*** SquirrelMail Devel Series 1.5 ***
*************************************
-Version 1.5.1 -- CVS
---------------------
+Version 1.5.2 - CVS
+-------------------
+ - Fix warning about array required in array_keys for display options when no
+ fontset is defined.
+ - Added "bad plugin" blacklist in configtest.php.
+ - Fix MagicHTML fix with respect to parsing of u\rl in IE.
+ - Added monitored folders option to newmail plugin.
+ - Tweaked STARTTLS option for SMTP/IMAP to allow previous settings of just
+ pure TLS not to be used to assume STARTTLS.
+ - Fixed quotes in configuration strings in administrator plugin.
+ - Fixed View as HTML link so it doesn't forget it was part of a seach result.
+ - Don't use delimiter in IMAP subscription command, when noselect folder is
+ created.
+ - Security: Possible cookie theft in src/redirect.php if
+ register_globals is enabled, and malicous site is running
+ in same domain.
+ - Stop URL parsing, if 8bit symbols or HTML entities are detected (#1356798).
+ - Added new color themes by Jeremy Landes, Tammi Maggard and Lucas Austin-Howe
+ (#1378332), (#1377567), (#1377529), (#1377528), (#1377527), (#1377526),
+ (#1377525), (#1393188).
+ - Issue loading options page always loaded the prefs
+ initial_value on display, instead of the users' value.
+ - Adding the message_body hook to src/view_html.php and src/view_text.php,
+ allowing display of unsafe images when viewing HTML attachments and when
+ HTML is in an <iframe>.
+ - Fixed from address in case of MDN receipts (patch from Dimitar Pashev)
+ - Advanced tree folder listing is moved to templates. $advanced_tree
+ configuration variable is removed.
+ - Added system locale tests to configtest.php script.
+ - Fixed invalid HTML output that caused error notices in compose.php (#1454409).
+ - Introduction of centralised initialization file init.php. Location of some
+ scripts is changed. If code tries to use older script layout, scripts will
+ break and display error messages.
+ - Added session regenrate id functionality to prohibit session hijacking.
+ - Fixed sqsession_cookie function for setting HttpOnly cookie attribute.
+ - Reduce references header in a smart way to avoid "header too long"
+ errors from SMTP servers in really long threads (#1167754, #1465342).
+ - Added code that allows to use internal password functions in sqimap_login().
+ Switched plugins to use this code instead of accessing key and otp information
+ directly.
+ - Fixed automatic mailbox creation in left_main.php. 1.5.1 mailbox caching
+ broke detection of unsubscribed special folders (#1461578).
+ - Undo extra sanitizing in decodeHeader() function (#1460638).
+ - Added workaround for broken OpenBSD 3.8+ setlocale() function (#1427512).
+ - Fixed session lockups on large attachment downloads.
+ - Added configtest hook in src/configtest.php.
+ - Improved error handling for the help pages.
+ - Fixed possibility to use single quote in provider name (#1475744).
+ - Improve recovery when EHLO not supported on legacy SMTP servers
+ (#1031455).
+ - Added error handling and $onlylocal argument to abook_init hook.
+ - Added PHP 5.1.0 date_default_timezone_set() function support. Allows
+ to use time zone settings in PHP safe_mode.
+ - Sanitized IMAP folder names in error_message() function and filters plugin.
+ - Take X-Forwarded-Host HTTP header in consideration when constructing
+ base_uri for redirects; reduces problems with transparent proxies
+ (#1488590).
+ - Fixed server capability retrieval for "double" cases in capability
+ response, like "FOO FOO=bar".
+ - Various address book database backend modifications. Fixed invalid
+ error checks in insert() and delete() methods (checks caused PHP
+ warnings). Turned on Pear DB field case portability mode. Escaped SQL
+ wildcards in search() method. Handle nickname changes in modify()
+ method when new nickname is already in use. Made search expressions
+ case insensitive in search() method.
