pdontthink [Thu, 29 Dec 2011 06:56:03 +0000 (06:56 +0000)]
Sanitize integer option fields - only digits allowed
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14247
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 29 Dec 2011 01:34:06 +0000 (01:34 +0000)]
Fix what seems to have been a copy/paste bug
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14243
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 28 Dec 2011 02:59:31 +0000 (02:59 +0000)]
Unify address book searches. See ChangeLog comments. Also, fixed bug wherein file backend wasn't escaping regular expression correctly. File based backend used to search all fields at once, concatenated by spaces, which 'worked', but is misleading and nothing like the other backends.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14242
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 21 Dec 2011 13:27:54 +0000 (13:27 +0000)]
addrsrch_fullname is already fetched by load_prefs.php
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14240
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 18 Dec 2011 01:32:51 +0000 (01:32 +0000)]
Make PHP default language for xgettext
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14234
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 15 Dec 2011 23:20:47 +0000 (23:20 +0000)]
Add plugin compatiblility info
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14232
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 15 Dec 2011 15:08:06 +0000 (15:08 +0000)]
Allow addition of extra attributes to user/pwd inputs
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14229
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 29 Nov 2011 13:13:42 +0000 (13:13 +0000)]
Verify Reply To still has its uses
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14158
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 29 Nov 2011 12:44:31 +0000 (12:44 +0000)]
Ensure that Reply-To isn't missing domain - we already do the same for the From header in functions/identity.php
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14156
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 11 Sep 2011 12:26:58 +0000 (12:26 +0000)]
Temporarily sanitize output in wrong place
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14145
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 11 Sep 2011 01:11:03 +0000 (01:11 +0000)]
Fixed broken highlighting form (missing security tokens) (#
3381117)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14144
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 11 Sep 2011 01:08:13 +0000 (01:08 +0000)]
Fixed untranslated string
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14143
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 5 Sep 2011 07:00:18 +0000 (07:00 +0000)]
Fix hook name clash: new smtp_auth hook added recently (a few months ago) has been renamed to smtp_authenticate
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14141
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Tue, 26 Jul 2011 20:28:11 +0000 (20:28 +0000)]
document cve id's for posterity
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14138
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Wed, 13 Jul 2011 08:44:04 +0000 (08:44 +0000)]
attary may be empty at this point and the sq_fixatts call will generate PHP
Warnings. Wrap it in a conditional just like the other sq_fixatts call.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14134
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 12 Jul 2011 04:59:12 +0000 (04:59 +0000)]
Fix XSS problem with unsanitized style tags in messages [CVE-2011-2023]
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14122
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 12 Jul 2011 04:45:49 +0000 (04:45 +0000)]
Fix XSS holes in generic options inputs, XSS hole in the SquirrelSpell plugin, and added anti-CSRF protection to the empty trash feature (thanks to Nicholas Carlini for finding all these issues) [CVE-2010-4555]
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14120
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 12 Jul 2011 03:44:23 +0000 (03:44 +0000)]
Add clickjacking protection (thanks to Asbjorn Thorsen and Geir Hansen for bringing this to our attention) [CVE-2010-4554]
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14118
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 3 May 2011 06:23:56 +0000 (06:23 +0000)]
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14108
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 3 May 2011 06:05:08 +0000 (06:05 +0000)]
Allow administrators to configure subfolders of user INBOXes to be treated as special folders by adding $subfolders_of_inbox_are_special to config_local.php
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14107
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 27 Apr 2011 09:43:25 +0000 (09:43 +0000)]
Remove quotes around personal names in message list (#
3292587)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14106
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 2 Apr 2011 19:19:45 +0000 (19:19 +0000)]
Add smtp_auth hook (thanks to Emmanuel Dreyfus)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14094
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 11 Mar 2011 02:22:57 +0000 (02:22 +0000)]
Undelete button shouldn't be related to whether or not a trash folder is in use - it's just a product of auto-expunge
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14092
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 4 Mar 2011 01:19:33 +0000 (01:19 +0000)]
Don't use regular expressions when you don't need to
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14090
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 6 Jan 2011 03:16:21 +0000 (03:16 +0000)]
Happy New Year!
