kink [Sun, 9 Dec 2012 12:06:30 +0000 (12:06 +0000)]
Replace calls to htmlspecialchars() with sm_encode_html_special_chars().
New function sm_encode_html_special_chars() encodes HTML special
characters by calling htmlspecialchars(). It sets the character set
to ISO-8859-1, to fix compatibility with PHP >= 5.4.
Patch by Paul Lesniewski.
See #
3491925
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14346
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 18 Sep 2012 17:43:15 +0000 (17:43 +0000)]
Use sqsession_* instead of session_*
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14344
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 9 Sep 2012 22:46:38 +0000 (22:46 +0000)]
For DSN values, allow current value to remain if no changes made
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14342
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 29 Aug 2012 17:03:09 +0000 (17:03 +0000)]
Prevent endless recursive sent subfolder names - see: thread.gmane.org/gmane.mail.squirrelmail.user/39178
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14340
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 4 Aug 2012 23:00:43 +0000 (23:00 +0000)]
Add more flexibility for plugins
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14336
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 28 Jul 2012 05:57:50 +0000 (05:57 +0000)]
Separate E_STRICT reporting from E_ALL in internal debug mode (E_STRICT is included in E_ALL only as of PHP 5.4.0)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14335
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 28 Jul 2012 05:48:24 +0000 (05:48 +0000)]
E_ALL is a moving target
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14334
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 27 Jul 2012 23:03:15 +0000 (23:03 +0000)]
Account for servers that send extra unsolicited FETCH responses (such as when flags change due to a FETCH request). PLEASE TEST!
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14333
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 1 Jul 2012 20:06:18 +0000 (20:06 +0000)]
Add option that allows users to have replies to their own messages sent to the recipient of the previous message (#
3520988)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14331
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 9 May 2012 02:57:02 +0000 (02:57 +0000)]
Fix occasional PHP notice
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14324
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 27 Apr 2012 07:18:17 +0000 (07:18 +0000)]
Clear checkbox selections when form is processed
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14320
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 8 Apr 2012 01:51:00 +0000 (01:51 +0000)]
Revert revision 14314; static functions are a PHP 5+ feature
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14317
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Sat, 7 Apr 2012 15:17:48 +0000 (15:17 +0000)]
functions are only used statically. mark as such.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14314
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 1 Apr 2012 22:18:51 +0000 (22:18 +0000)]
Fix E_STRICT notices
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14312
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 1 Apr 2012 21:27:53 +0000 (21:27 +0000)]
Fix E_STRICT notice
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14309
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 1 Apr 2012 21:15:36 +0000 (21:15 +0000)]
Fix simple E_STRICT notice
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14308
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 1 Apr 2012 20:35:47 +0000 (20:35 +0000)]
Fix PHP notices
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14306
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 1 Apr 2012 20:09:11 +0000 (20:09 +0000)]
Revert changes in revision 14302. Revision 14302 should only have changed functions/imap_general.php
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14304
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 1 Apr 2012 19:50:49 +0000 (19:50 +0000)]
Fall back to using LIST if NAMESPACE answer is malformed or otherwise problematic. This still doesn't account for situations where the NAMESPACE or LIST answer can't be parsed correctly.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14302
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 1 Apr 2012 17:57:20 +0000 (17:57 +0000)]
Re: rev 14289 - Proper fix is not to define a new object; code was assuming header that was already defined was placed in the message object (which it was not). Also fix indention issues
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14301
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Sat, 24 Mar 2012 11:05:26 +0000 (11:05 +0000)]
ChangeLog
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14293
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Sat, 24 Mar 2012 10:42:31 +0000 (10:42 +0000)]
I believe this code worked by chance, redefining it from string to array and
using it outside the code block it was defined in. This should repair it to
what was intended.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14291
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Sat, 24 Mar 2012 10:27:57 +0000 (10:27 +0000)]
must initialise MessageHeader object to avoid
PHP Warning: Creating default object from empty value
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14289
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 28 Feb 2012 18:18:29 +0000 (18:18 +0000)]
Alignment fix
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14281
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 28 Feb 2012 18:16:48 +0000 (18:16 +0000)]
Clarify explanation slightly
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14280
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Wed, 15 Feb 2012 14:32:07 +0000 (14:32 +0000)]
Update the copyright year
The constant was neglected when updating all copyright years.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14278
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Wed, 8 Feb 2012 12:11:18 +0000 (12:11 +0000)]
hex2bin is introduced in PHP 5.4
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14277
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 7 Feb 2012 23:05:36 +0000 (23:05 +0000)]
Spelling mistake
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14275
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 7 Feb 2012 22:51:58 +0000 (22:51 +0000)]