+ - Added special folder (Drafts, Sent, Trash) translations in mailbox
+ tree and folder selection boxes.
+ - Added write support to address book LDAP backend. Patch by David
+ Hardeman (#1495763).
+ - Added message copy options.
+ - Removed html formating from address book backend classes. Added
+ fullname() method to addressbook_backend class. Moved
+ htmlspecialchars() sanitizing from address book backend classes to
+ html output code. If third party code displays errors from address
+ book object in html, errors must be sanitized and ASCII line feeds
+ should be converted to html line breaks.
+ - Add note to conf.pl / config_default.php to warn users that set
+ sensitive passwords in that file to properly secure it.
+ - Prevent modifications in advanced identities, when editing of
+ identities is disabled.
+ - Configuration utility does not allow 8bit symbols in IMAP folder names
+ (#1485501).
+ - Address book file backend will break with error message, if required
+ address book fields are not available. Prevents address book corruption
+ and address book format violations that can cause PHP notices.
+ - Added line length setting in local_file address book backend (#1181561).
+
+Version 1.5.1 (branched on 2006-02-12)
+--------------------------------------
- New reply citation to include date and author.
- Security: Fix some possible XSS bugs.
- Norwegian Bokmal translation uses nb_NO.
- Integrated Msg_Flags plugin - turn on/off icons using configuration tool,
menu number 11 (Tweaks), option number 3, after which users must select an
- icon theme in Options/Display Preferences.
+ icon theme in Options/Display Preferences.
"Flag"/"Unflag" buttons are implemented as separate plugin.
- Added Farsi and Tagalog translation support.
- Enabled Ukrainian and Russian-Ukrainian support
- Added sort by message size.
- Security: Fixed XSS vulnerability in content-type display in the attachment
area of read_body.php discovered by Roman Medina.
+ - Removed src/move_messages.php, move_before_move and move_messages_button_action
+ hooks. Mailbox listing actions should be handled by src/right_main.php and
+ functions/mailbox_display.php hooks.
- Get alternating row colors of addressbook in sync with mailbox list.
- Give proper error when PEAR DB not found.
- Remove inappropriate strip_tags() from add-to-addressbook (#968475).
- Prefs caching didn't work properly with register_globals off (#995102).
- Security: fix SQL injection vulnerability in addressbook.
- [CAN-2004-0521]
+ [CVE-2004-0521]
- Removed html_top and html_bottom hooks. No longer used/needed.
- Added "trailing text" for options built by SquirrelMail (text placed
after text and select list inputs on options pages)
- Fix bug when Saving to Draft folder that contains special characters.
- Added size limit to signatures saved in file backend. Created
error_option_save function, that allows sending error message to options
- page. Thanks to Martynas.
- Bieliauskas for spotting big signature "option".
+ page. Thanks to Martynas Bieliauskas for spotting big signature "option".
- Make SquirrelSpell work with safe_mode enabled, if using PHP >=4.3.0.
Patch by Ray Ferguson.
- Make IP-address in Message-ID RFC822 compliant.
8bit symbols. (provides fix for #934033).
- Fixed decoding function problems when mbstring.func_override has
MB_OVERLOAD_REGEX enabled.
- - Security: Fixed XSS exploit in decodeHeader function. [CAN-2004-1036]
+ - Security: Fixed XSS exploit in decodeHeader function. [CVE-2004-1036]
- Added site configuration and custom translation engine support to translate
plugin.
- Fixed SquirrelSpell error output. Patch courtesy David Boone.
- Max upload file size now correctly handles a '-1' value, meaning
unlimited. (#1094569).
- Security: Added hook for Preferences Backend to resolve potential
- file inclusions. [CAN-2005-0075]
+ file inclusions. [CVE-2005-0075]
- Remove Printer Friendly Clean Display config option, the cleaning
is now always done.
- Create new Options section "Compose Preferences" and move some
options from Display Preferences there; also move some around within
Display Preferences.