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14085
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 27 Dec 2010 00:35:24 +0000 (00:35 +0000)]
Refine HMAC-MD5 generator; use native PHP Hash extension if available
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14083
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 21 Dec 2010 14:04:08 +0000 (14:04 +0000)]
Unify output strings (Thanks to Juergen Edner) (#
3139973).
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14082
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 17 Dec 2010 21:41:39 +0000 (21:41 +0000)]
Force the addition of a file suffix to attachments that lack a filename (helps forwarded messages avoid spam filters) (Thanks to Petr Kletecka) (#
3139004)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14080
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 26 Nov 2010 10:02:51 +0000 (10:02 +0000)]
Unify SMTP auth mechanisms in configuration tool
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14076
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 25 Sep 2010 04:08:03 +0000 (04:08 +0000)]
Fix sqauth_read_password() for plugins running on the login_verified hook when the 'key' cookie isn't yet set
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14067
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Mon, 13 Sep 2010 10:43:27 +0000 (10:43 +0000)]
Adding strings to the template.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14062
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 12 Sep 2010 06:02:18 +0000 (06:02 +0000)]
Now allow multiple plugins to handle (add links for) a single attachment MIME type
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14059
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 3 Sep 2010 03:09:51 +0000 (03:09 +0000)]
Fixed system lock-ups caused by a combination of certain rare, malformed message headers and buggy versions of PHP mbstring (#
3053349, 987016)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14056
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 22 Jul 2010 01:24:53 +0000 (01:24 +0000)]
Retiring Seth per his request
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13971
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 21 Jul 2010 19:19:07 +0000 (19:19 +0000)]
Fix attachment filename decoding (#
2994865)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13967
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 21 Jul 2010 07:24:37 +0000 (07:24 +0000)]
The use of 'user' as a column name no longer causes errors in SquirrelMail/PostgreSQL
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13965
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 21 Jul 2010 07:06:12 +0000 (07:06 +0000)]
Fix issues caused by use of PostgreSQL keyword 'user' in SquirrelMail's default preferences database schema (#
2943483)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13963
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 21 Jul 2010 06:14:08 +0000 (06:14 +0000)]
Add information about online documentation
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13960
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 21 Jul 2010 05:46:42 +0000 (05:46 +0000)]
Retire Marc. We should probably retire some others who haven't contributed in the last few years
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13959
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 26 Jun 2010 10:15:49 +0000 (10:15 +0000)]
Aggressive sanitizing of REQUEST_URI, PHP_SELF, and QUERY_STRING corrupted page URIs by encoding ampersands in the query string, so we have to un-sanitize ampersands. Will this cause any security/XSS issues?
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13957
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 21 Jun 2010 08:16:05 +0000 (08:16 +0000)]
Now fill in default subject when forwarding as attachment (#
2936541)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13955
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 21 Jun 2010 07:58:11 +0000 (07:58 +0000)]
Now properly quote personal part of encoded addresses when replying
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13953
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 21 Jun 2010 07:18:55 +0000 (07:18 +0000)]
Fixed minor vulnerability in Mail Fetch plugin [CVE-2010-1637/TEHTRI-SA-2010-009]
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13950
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 21 Jun 2010 07:01:16 +0000 (07:01 +0000)]
Reduced default time security tokens stay valid from 30 days to 2 days (reduces chances of session data growing too large)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13949
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 21 Jun 2010 00:39:12 +0000 (00:39 +0000)]
Synchronize no-cache headers. This reverses revision 13940 because no-cahce headers were already being sent in displayHtmlHeader() for left_main.php and right_main.php (the tracker referred to in that revision only applies to SquirrelMail 1.4.x).
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13945
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Sun, 20 Jun 2010 16:58:46 +0000 (16:58 +0000)]
- Fix error with SpamCop reporting plugin not being able to send report as
emails (#
1795310).
- Fix typo in SpamCop plugin.
