+ file inclusions. [CAN-2005-0075]
+ - Remove Printer Friendly Clean Display config option, the cleaning
+ is now always done.
+ - Create new Options section "Compose Preferences" and move some
+ options from Display Preferences there; also move some around within
+ Display Preferences.
+ - Security: Fix possible file/offsite inclusion in src/webmail.php.
+ [CAN-2005-0103]
+ - Security: Fix possible XSS issues in src/webmail.php. [CAN-2005-0104]
+ - Fix undefined variables in src/webmail.php.
+ - 24hr clock format should include a leading 0.
+ - Removed numeric keys for plugin array in config.php.
+ - Fixed translations of "On DATE, AUTHOR Wrote" and "AUTHOR Wrote" replies.
+ - Added sq_str_pad function for padding of multi-byte strings.
+ - Added sq_strlen function for calculation of multi-byte string length.
+ - Quoted "INBOX" in check for the status of INBOX in a LIST call. Fixes an
+ issue with a specific IMAP server.
+ - Move default_pref to the config/ dir, but keep checking legacy locations
+ first for bc. Do not fail with an error when default_pref not found, just
+ create an empty one.
+ - Add trailing slash for data directory used by global file based address
+ book (#1105760).
+ - Fixed sorting problem is get_squirrel_sort() function (#1115403).
+ - Add "Show Only Subscribed Folders" option to allow users to show all
+ folders instead of only subscribed ones (#1105756, #1105250).
+ - Add workaround for Mercury/32 servers that will subscribe again to
+ an already subscribed folder (#1115409).
+ - Added blank.png for missing image support.
+ - Use the proper attachment filenames in case of forwarding a message.
+ - Fix for #855320 where Outlook Express was creating CID: based URLs,
+ but not assigning a content-id to the attachment. This is a bug in
+ Outlook Express and is non-RFC compliant behaviour.
+ - Strip <outbind://> tags out. This is a Microsoft only protocol and
+ references files local to the sending machine. This causes issues
+ with Internet Explorer.
+ - Replace <img src="outbind://"> links with clean images to stop
+ issues with Internet Explorer not being able to track down the image.
+ - Empty src attribute on img tags causes logouts (IE only), replacing
+ string with blank.png.
+ - Added vmailmgrd backend to change_password plugin.
+ - Fixed change_password_init hook.
+ - Give an error to the user when SquirrelMail is not configured yet
+ (instead of "failed to include config.php").
+ - Added swf and mp3 support to newmail plugin. Restored custom user media
+ support.
+ - Removed unused save_option_header() function from display and compose
+ option includes.
+ - Fixed bug #1124764, view unsafe images inside printer friendly view.
+ - Fixed bug #1032366, remove NUL characters in text attachments on sent.
+ - URL Encode required for string being passed in mailto: links to pass on
+ additional values (cc, body, subject etc).
+ - Fixed bug #801060. Removed option for INBOX in filters plugin as source
+ is always INBOX.
+ - Always show Purge link next to Trash, even when empty.
+ - errors in addressbook_init() function are no longer fatal. If function
+ fails to activate address book backend, it displays error box (with
+ error_box() function). error box can be hidden by setting first
+ function argument to false.
+ - Sanitized search in ldap address book backend. Use of asterisk
+ together with other symbols is not supported.
+ - Added ldap backend to change_password plugin.
+ - Change defaults of some prefs to more sensible / usable settings.
+ - Revise the documentation of the packaged plugins.
+ - Fixed edit form checks in address listing (#1124018).
+ - After sending resumed draft, return to message list.
+ - Parse and replace mailto: links with internal compose links when
+ viewing in HTML format.
+ - Plugins may now define an "extra" array element to return to the attachment
+ types hook, which will be also inserted in the attachment link for the
+ plugin.
+ - Added mouseover row highlighting on message index.
+ - Added <label> for checkboxes on message index (when highlighting is off).
+ - Fixed mailto: parsing in functions/url_parser.php.
+ - Fixed broken signout page (plugins work here again).
+ - Fixed configtest to use correct PostgreSQL connection function
+ (#1166228).
+ - Added configuration option that blocks remote use of
+ src/configtest.php by default.
+ - Fixed ldap checks in configtest.php.
+ - Added configuration option that controls listing of global file based
+ address book.
+ - Fixed administrator's plugin breaks related to latest sqGetGlobalVar()
+ and $plugins array changes.
+ - Included local configuration file in config.php generated by
+ administrator's plugin.
+ - Updated the Filters plugin to comply with our Plugin Standards.
+ - Fixed Filters plugin problems with duplicate rule processing and false
+ unread message counts (Bug# 676073 and patch #919045).
+ - Strip position:absolute style from HTML mails.
+ - Add ability to the Filters plugin to filter on Message Body, or both
+ the Headers and the Message Body.
+ - Update the message copy and move functions to allow for error handling.
+ - Fix the filter plugin from halting the login process when copying errors
+ occur.
+ - Clean up the folder management (create, rename, subscribe) code.
+ - Added filtering support to address book LDAP backend (#539534). Thanks
+ to Tim Bell.
+ - Added domain scope limit controls to address book LDAP backend. Issue
+ is specific to Microsoft ADS (#1035454). Thanks to Michael Brown.
+ - Missing PHP LDAP extension errors are now handled by ldap backend and
+ errors are displayed after address book initialization.
+ - LDAP connections are opened during search and not during address book
+ initialization.
+ - Fixed wrapping of multibyte strings in message view and replies
+ (#1043576).
+ - mbstring internal encoding is switched to ASCII, if mbstring.func_overload
+ is enabled (#929644).
+ - Fixed checking for quota when appending to Sent folder (#1172694).
