 0.8.6 releasev0.8.60.8.6Thomas Bruederli
2013-03-27Sanity check the file path for generic message footer before adding itThomas Bruederli
2013-03-27Whitelist configuration options (user preferences) that can be changed using ↵Aleksander Machniak
save-pref command Conflicts: program/lib/Roundcube/rcube_plugin.php program/lib/Roundcube/rcube_plugin_api.php
2013-02-10Properly quote form validation error messagesThomas Bruederli
2013-01-25Bump version to 0.8.5v0.8.5Thomas Bruederli
2013-01-25Merge branch 'release-0.8' of github.com:roundcube/roundcubemail into ↵Thomas Bruederli
release-0.8
2012-12-15Fix escaping of add-contact arguments - fixes JS error in IEAleksander Machniak
2012-12-05Add workaround for IE<=8 bug where Content-Disposition:inline was ignored ↵Aleksander Machniak
(#1488844)
2012-12-04- Fix XSS vulnerability in vbscript: and data:text links handling (#1488850)Aleksander Machniak
Conflicts: CHANGELOG tests/MailFunc.php
2012-11-27Don't open application/x-shockwave-flash files in browser (quick fix for XSS ↵Thomas Bruederli
reported in #148882)
2012-11-27Fix deleting of collapsed threads, broken in ↵Aleksander Machniak
2b55d4f4204bdb8c97865e01b960c1d1f23ac0b7 (#1488772)
2012-11-25Fix redundant colon after last address in print modeAleksander Machniak
2012-11-23Fix selection of collapsed thread rows (#1488772)Aleksander Machniak
Conflicts: CHANGELOG
2012-11-23Fix wrapping of quoted text with format=flowed (#1488177)Aleksander Machniak
Conflicts: CHANGELOG program/include/rcube_mime.php
2012-11-23Fix cache (in)validation after setting \Deleted flagAleksander Machniak
2012-11-23Fix keybord events on messages list in opera browser (#1488823)Aleksander Machniak
Conflicts: CHANGELOG
2012-11-14Fix XSS vulnerability in handling of text/enriched messages (#1488806)v0.8.4Aleksander Machniak
2012-11-14Bump version to 0.8.4Thomas Bruederli
2012-11-13Fix handling of 'media' attribute on linked css (#1488789)Aleksander Machniak
Conflicts: CHANGELOG
2012-11-12Fix regression where unintentional page reload was done after request abort ↵Aleksander Machniak
(#1488802)
2012-11-12Fix excessive LFs at the end of composed message with top_posting=true ↵Aleksander Machniak
(#1488797) Conflicts: CHANGELOG
2012-11-11Fix bug where leading blanks were stripped from quoted lines (#1488795)Aleksander Machniak
Conflicts: CHANGELOG
2012-11-10Bump version to 0.8.3v0.8.3Thomas Bruederli
2012-11-08Fix AREA links handling (#1488792)Aleksander Machniak
Conflicts: CHANGELOG
2012-11-05Fixed rcube_imap_generic::uncompressMessageSet() result when argument is ↵Aleksander Machniak
empty. Added tests. Conflicts: tests/Framework/ImapGeneric.php
2012-11-03Fix count display after inserting a new contactThomas Bruederli
2012-10-31Merge pull request #41 from linagora/release-0.8Thomas B.
Grancefully handle SSO redirects on Ajax requests
2012-10-31Fix possible HTTP DoS on error in keep-alive requests (#1488782)Aleksander Machniak
Conflicts: CHANGELOG
2012-10-30Grancefully handle SSO redirections on Ajax requestsjkornobis
On some SSO systems, when the SSO session is expired, the system intercept HTTP requests and send a 302 "Found" HTTP code to the login page. This patch handle this case in Roundcube Ajax requests, to redirect to the SSO login page. Note that request.status don't have the 302 code (at least on Firefox), so we have to check the response headers for a Location field and redirect manually.
2012-10-29fix call to MDB2::isError for MDB2 2.5.0b4Remi Collet
2012-10-25Add deprecated alias clear_mailbox()Aleksander Machniak
2012-10-22Convert all identity headers into the desired message charsetThomas Bruederli
2012-10-22Fix a bug where saving a message in INBOX wasn't possibleAleksander Machniak
2012-10-22Fix HTML part detection in messages with attachments (#1488769)Aleksander Machniak
2012-10-21Fixed undefined global variableAleksander Machniak
2012-10-20Fix bug where wrong words were highlighted on spell-before-send checkAleksander Machniak
Conflicts: CHANGELOG
2012-10-17Fix the fix for empty text parts handling (#1488757)Aleksander Machniak
2012-10-16Fix post-filtering vlv results, fixes warning "mb_strtolower() expects ↵Aleksander Machniak
parameter 1 to be a string, array given" Conflicts: program/include/rcube_ldap.php
2012-10-15Better fix for headers decoding problem: fetch them as raw and let ↵Thomas Bruederli
rcube_mime::decode_address_list() do the job right
2012-10-15Fix header charset decoding when opening a draft messageThomas Bruederli
2012-10-12Fix displaying of multipart/alternative messages with empty parts (#1488750)Aleksander Machniak
Conflicts: CHANGELOG
2012-10-11Fix threaded list sorting on PHP < 5.2.9 (#1488748)Aleksander Machniak
Conflicts: CHANGELOG
2012-10-04Fix HTTP User-Agent XSS vulnerability (#1488737)Thomas Bruederli
2012-10-04Consider colspan attributes when adding table cells/rowsThomas Bruederli
2012-10-04Bump version for next releaseThomas Bruederli
2012-10-04Updated translations from launchpadThomas Bruederli
2012-10-02Backported commit 10467e8a5957 and other improvementsThomas Bruederli
2012-10-02Fix broken script after failed mergeThomas Bruederli
2012-10-02Let the skin limit the number of visible recipeints and place a link to show ↵Thomas Bruederli
them all in a dialog (better fix for #1488590)