- Security: Fix possible file/offsite inclusion in src/webmail.php.
- [CAN-2005-0103]
- - Security: Fix possible XSS issues in src/webmail.php. [CAN-2005-0104]
+ [CVE-2005-0103]
+ - Security: Fix possible XSS issues in src/webmail.php. [CVE-2005-0104]
- Fix undefined variables in src/webmail.php.
- 24hr clock format should include a leading 0.
- Removed numeric keys for plugin array in config.php.
is always INBOX.
- Always show Purge link next to Trash, even when empty.
- errors in addressbook_init() function are no longer fatal. If function
- fails to activate address book backend, it displays error box (with
+ fails to activate address book backend, it displays error box (with
error_box() function). error box can be hidden by setting first
function argument to false.
- - Sanitized search in ldap address book backend. Use of asterisk
+ - Sanitized search in ldap address book backend. Use of asterisk
together with other symbols is not supported.
- Added ldap backend to change_password plugin.
- Change defaults of some prefs to more sensible / usable settings.
- Revise the documentation of the packaged plugins.
- Fixed edit form checks in address listing (#1124018).
- After sending resumed draft, return to message list.
- - Parse and replace mailto: links with internal compose links when
+ - Parse and replace mailto: links with internal compose links when
viewing in HTML format.
- Plugins may now define an "extra" array element to return to the attachment
types hook, which will be also inserted in the attachment link for the
is specific to Microsoft ADS (#1035454). Thanks to Michael Brown.
- Missing PHP LDAP extension errors are now handled by ldap backend and
errors are displayed after address book initialization.
- - LDAP connections are opened during search and not during address book
+ - LDAP connections are opened during search and not during address book
initialization.
- - Fixed wrapping of multibyte strings in message view and replies
+ - Fixed wrapping of multibyte strings in message view and replies
(#1043576).
- mbstring internal encoding is switched to ASCII, if mbstring.func_overload
is enabled (#929644).
(RFC 2221) but log the user out with a hint. Patch by Ariel Arjona
(#1006242).
- Fixed SquirrelMail language cookie detection in php register_globals=off.
- - If default SquirrelMail language is set to empty string, interface will
+ - If default SquirrelMail language is set to empty string, interface will
try to follow browser's HTTP_ACCEPT_LANGUAGE header or fallback to en_US
(#764709).
- If From: field is unset in an email, header object for from field is not
- Add Cancel button to addressbook (#1180565).
- RFC 2046: Send mixed messages with multipart/alternative nested boundaries
with correct boundary strings.
- - WARNING: if same user data storage location is used to store SquirrelMail
+ - EXPERIMENTAL: Mailbox listing converted to templated layout. Added
+ template support functions and classes. Rewrote some page header and
+ mailbox listing functions. Disabled 'show_recipient_instead' option.
+ Added more columns to mailbox listing and index order options.
+ - Removed sort by internal date option. Now you can use the Received column
+ in the index order option page for that.
+ - WARNING: if same user data storage location is used to store SquirrelMail
1.4.x and 1.5.1+ user settings, SquirrelMail 1.5.1+ will reset mailbox
display order (Options->Index Options) in stable. Backup your data before
testing 1.5.1+ or use different storage location.
-
+ - Added experimental iframe sandbox for display of html formated emails.
+ - Disabled LOGINDISABLED check in src/login.php when IMAP server mapping is
+ used.
+ - Check destination folder in mail_fetch plugin before storing messages
+ in it. Modify destination folder, if it is renamed or deleted within
+ SquirrelMail (#584658).
+ - Made the Flags column a required column in the index order options page to
+ prohibit missing seen/unseen info in the messages list.
+ - Fixed disabled prev/next links in the message display when you reach the
+ end of the page (message set).
+ - Moved delete button to the right in the message list.
+ - Fixed imap capability detection in bug_report plugin. It was broken
+ when IMAP TLS was enabled or imap server mapping was used.