+ - Create a generic function to empty a folder tree, thanks to
+ Randy Smith (#1145578).
+ - Add robots noindex/nofollow meta tag to SquirrelMail generated pages.
+ - Fix incorrect folder hierarchy display (#1009654), thanks
+ Awais Ahmad for the patch (#1082558).
+ - src/delete_message.php script is disabled. It provided functions that
+ could be implemented without playing with multiple redirects.
+ - Remove lots of obsoleted code from left_main.php.
+ - Partial support of IMAP REFERRAL: do not fail on IMAP REFERRAL response
+ (RFC 2221) but log the user out with a hint. Patch by Ariel Arjona
+ (#1006242).
+ - Fixed SquirrelMail language cookie detection in php register_globals=off.
+ - If default SquirrelMail language is set to empty string, interface will
+ try to follow browser's HTTP_ACCEPT_LANGUAGE header or fallback to en_US
+ (#764709).
+ - If From: field is unset in an email, header object for from field is not
+ correctly set, and generates an error on reply (#1179754).
+ - Add Cancel button to addressbook (#1180565).
+ - RFC 2046: Send mixed messages with multipart/alternative nested boundaries
+ with correct boundary strings.
+ - EXPERIMENTAL: Mailbox listing converted to templated layout. Added
+ template support functions and classes. Rewrote some page header and
+ mailbox listing functions. Disabled 'show_recipient_instead' option.
+ Added more columns to mailbox listing and index order options.
+ - Removed sort by internal date option. Now you can use the Received column
+ in the index order option page for that.
+ - WARNING: if same user data storage location is used to store SquirrelMail
+ 1.4.x and 1.5.1+ user settings, SquirrelMail 1.5.1+ will reset mailbox
+ display order (Options->Index Options) in stable. Backup your data before
+ testing 1.5.1+ or use different storage location.
+ - Added experimental iframe sandbox for display of html formated emails.
+ - Disabled LOGINDISABLED check in src/login.php when IMAP server mapping is
+ used.
+ - Check destination folder in mail_fetch plugin before storing messages
+ in it. Modify destination folder, if it is renamed or deleted within
+ SquirrelMail (#584658).
+ - Made the Flags column a required column in the index order options page to
+ prohibit missing seen/unseen info in the messages list.
+ - Fixed disabled prev/next links in the message display when you reach the
+ end of the page (message set).
+ - Moved delete button to the right in the message list.
+ - Fixed imap capability detection in bug_report plugin. It was broken
+ when IMAP TLS was enabled or imap server mapping was used.
+ - Added mail_fetch plugin configuration file and moved plugin functions
+ from setup.php to functions.php file.
+ - SquirrelSpell plugin was modified to use standard SquirrelMail
+ preference system. User dictionaries that are stored in $username.words
+ files should be automatically updated to new format, when user logs in.
+ Fixed possible php script errors caused by $SQSPELL_APP configuration
+ variable changes. Removed $SQSPELL_EREG configuration option. Plugin's
+ version increased to 0.5.
+ - $skip_SM_header option was replaced with $encode_header_key and
+ $hide_auth_header options. First option allows to encode user's information
+ with provided encryption key (set in 2. Server settings -> B. Update SMTP /
+ Sendmail settings). Second option allows to disable authenticated user part
+ in Received: header, when user can't force used email address. It is set in
+ 4. General Options -> 9. Allow editing of identity.
+ - Added dovecot preset to configuration utility.
+ - Modified mercury32 preset in order to remove INBOX prefix in mercury32 4.01.
+ - Added peardb backend to change_password plugin.
+ - Tweak IMAP connection error display (#1203154).
+ - Gracefully recover from over quota error while sending a mail (#1145144).
+ - Fix get_identities() for the case where the user has not set an email
+ address: use the fallback $username@$domain that's used in compose aswell.
+ - Fix "Include me in CC on Reply All" for the case where email address was
+ not set in the prefs (#781202, #1093363).
+ - Move documentation for SquirrelMail developers to doc/Development.
+ - Added id attribute support to form functions. It can be used for Section
+ 508 or WAI fixes. Original idea and patch by dugan <at> passwall.com.
+ - Fixed broken attachments caused by inconsistency of PHP chunk_split().
+ Thanks to Roalt Zijlstra.
+ - Identity code was not checking for domain part in username before setting
+ email address (Bug #1219184).
+ - Disallow access to the administrator plugin screens when the plugin is
+ not enabled in the config.
+ - Security: fix several cross site scripting (XSS) attacks. Thanks go to
+ Martijn Brinkers for finding a lot of these. [CAN-2005-1769]
+ - Update COPYING with new address of the FSF.
+ - Fixed missing quote character when trying to build cid: urls.
+ - Added address listing functions and listing controls to address
+ book LDAP backend. Blocked wildcard searches in file and database
+ backends when listing is disabled (#529563).
+ - Some LDAP address book backend configuration options (listing
+ controls, filtering, scope limit) are moved to 'advanced
+ configuration' subsection.
+ - Javascript relied on rg=1 in the login page to force focus to
+ password box if username was supplied as a url arg (#1222617).
+ - Fix variable typo in parseFetch which caused IMAP errors on Exchange.
+ Thanks Christian Froemmel.
+ - Added Bluesome theme by Saku Lehtiö (#1188209).
+ - Rewrite of advanced identity handlying to remove stupid extraction
+ of all post variables. [CAN-2005-2095]
+ - Added StartTLS support to address book LDAP backend (#1197703). Patch
+ by John Lane.
+ - Added subtree/one level search options to address book LDAP backend
+ (#1212618).
+ - Added Simple Green 2 and Simple Purple themes by Vicky Pyne (#1217066
+ and #1217069).
+
+Version 1.5.0 - 2 February 2004
+-------------------------------