- Tidy some output (slightly personal to stop Eclipse complaining about errors in the code)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13942
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Sun, 20 Jun 2010 14:37:16 +0000 (14:37 +0000)]
Explicitly disable caching for left_main and right_main pages (#
2983134)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13940
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 16 Apr 2010 05:26:16 +0000 (05:26 +0000)]
Show what user/group the web server is running as; helps with debugging certain plugins for admins who aren't quite sure about these things
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13934
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 30 Mar 2010 03:30:24 +0000 (03:30 +0000)]
Fix PHP errors. Thanks to Jacek Kalinski
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13931
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 26 Mar 2010 18:36:33 +0000 (18:36 +0000)]
Add FIXME
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13930
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 19 Mar 2010 08:29:44 +0000 (08:29 +0000)]
Don't push out onsubmit handler unless necessary
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13929
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Mon, 8 Mar 2010 09:37:07 +0000 (09:37 +0000)]
r13926 from stable:
code in findDisplayEntity expects object, not array. Make findAltenativeEntity
return an object or null consistently.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13927
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 16 Feb 2010 20:13:21 +0000 (20:13 +0000)]
RFC 3676 says there can't be more in the signature delimiter line than this
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13913
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 13 Feb 2010 23:13:56 +0000 (23:13 +0000)]
Grammar
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13909
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 13 Feb 2010 23:11:28 +0000 (23:11 +0000)]
Added ability to configure Google Mail (Gmail) as the mail server behind SquirrelMail
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13907
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Sat, 13 Feb 2010 16:27:52 +0000 (16:27 +0000)]
Send X-DNS-Prefetch-Control: off header to browsers to prevent information
leakage when Firefox does DNS prefetching for URL's contained in emails.
https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13903
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 4 Feb 2010 20:05:51 +0000 (20:05 +0000)]
Multibyte strings (notably subjects) are now handled correctly (#
2824813, #
2925731)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13901
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 30 Jan 2010 17:10:07 +0000 (17:10 +0000)]
Encoded From headers now properly quoted (#
2830141). A better fix might be to re-write encodeHeader()
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13900
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 28 Jan 2010 16:59:27 +0000 (16:59 +0000)]
displayInternalLink() was removed 2.5 years ago (revision 12549), but this plugin was not updated. Thanks to Christian Kujau for noticing.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13898
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 27 Jan 2010 23:36:52 +0000 (23:36 +0000)]
Avoid notices in some environments
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13897
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 27 Jan 2010 23:05:18 +0000 (23:05 +0000)]
REQUEST_URI is used in php_self(), so make sure it's sanitized too
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13895
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 25 Jan 2010 03:23:30 +0000 (03:23 +0000)]
Update copyrights to 2010
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13894
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 24 Jan 2010 23:26:33 +0000 (23:26 +0000)]
Slight rewrite of php_self()
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13891
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 21 Jan 2010 14:55:19 +0000 (14:55 +0000)]
Make base URL autodetection more robust (probably #
1741469). Sorry, this should have been included in the last commit.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13889
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 21 Jan 2010 14:40:52 +0000 (14:40 +0000)]
Make php_self() more robust. Seems to fix certain lighttpd issues, such as probably #
1741469
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13886
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Tue, 19 Jan 2010 03:17:14 +0000 (03:17 +0000)]
Fix for mailto: URLs containing a + sign. Thanks to Michael Puls II for the patch.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13885
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 5 Jan 2010 08:58:04 +0000 (08:58 +0000)]
Quote dynamic regex contents to be safe. Thanks to Daniel Hahler.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13882
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Tue, 22 Dec 2009 17:15:34 +0000 (17:15 +0000)]
Fix for security token missing in newmail plugin (#
2919418).
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13880
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 18 Dec 2009 06:46:16 +0000 (06:46 +0000)]
Add security tokens to change password plugin
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13878
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Fri, 27 Nov 2009 09:25:08 +0000 (09:25 +0000)]
need to move strtolower inside if-block to prevent notice when attached
file has no extention
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13876
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Sun, 22 Nov 2009 16:19:52 +0000 (16:19 +0000)]
Fix issue with multi-part related messages not showing all attachments (#
2830140).