+ - Added mail_fetch plugin configuration file and moved plugin functions
+ from setup.php to functions.php file.
+ - SquirrelSpell plugin was modified to use standard SquirrelMail
+ preference system. User dictionaries that are stored in $username.words
+ files should be automatically updated to new format, when user logs in.
+ Fixed possible php script errors caused by $SQSPELL_APP configuration
+ variable changes. Removed $SQSPELL_EREG configuration option. Plugin's
+ version increased to 0.5.
+ - $skip_SM_header option was replaced with $encode_header_key and
+ $hide_auth_header options. First option allows to encode user's information
+ with provided encryption key (set in 2. Server settings -> B. Update SMTP /
+ Sendmail settings). Second option allows to disable authenticated user part
+ in Received: header, when user can't forge used email address. It is set in
+ 4. General Options -> 9. Allow editing of identity.
+ - Added dovecot preset to configuration utility.
+ - Modified mercury32 preset in order to remove INBOX prefix in mercury32 4.01.
+ - Added peardb backend to change_password plugin.
+ - Tweak IMAP connection error display (#1203154).
+ - Gracefully recover from over quota error while sending a mail (#1145144).
+ - Fix get_identities() for the case where the user has not set an email
+ address: use the fallback $username@$domain that's used in compose aswell.
+ - Fix "Include me in CC on Reply All" for the case where email address was
+ not set in the prefs (#781202, #1093363).
+ - Move documentation for SquirrelMail developers to doc/Development.
+ - Added id attribute support to form functions. It can be used for Section
+ 508 or WAI fixes. Original idea and patch by dugan <at> passwall.com.
+ - Fixed broken attachments caused by inconsistency of PHP chunk_split().
+ Thanks to Roalt Zijlstra.
+ - Identity code was not checking for domain part in username before setting
+ email address (Bug #1219184).
+ - Disallow access to the administrator plugin screens when the plugin is
+ not enabled in the config.
+ - Security: fix several cross site scripting (XSS) attacks. Thanks go to
+ Martijn Brinkers for finding a lot of these. [CVE-2005-1769]
+ - Update COPYING with new address of the FSF.
+ - Fixed missing quote character when trying to build cid: urls.
+ - Added address listing functions and listing controls to address
+ book LDAP backend. Blocked wildcard searches in file and database
+ backends when listing is disabled (#529563).
+ - Some LDAP address book backend configuration options (listing
+ controls, filtering, scope limit) are moved to 'advanced
+ configuration' subsection.
+ - Javascript relied on rg=1 in the login page to force focus to
+ password box if username was supplied as a url arg (#1222617).
+ - Fix variable typo in parseFetch which caused IMAP errors on Exchange.
+ Thanks Christian Froemmel.
+ - Added Bluesome theme by Saku Lehtiö (#1188209).
+ - Rewrite of advanced identity handlying to remove stupid extraction
+ of all post variables. [CVE-2005-2095]
+ - Added StartTLS support to address book LDAP backend (#1197703). Patch
+ by John Lane.
+ - Added subtree/one level search options to address book LDAP backend
+ (#1212618).
+ - Added Simple Green 2 and Simple Purple themes by Vicky Pyne (#1217066
+ and #1217069).
+ - sqimap_messages_delete|copy|flag and sqimap_get_small_header()
+ functions are removed from SquirrelMail IMAP API. Use sqimap_msgs_*
+ and sqimap_get_small_header_list() functions instead.
+ - Fix for bad cache on massive expunge/delete/move operations.
+ - Moved time zone configuration from locale/timezones.cfg to php array.
+ Adds time zone name localization options and fixes problems on systems
+ that don't support GNU C time zone mappings (#1177067).
+ - Use default color theme in logout_error function when possible.
+ - Fixes for increased error checking in PHP 5.0.5+ array_shift() (#1237160).