Better performance by reducing token usage to only one at a time (also added an option to revert to old behavior if desired)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14273
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 9 Jan 2012 20:41:02 +0000 (20:41 +0000)]
Account for case when no reply-to is set in user prefs
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14265
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 2 Jan 2012 21:51:22 +0000 (21:51 +0000)]
Document some previously added configuration parameters
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14256
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 2 Jan 2012 02:09:17 +0000 (02:09 +0000)]
Updating copyrights. Happy New Year.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14249
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 29 Dec 2011 06:56:03 +0000 (06:56 +0000)]
Sanitize integer option fields - only digits allowed
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14247
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 29 Dec 2011 01:34:06 +0000 (01:34 +0000)]
Fix what seems to have been a copy/paste bug
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14243
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 28 Dec 2011 02:59:31 +0000 (02:59 +0000)]
Unify address book searches. See ChangeLog comments. Also, fixed bug wherein file backend wasn't escaping regular expression correctly. File based backend used to search all fields at once, concatenated by spaces, which 'worked', but is misleading and nothing like the other backends.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14242
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 21 Dec 2011 13:27:54 +0000 (13:27 +0000)]
addrsrch_fullname is already fetched by load_prefs.php
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14240
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 18 Dec 2011 01:32:51 +0000 (01:32 +0000)]
Make PHP default language for xgettext
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14234
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 15 Dec 2011 23:20:47 +0000 (23:20 +0000)]
Add plugin compatiblility info
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14232
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 15 Dec 2011 15:08:06 +0000 (15:08 +0000)]
Allow addition of extra attributes to user/pwd inputs
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14229
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 29 Nov 2011 13:13:42 +0000 (13:13 +0000)]
Verify Reply To still has its uses
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14158
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 29 Nov 2011 12:44:31 +0000 (12:44 +0000)]
Ensure that Reply-To isn't missing domain - we already do the same for the From header in functions/identity.php
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14156
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 11 Sep 2011 12:26:58 +0000 (12:26 +0000)]
Temporarily sanitize output in wrong place
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14145
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 11 Sep 2011 01:11:03 +0000 (01:11 +0000)]
Fixed broken highlighting form (missing security tokens) (#
3381117)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14144
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 11 Sep 2011 01:08:13 +0000 (01:08 +0000)]
Fixed untranslated string
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14143
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 5 Sep 2011 07:00:18 +0000 (07:00 +0000)]
Fix hook name clash: new smtp_auth hook added recently (a few months ago) has been renamed to smtp_authenticate
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14141
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Tue, 26 Jul 2011 20:28:11 +0000 (20:28 +0000)]
document cve id's for posterity
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14138
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Wed, 13 Jul 2011 08:44:04 +0000 (08:44 +0000)]
attary may be empty at this point and the sq_fixatts call will generate PHP
Warnings. Wrap it in a conditional just like the other sq_fixatts call.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14134
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 12 Jul 2011 04:59:12 +0000 (04:59 +0000)]
Fix XSS problem with unsanitized style tags in messages [CVE-2011-2023]
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14122
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 12 Jul 2011 04:45:49 +0000 (04:45 +0000)]
Fix XSS holes in generic options inputs, XSS hole in the SquirrelSpell plugin, and added anti-CSRF protection to the empty trash feature (thanks to Nicholas Carlini for finding all these issues) [CVE-2010-4555]
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14120
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 12 Jul 2011 03:44:23 +0000 (03:44 +0000)]
Add clickjacking protection (thanks to Asbjorn Thorsen and Geir Hansen for bringing this to our attention) [CVE-2010-4554]
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14118
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 3 May 2011 06:23:56 +0000 (06:23 +0000)]
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14108
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 3 May 2011 06:05:08 +0000 (06:05 +0000)]
Allow administrators to configure subfolders of user INBOXes to be treated as special folders by adding $subfolders_of_inbox_are_special to config_local.php
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14107
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 27 Apr 2011 09:43:25 +0000 (09:43 +0000)]
Remove quotes around personal names in message list (#
3292587)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14106
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 2 Apr 2011 19:19:45 +0000 (19:19 +0000)]
Add smtp_auth hook (thanks to Emmanuel Dreyfus)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14094
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 11 Mar 2011 02:22:57 +0000 (02:22 +0000)]
Undelete button shouldn't be related to whether or not a trash folder is in use - it's just a product of auto-expunge
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14092
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 4 Mar 2011 01:19:33 +0000 (01:19 +0000)]
Don't use regular expressions when you don't need to
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14090
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 6 Jan 2011 03:16:21 +0000 (03:16 +0000)]
Happy New Year!
