X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=ChangeLog;h=e0c68ed8e757ac6208da37dcdd782124a2e6f4de;hb=adc95714898a61d43f776e21ab3281411a2a3d39;hp=37b8cf2975ca1522f826ee01b62acdb1fe01c5a9;hpb=a123157f8f69b6edf2d053970a73d6c4bcf1e890;p=squirrelmail.git diff --git a/ChangeLog b/ChangeLog index 37b8cf29..e0c68ed8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -66,6 +66,25 @@ Version 1.5.1 -- CVS - Get alternating row colors of addressbook in sync with mailbox list. - Give proper error when PEAR DB not found. - Remove inappropriate strip_tags() from add-to-addressbook (#968475). + - Prefs caching didn't work properly with register_globals off (#995102). + - Security: fix SQL injection vulnerability in addressbook + (CVE ID: CAN-2004-0521). + - Removed html_top and html_bottom hooks. No longer used/needed. + - Added "trailing text" for options built by SquirrelMail (text placed + after text and select list inputs on options pages) + - Custom option page values now repopulate correctly + - Added "no focus" option for compose page in display preferences (setting + reply focus to "No focus" also affects composing new messages) + - Current hook name is now globally available when running a hook ($currentHookName) + - Fix bug when Saving to Draft folder that contains special characters. + - Added size limit to signatures saved in file backend. Created error_option_save + function, that allows sending error message to options page. Thanks to Martynas + Bieliauskas for spotting big signature "option". + - Make SquirrelSpell work with safe_mode enabled, if using PHP >=4.3.0. + Patch by Ray Ferguson. + - Make IP-address in Message-ID RFC822 compliant. + - Uneditable address book entries no longer have checkboxes on addresses page + - Alignment of title text above folder list fixed Version 1.5.0 -------------------- @@ -270,7 +289,7 @@ Version 1.4.0 RC 2a - Correctly fold encoded header lines. - Fix prefs caching not working correctly in PHP 4.3 caused by a stupid version checking mechanism. - - Fix XXS hole that allowed JavaScript execution by sending someone + - Fix XSS hole that allowed JavaScript execution by sending someone an email with specially crafted headers. Thanks Jason Munro, and Masato Higashiyama.