+ - Added extra checks in delivery class for In-Reply-To header. Fixes
+ E_NOTICE level warnings in php 5.0.4 and later (#1206474). [php5]
+ - Added extra checks in SquirrelMail charset_encode() function in case
+ somebody removes HTML to US-ASCII conversion library (#1239782).
+ - Fixed invalid reference in src/download.php. E_NOTICE level warnings
+ could corrupt attachments in php 4.4.0.
+ - Added internal dgettext() and dngettext() functions.
+ - Added display of attachments on printer friendly page.
+ - Added custom error handling class and related functions.
+ - Added option to disable upload of sounds in newmail plugin.
+ - Removed full URL from sound file preferences in newmail plugin
+ (#1233530).
+ - Stripped BaseDN from nicknames in address book's ldap_server backend.
+ - Fixed error handling in SquirrelSpell plugin. sprintf and gettext
+ formating errors in check_me.mod. Reported by Edward Chapman.
+ - Translations are loaded automatically from locale/<localename>/setup.php
+ files (#1240889).
+ - Allow configure to be ran from any directory, thanks Ceri Davies.
+ - Removed $available_languages configuration option. List is limited to
+ installed translations. Similar feature is implemented in limit_languages
+ plugin.
+ - Don't load plugins/administrator/auth.php during plugin initiation.
+ - Removed function references from address book database backend class,
+ list_addr(), lookup() and search() functions. Referenced lookup()
+ function caused E_NOTICE warnings in php 4.4.0. Reported by Cor Bosman.
+ - Test to ensure folder exists before attempting to delete it, otherwise
+ IMAP server will return an error.
+ - Added $save_html argument to charset_decode() function in order to be
+ able to convert html formated mails to different character set. Initial
+ patch by Peter Draganov (#1195232). Fixed display of html formated emails
+ in formatBody() function (#1258925).
+ - login_form hook changed from do_hook to concat_hook_function in order to
+ place form elements before login button (#1245070).
+ - Forwarding broken when not using compose in new window (#1222436).
+ - Drop data/ dir from distributed tarball.
+ - Readded options_identity_process and options_identity_renumber hooks
+ broken by CVE-2005-2095 fixes.
+ - Removed duplicate generic_header hook call in src/right_main.php (#1269189).
+ - Removed other special folders from rename/delete/unsubscribe folder forms.
+ Suggested by Florian Daumling.
+ - Focus on compose screen no longer shifts automatically if user has manually
+ focused somewhere herself.
+ - Running SquirrelMail with PHP register_globals = on will cause fatal error
+ in src/configtest.php.
+ - Added field size controls to database preference backend (#1233721).
+ - Added bincimap preset (#1285099).
+ - Fixed IMAP search command in filters plugin. Command was breaking
+ sqimap_mailbox_exists() check. Reported by Daniel Watts.
+ - Fixed decoding of quoted-printable text in decodeBody function.
+ Reported by João Carlos Mendes Luís.
+ - Added CR trimming to SquirrelSpell plugin in order to fix problems on
+ Windows systems.
+ - Sanitized names displayed in address book listing.
+ - Added extra field controls to address book class.
+ - HttpOnly cookie support (cookies inaccessible by JS). This will protect
+ IE6 browsers.
+ - Rare case of session being destroyed causing PHP errors, so ensure session
+ is restarted.
+ - If you don't have any filters defined, and spam filters are disabled, no
+ point issuing a STATUS call on INBOX for the filters plugin.
+ - Added folder filtering controls to SMOPT_TYPE_FLDRLIST option widget.
+ - Security: Fixed possible XSS issue in search feature. Issue was
+ originally resolved in stable, but changes not migrated forward.
+ - Update the cached mailbox header with the \Answered flag in case of an
+ reply.
+ - Added site configuration options to bug_report plugin. Plugin is available
+ only to interface administrators by default. See more information in
+ plugins/bug_report/README file.