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14085
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 27 Dec 2010 00:35:24 +0000 (00:35 +0000)]
Refine HMAC-MD5 generator; use native PHP Hash extension if available
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14083
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 21 Dec 2010 14:04:08 +0000 (14:04 +0000)]
Unify output strings (Thanks to Juergen Edner) (#
3139973).
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14082
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 17 Dec 2010 21:41:39 +0000 (21:41 +0000)]
Force the addition of a file suffix to attachments that lack a filename (helps forwarded messages avoid spam filters) (Thanks to Petr Kletecka) (#
3139004)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14080
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 26 Nov 2010 10:02:51 +0000 (10:02 +0000)]
Unify SMTP auth mechanisms in configuration tool
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14076
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 25 Sep 2010 04:08:03 +0000 (04:08 +0000)]
Fix sqauth_read_password() for plugins running on the login_verified hook when the 'key' cookie isn't yet set
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14067
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Mon, 13 Sep 2010 10:43:27 +0000 (10:43 +0000)]
Adding strings to the template.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14062
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 12 Sep 2010 06:02:18 +0000 (06:02 +0000)]
Now allow multiple plugins to handle (add links for) a single attachment MIME type
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14059
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 3 Sep 2010 03:09:51 +0000 (03:09 +0000)]
Fixed system lock-ups caused by a combination of certain rare, malformed message headers and buggy versions of PHP mbstring (#
3053349, 987016)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14056
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 22 Jul 2010 01:24:53 +0000 (01:24 +0000)]
Retiring Seth per his request
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13971
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 21 Jul 2010 19:19:07 +0000 (19:19 +0000)]
Fix attachment filename decoding (#
2994865)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13967
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 21 Jul 2010 07:24:37 +0000 (07:24 +0000)]
The use of 'user' as a column name no longer causes errors in SquirrelMail/PostgreSQL
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13965
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 21 Jul 2010 07:06:12 +0000 (07:06 +0000)]
Fix issues caused by use of PostgreSQL keyword 'user' in SquirrelMail's default preferences database schema (#
2943483)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13963
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 21 Jul 2010 06:14:08 +0000 (06:14 +0000)]
Add information about online documentation
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13960
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 21 Jul 2010 05:46:42 +0000 (05:46 +0000)]
Retire Marc. We should probably retire some others who haven't contributed in the last few years
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13959
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 26 Jun 2010 10:15:49 +0000 (10:15 +0000)]
Aggressive sanitizing of REQUEST_URI, PHP_SELF, and QUERY_STRING corrupted page URIs by encoding ampersands in the query string, so we have to un-sanitize ampersands. Will this cause any security/XSS issues?
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13957
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 21 Jun 2010 08:16:05 +0000 (08:16 +0000)]
Now fill in default subject when forwarding as attachment (#
2936541)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13955
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 21 Jun 2010 07:58:11 +0000 (07:58 +0000)]
Now properly quote personal part of encoded addresses when replying
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13953
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 21 Jun 2010 07:18:55 +0000 (07:18 +0000)]
Fixed minor vulnerability in Mail Fetch plugin [CVE-2010-1637/TEHTRI-SA-2010-009]
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13950
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 21 Jun 2010 07:01:16 +0000 (07:01 +0000)]
Reduced default time security tokens stay valid from 30 days to 2 days (reduces chances of session data growing too large)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13949
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 21 Jun 2010 00:39:12 +0000 (00:39 +0000)]
Synchronize no-cache headers. This reverses revision 13940 because no-cahce headers were already being sent in displayHtmlHeader() for left_main.php and right_main.php (the tracker referred to in that revision only applies to SquirrelMail 1.4.x).
