pdontthink [Wed, 27 Jan 2010 23:36:52 +0000 (23:36 +0000)]
Avoid notices in some environments
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13897
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 27 Jan 2010 23:05:18 +0000 (23:05 +0000)]
REQUEST_URI is used in php_self(), so make sure it's sanitized too
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13895
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 25 Jan 2010 03:23:30 +0000 (03:23 +0000)]
Update copyrights to 2010
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13894
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 24 Jan 2010 23:26:33 +0000 (23:26 +0000)]
Slight rewrite of php_self()
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13891
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 21 Jan 2010 14:55:19 +0000 (14:55 +0000)]
Make base URL autodetection more robust (probably #
1741469). Sorry, this should have been included in the last commit.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13889
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 21 Jan 2010 14:40:52 +0000 (14:40 +0000)]
Make php_self() more robust. Seems to fix certain lighttpd issues, such as probably #
1741469
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13886
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Tue, 19 Jan 2010 03:17:14 +0000 (03:17 +0000)]
Fix for mailto: URLs containing a + sign. Thanks to Michael Puls II for the patch.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13885
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 5 Jan 2010 08:58:04 +0000 (08:58 +0000)]
Quote dynamic regex contents to be safe. Thanks to Daniel Hahler.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13882
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Tue, 22 Dec 2009 17:15:34 +0000 (17:15 +0000)]
Fix for security token missing in newmail plugin (#
2919418).
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13880
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 18 Dec 2009 06:46:16 +0000 (06:46 +0000)]
Add security tokens to change password plugin
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13878
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Fri, 27 Nov 2009 09:25:08 +0000 (09:25 +0000)]
need to move strtolower inside if-block to prevent notice when attached
file has no extention
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13876
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Sun, 22 Nov 2009 16:19:52 +0000 (16:19 +0000)]
Fix issue with multi-part related messages not showing all attachments (#
2830140).
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13874
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 19 Nov 2009 20:09:06 +0000 (20:09 +0000)]
Synch message list table width with css/default.css since the lack of a width here seems to break some layouts/browsers/configurations
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13872
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 1 Nov 2009 08:02:25 +0000 (08:02 +0000)]
NULL not accepted as a replacement for empty arrays as of PHP 5.3
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13870
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Wed, 28 Oct 2009 12:01:57 +0000 (12:01 +0000)]
Turning som FIXMEs into one-liners.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13867
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 12 Oct 2009 22:11:35 +0000 (22:11 +0000)]
Avoid prefixing global $check_referrer value with protocol prefix - use local variable instead
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13865
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 4 Oct 2009 23:01:35 +0000 (23:01 +0000)]
Fixed broken SpamCop email submission: needed updated send button name and security token
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13862
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 4 Oct 2009 22:58:41 +0000 (22:58 +0000)]
Fix wrong doc
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13861
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 4 Oct 2009 21:00:28 +0000 (21:00 +0000)]
If we add a token to lang_setup (#13855), need to check it in lang_change
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13858
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Sun, 4 Oct 2009 15:42:49 +0000 (15:42 +0000)]
Additional smtoken changes.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13855
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Tue, 29 Sep 2009 12:37:05 +0000 (12:37 +0000)]
Adding and improving comments.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13851
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Tue, 29 Sep 2009 12:15:33 +0000 (12:15 +0000)]
The copyright symbol isn't really needed since the word "copyright" is there. Also it doesn't display right in the documentation.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13850
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Tue, 29 Sep 2009 09:36:26 +0000 (09:36 +0000)]
Clarifying a TODO.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13849
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 19 Sep 2009 20:22:15 +0000 (20:22 +0000)]
Fix broken'Thread' and the no-javascript 'All' links (add security tokens)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13848
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 19 Sep 2009 20:11:13 +0000 (20:11 +0000)]
Fix broken search pagination (add security tokens)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13847
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 19 Sep 2009 19:36:25 +0000 (19:36 +0000)]
Fix for deleting message from search expiring cache.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13846
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 15 Sep 2009 20:48:33 +0000 (20:48 +0000)]
Ungreedy modifier does nothing here; remove to avoid unecessary confusion
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13844
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 12 Sep 2009 20:49:22 +0000 (20:49 +0000)]
Fix PHP notice - $use_js was removed from the core in revision 13713
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13843
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 12 Sep 2009 20:25:52 +0000 (20:25 +0000)]
Attachments were being lost when going to address book page due to lack of proper encoding [#
2851493]
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13842
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 12 Sep 2009 19:12:26 +0000 (19:12 +0000)]
Allow plugins to submit security token via GET request
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13841
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 2 Sep 2009 06:00:28 +0000 (06:00 +0000)]
Fixed more links that needed security tokens
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13836
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 17 Aug 2009 23:47:07 +0000 (23:47 +0000)]
Delete requests can come via GET or POST
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13829
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 17 Aug 2009 23:18:47 +0000 (23:18 +0000)]