+ - E_NOTICE and unlink error message if user hits delete multiple times
+ before compose page has reloaded.
+ - Undefined variable in rare case in view_header.php
+ - Variable by reference fix in printer_friendly_bottom.php.
+ - Undefined index in addressbook backends.
+ - sqimap_utf7_decode_mbx_tree returns variables by reference, rather than a
+ return value (#1351822)
+ - Make test for IE6 in SendDownloadHeaders also match versions higher
+ than 6 (#1339211).
+ - Allow double quote to be used in MOTD (#1276959).
+ - Prevent right_frame to be set to '//www.example.com'.
+ - Tweak printer friendly attachment view.
+ - Added new compose_send_after hook.
+ - Added new scheme to allow multiple plugins to share the onsubmit handler
+ for the compose form from the compose_form hook. See plugin.txt for more
+ information.
+ - Support for LIST-SUBSCRIBED extension. This speeds up the retrieval of
+ the subscribed mailbox-list.
+ - Properly clean up temporary attachment files when saving as Draft
+ (#1358407) and fix attachment cleaning code on logout.
+ - Fixed error message in addressbook.php lookup (#1351825).
+ - Fixed incorrect curly escape in sqimap_append(). Error triggered by PHP 5.1
+ bugfix (#1366982).
+ - Fixed ContentType object check in Rfc822Header class. E_NOTICE error
+ in PHP 5.1.
+ - Key value being overwritten by reuse of var in filters plugin.
+ - Add doc/security.txt with some hints for a more secure installation.
+ - Added sqauth_read_password() and sqauth_save_password() functions.
+ - Unset global GET, POST and COOKIE variables registered in PHP
+ register_globals=on setups.
+ - Capabilities array now contains all multivalue information provided
+ by the IMAP server. (Such as THREAD=SORT, THREAD=REFERENCES).
+ - Inclusion of Compatibility plugin automatic (no patch needed for plugin)
+ - Moved sqm_baseuri() into more centralized location (strings.php)
+ - Introduced $sendmail_args configuration variable in order to control
+ /usr/sbin/sendmail command arguments (#1365779). Deliver_SendMail class was
+ modified to provide support of $sendmail_args. Modifications broke backwards
+ compatibility with qmail-inject workarounds.
+ - Added execution error handling in Deliver_SendMail class (#1374174).
+ - Sanitized Draft folder error message in compose.
+ - Fixed character wrapping/encoding issues in Japanese translation (#1377622).
+ Issue is specific to sqBodyWrap() and string function wrappers introduced in
+ 1.5.1.
+ - Security: MagicHTML fix for comments in styles which allowed
+ for cross site scripting when using Internet Explorer
+ [CVE-2006-0195].
+ - Added 'mail' and 'sn' attributes to address book LDAP backend search
+ expression (#1368154).
+ - Added mailbox caching code by Michael Long.
+ - Prevent output of whitespace during plugin activation. Fixes possible
+ attachment corruption by incorrectly coded plugins.
+ - Fixed data sanitizing in calendar plugin (#1291081)(#705796).
+ - Security: Prohibit imap injection attempts (reported by Vicente Aguilera)
+ [CVE-2006-0377].
+ - Don't move messages in sqimap_msgs_list_move() function call, when target
+ mailbox is same as source mailbox. Adds fifth argument to
+ sqimap_msgs_list_move() function. Fixes possible issues on MacOS Cyrus
+ IMAP server (#1409453).
+ - Style sheets are moved to template.
+ - displayHtmlHeader() function call sends http headers in order to prevent
+ page caching.
+ - Added Template set selection.
+ - Merged patch from Steve Brown to transform current templates to css
+ based templates.
+ - Added footer template to every page.
+ - Added experimental IMAP and SMTP STARTTLS extension support.
+ - Security: Fix possible cross site scripting through the right_main
+ parameter of webmail.php. This now uses a whitelist of acceptable
+ values. [CVE-2006-0188]
+ - Disabled display of regexp compilation errors in local_file address
+ book backend.