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13874
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 19 Nov 2009 20:09:06 +0000 (20:09 +0000)]
Synch message list table width with css/default.css since the lack of a width here seems to break some layouts/browsers/configurations
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13872
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 1 Nov 2009 08:02:25 +0000 (08:02 +0000)]
NULL not accepted as a replacement for empty arrays as of PHP 5.3
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13870
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Wed, 28 Oct 2009 12:01:57 +0000 (12:01 +0000)]
Turning som FIXMEs into one-liners.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13867
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 12 Oct 2009 22:11:35 +0000 (22:11 +0000)]
Avoid prefixing global $check_referrer value with protocol prefix - use local variable instead
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13865
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 4 Oct 2009 23:01:35 +0000 (23:01 +0000)]
Fixed broken SpamCop email submission: needed updated send button name and security token
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13862
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 4 Oct 2009 22:58:41 +0000 (22:58 +0000)]
Fix wrong doc
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13861
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 4 Oct 2009 21:00:28 +0000 (21:00 +0000)]
If we add a token to lang_setup (#13855), need to check it in lang_change
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13858
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Sun, 4 Oct 2009 15:42:49 +0000 (15:42 +0000)]
Additional smtoken changes.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13855
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Tue, 29 Sep 2009 12:37:05 +0000 (12:37 +0000)]
Adding and improving comments.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13851
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Tue, 29 Sep 2009 12:15:33 +0000 (12:15 +0000)]
The copyright symbol isn't really needed since the word "copyright" is there. Also it doesn't display right in the documentation.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13850
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Tue, 29 Sep 2009 09:36:26 +0000 (09:36 +0000)]
Clarifying a TODO.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13849
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 19 Sep 2009 20:22:15 +0000 (20:22 +0000)]
Fix broken'Thread' and the no-javascript 'All' links (add security tokens)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13848
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 19 Sep 2009 20:11:13 +0000 (20:11 +0000)]
Fix broken search pagination (add security tokens)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13847
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 19 Sep 2009 19:36:25 +0000 (19:36 +0000)]
Fix for deleting message from search expiring cache.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13846
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 15 Sep 2009 20:48:33 +0000 (20:48 +0000)]
Ungreedy modifier does nothing here; remove to avoid unecessary confusion
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13844
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 12 Sep 2009 20:49:22 +0000 (20:49 +0000)]
Fix PHP notice - $use_js was removed from the core in revision 13713
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13843
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 12 Sep 2009 20:25:52 +0000 (20:25 +0000)]
Attachments were being lost when going to address book page due to lack of proper encoding [#
2851493]
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13842
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 12 Sep 2009 19:12:26 +0000 (19:12 +0000)]
Allow plugins to submit security token via GET request
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13841
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 2 Sep 2009 06:00:28 +0000 (06:00 +0000)]
Fixed more links that needed security tokens
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13836
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 17 Aug 2009 23:47:07 +0000 (23:47 +0000)]
Delete requests can come via GET or POST
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13829
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 17 Aug 2009 23:18:47 +0000 (23:18 +0000)]
Protect message deletion with security token system. (Secunia Advisory SA34627)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13826
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 12 Aug 2009 08:36:13 +0000 (08:36 +0000)]
Correct documentation
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13821
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 12 Aug 2009 08:30:59 +0000 (08:30 +0000)]
Add controls for page referal verification and security token system to the configuration tool
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13819
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 12 Aug 2009 08:28:38 +0000 (08:28 +0000)]
Implemented security token system. (Secunia Advisory SA34627)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13817
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 12 Aug 2009 08:20:46 +0000 (08:20 +0000)]
Implemented page referal verification mechanism. (Secunia Advisory SA34627)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13816
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 10 Aug 2009 23:18:20 +0000 (23:18 +0000)]
Fix incorrect stristr() parameter order
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13813
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 8 Aug 2009 20:15:19 +0000 (20:15 +0000)]
Don't encode stuff that's used in hyperlink addresses
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13812
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 8 Aug 2009 19:23:59 +0000 (19:23 +0000)]
Allow forward slashes in Windows-style full paths
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13811
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 1 Aug 2009 19:17:55 +0000 (19:17 +0000)]
Fix broken regular expression
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13809
7612ce4b-ef26-0410-bec9-
ea0150e637f0