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13945
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Sun, 20 Jun 2010 16:58:46 +0000 (16:58 +0000)]
- Fix error with SpamCop reporting plugin not being able to send report as
emails (#
1795310).
- Fix typo in SpamCop plugin.
- Tidy some output (slightly personal to stop Eclipse complaining about errors in the code)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13942
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Sun, 20 Jun 2010 14:37:16 +0000 (14:37 +0000)]
Explicitly disable caching for left_main and right_main pages (#
2983134)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13940
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 16 Apr 2010 05:26:16 +0000 (05:26 +0000)]
Show what user/group the web server is running as; helps with debugging certain plugins for admins who aren't quite sure about these things
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13934
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 30 Mar 2010 03:30:24 +0000 (03:30 +0000)]
Fix PHP errors. Thanks to Jacek Kalinski
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13931
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 26 Mar 2010 18:36:33 +0000 (18:36 +0000)]
Add FIXME
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13930
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 19 Mar 2010 08:29:44 +0000 (08:29 +0000)]
Don't push out onsubmit handler unless necessary
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13929
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Mon, 8 Mar 2010 09:37:07 +0000 (09:37 +0000)]
r13926 from stable:
code in findDisplayEntity expects object, not array. Make findAltenativeEntity
return an object or null consistently.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13927
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 16 Feb 2010 20:13:21 +0000 (20:13 +0000)]
RFC 3676 says there can't be more in the signature delimiter line than this
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13913
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 13 Feb 2010 23:13:56 +0000 (23:13 +0000)]
Grammar
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13909
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 13 Feb 2010 23:11:28 +0000 (23:11 +0000)]
Added ability to configure Google Mail (Gmail) as the mail server behind SquirrelMail
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13907
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Sat, 13 Feb 2010 16:27:52 +0000 (16:27 +0000)]
Send X-DNS-Prefetch-Control: off header to browsers to prevent information
leakage when Firefox does DNS prefetching for URL's contained in emails.
https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13903
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 4 Feb 2010 20:05:51 +0000 (20:05 +0000)]
Multibyte strings (notably subjects) are now handled correctly (#
2824813, #
2925731)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13901
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 30 Jan 2010 17:10:07 +0000 (17:10 +0000)]
Encoded From headers now properly quoted (#
2830141). A better fix might be to re-write encodeHeader()
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13900
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 28 Jan 2010 16:59:27 +0000 (16:59 +0000)]
displayInternalLink() was removed 2.5 years ago (revision 12549), but this plugin was not updated. Thanks to Christian Kujau for noticing.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13898
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 27 Jan 2010 23:36:52 +0000 (23:36 +0000)]
Avoid notices in some environments
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13897
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 27 Jan 2010 23:05:18 +0000 (23:05 +0000)]
REQUEST_URI is used in php_self(), so make sure it's sanitized too
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13895
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 25 Jan 2010 03:23:30 +0000 (03:23 +0000)]
Update copyrights to 2010
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13894
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 24 Jan 2010 23:26:33 +0000 (23:26 +0000)]
Slight rewrite of php_self()
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13891
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 21 Jan 2010 14:55:19 +0000 (14:55 +0000)]
Make base URL autodetection more robust (probably #
1741469). Sorry, this should have been included in the last commit.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13889
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 21 Jan 2010 14:40:52 +0000 (14:40 +0000)]
Make php_self() more robust. Seems to fix certain lighttpd issues, such as probably #
1741469
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13886
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Tue, 19 Jan 2010 03:17:14 +0000 (03:17 +0000)]
Fix for mailto: URLs containing a + sign. Thanks to Michael Puls II for the patch.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13885
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 5 Jan 2010 08:58:04 +0000 (08:58 +0000)]
Quote dynamic regex contents to be safe. Thanks to Daniel Hahler.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13882
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Tue, 22 Dec 2009 17:15:34 +0000 (17:15 +0000)]
Fix for security token missing in newmail plugin (#
2919418).
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13880
7612ce4b-ef26-0410-bec9-
ea0150e637f0