+ - DOCTYPE tags are switched from quirks to standard compliance mode.
+ - Improved error reporting concerning THREAD, SORT and BADCHARSET.
+ - Added options to disable THREAD and SORT extension.
+ - Fixed mailbox cache issues caused by using prev/next links in
+ read_body.php.
+ - Added View as HTML support to the SquirrelMail core.
+ - Fixed bug #550557.
+ - Applied status cache patch created by Michael Long.
+ - Updated newmail plugin to make use of status cache (Michael Long)
+ - Added RECENT check to left_main.php to bold the unseen message string if
+ there are recent messages.
+ - Fixed search query in filters.php, now we respect the imap continuation
+ request (Michael Long).
+ - Fixed bug in digest message view where the from name disappeared after
+ opening a digest message.
+ - Fixed checkall link in case javascript was disabled.
+ - Rewrite of thread parsing code in order to improve performance.
+ - Adapted message squisher function to gain performance.
+ - Fixed bug #1093360, skip untagged NO responses in APPEND query.
+
Version 1.5.0 - 2 February 2004
-------------------------------
- Added new preference that determines cursor focus when replying
was wrong (appearing to the user that the wrong messages were attached).
Closes #772371.
- Fix that when user has no theme preference set, Alien Glow would be selected under
- display preferences in stead of Default.
+ display preferences instead of Default.
- Updated 'action' to be 'smaction' so that plugins can modify the submit/action of
forms. This was suggested for the gpg plugin, but might be useful elsewhere.
- Add support for Mail-Followup-To header.
- new function sqimap_msgs_list_move() to replace sqimap_msgs_list_copy()
- sqimap_msgs_list_copy() no longer deletes messages copied.
- Workaround for Mozilla bug #200412 in order to show multipart/related html mail.
- - Fix for disapearing '0' from decoded strings (bug #784193)
+ - Fix for disappearing '0' from decoded strings (bug #784193).
- Replace all session_start() calls with sqsession_is_active() to be compatible
with upcoming PHP 4.3.3.
- Encoding of Russian translation changed to utf-8. Lithuanian translation changed
- Integration of delete_move_next plugin into core.
- Compression of buttons/headers for message index and message body
- New option to save replies in the same folder as the original message.
+ - Remove possible unneeded IMAP call for NAMESPACE if it was saved in the
+ session (suggestion by Michael Long).
**************************************
- Moved the generic_header hook back to page_header.php. bug #554278
- Make default theme work. Bug #557313, thanks Tyler Bannister.
-
Version 1.2.7 -- June 21 2002
-----------------------------
- fix for 'compose as new' link. bug #554886
- Added a server-side sorting global option
- Compose in new window size can be set in Display prefs.
- Logout error system unified.
- - Security: Fix for a "theme passed as cookie" exploit. [CAN-2002-0516]
+ - Security: Fix for a "theme passed as cookie" exploit. [CVE-2002-0516]
- PostgreSQL is now supported for database backed use
- Added user option to sort messages by internal date
- Changed attachment handling now attachments are adressed to
Version 1.0.5 -- April 17, 2001
-------------------------------
- MAJOR security issues addressed. Please upgrade as soon as possible.
- [CAN-2001-1159]
+ [CVE-2001-1159]
- Downloading attachments should work better due to a tip by Ray Black III.
- Fixed bug with drop-down folder list not containing INBOX
- Added Swedish help files Teemu Junnila <teejun@vallcom.com>
- Better escaped string handling from POST variables
- Many more code cleanups and optimizations
- Added Hungarian translation by Teemu Junnila <teejun@vallcom.com>
- - Added Icelandic translation by Karl Heiðar <karlh@macho.is>
+ - Added Icelandic translation by Karl Hei�r <karlh@macho.is>
- Updated Taiwan translation
- Updated Swedish translation
- Updated Finnish translation