Protect message deletion with security token system. (Secunia Advisory SA34627)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13826
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 12 Aug 2009 08:36:13 +0000 (08:36 +0000)]
Correct documentation
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13821
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 12 Aug 2009 08:30:59 +0000 (08:30 +0000)]
Add controls for page referal verification and security token system to the configuration tool
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13819
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 12 Aug 2009 08:28:38 +0000 (08:28 +0000)]
Implemented security token system. (Secunia Advisory SA34627)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13817
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 12 Aug 2009 08:20:46 +0000 (08:20 +0000)]
Implemented page referal verification mechanism. (Secunia Advisory SA34627)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13816
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 10 Aug 2009 23:18:20 +0000 (23:18 +0000)]
Fix incorrect stristr() parameter order
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13813
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 8 Aug 2009 20:15:19 +0000 (20:15 +0000)]
Don't encode stuff that's used in hyperlink addresses
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13812
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 8 Aug 2009 19:23:59 +0000 (19:23 +0000)]
Allow forward slashes in Windows-style full paths
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13811
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 1 Aug 2009 19:17:55 +0000 (19:17 +0000)]
Fix broken regular expression
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13809
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 1 Aug 2009 19:15:13 +0000 (19:15 +0000)]
Fix broken regular expression
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13808
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 31 Jul 2009 05:23:04 +0000 (05:23 +0000)]
Remove personal data from Message ID seed. (#880029/847107)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13805
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 29 Jul 2009 03:35:07 +0000 (03:35 +0000)]
This time really make abook files get created with correct permissions
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13803
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 29 Jul 2009 01:55:21 +0000 (01:55 +0000)]
Stop using deprecated ereg() functions (#
2820952)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13799
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 28 Jul 2009 23:24:11 +0000 (23:24 +0000)]
Remove possible bad system admin typos (#
2827153).
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13794
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 28 Jul 2009 23:13:45 +0000 (23:13 +0000)]
PHP 5.3 deprecated ereg() function (#
2820952)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13793
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 28 Jul 2009 22:50:12 +0000 (22:50 +0000)]
Port Thijs fix (rev.13790) to DEVEL: no words must be an empty array, not a string, to prevent notices when later array operations are done on $words.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13792
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Tue, 2 Jun 2009 02:10:56 +0000 (02:10 +0000)]
Fixed broken RFC1918 reference in contrib/.htaccess and doc/.htaccess (#
2798839).
This probably needs further discussion
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13778
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Fri, 29 May 2009 10:55:17 +0000 (10:55 +0000)]
Porting comments and strings between 1.4 and 1.5.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13772
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Thu, 28 May 2009 22:46:56 +0000 (22:46 +0000)]
No double spaces in strings please. They will not show up in HTML anyway.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13770
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Thu, 28 May 2009 06:22:05 +0000 (06:22 +0000)]
Adding comments to the translators.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13769
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Thu, 28 May 2009 06:19:45 +0000 (06:19 +0000)]
Adding more strings to the template.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13768
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 26 May 2009 18:05:35 +0000 (18:05 +0000)]
QUERY_STRING is already sanitized
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13767
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Tue, 26 May 2009 13:11:31 +0000 (13:11 +0000)]
Porting comments betweeen 1.4 and 1.5.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13766
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Tue, 26 May 2009 12:35:43 +0000 (12:35 +0000)]
Removing "www." from some links.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13765
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Tue, 26 May 2009 12:29:07 +0000 (12:29 +0000)]
Porting comments betweeen 1.4 and 1.5.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13764
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Tue, 26 May 2009 11:52:09 +0000 (11:52 +0000)]
Removing the shut down DSBL blocklists. Thanks to Martin Jalakas for the report (#
2796734).
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13763
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Sun, 24 May 2009 10:00:10 +0000 (10:00 +0000)]
add more labling for options pages
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13755
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Sun, 24 May 2009 09:59:41 +0000 (09:59 +0000)]
misplaced labels
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13754
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Sun, 24 May 2009 06:08:56 +0000 (06:08 +0000)]
Fix for bug_report plugin not handling multiple values for same key (AUTH= AUTH=)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13753
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Fri, 22 May 2009 11:28:21 +0000 (11:28 +0000)]
add labels to login page
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13748
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Fri, 22 May 2009 09:44:53 +0000 (09:44 +0000)]
Using a better domain name.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13745
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Fri, 22 May 2009 09:40:19 +0000 (09:40 +0000)]
Fixing HTML vaidation - the same anchor can't appear twice in a page.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13744
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Fri, 22 May 2009 09:34:32 +0000 (09:34 +0000)]
Fixing HTML vaidation.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13743
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Thu, 21 May 2009 17:11:22 +0000 (17:11 +0000)]
The shell escaping fix in map_yp_alias (CVE-2009-1579) was incomplete.
Thanks Michal Hlavinka for noticing this. [CVE-2009-1381]
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13734
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Thu, 21 May 2009 10:23:43 +0000 (10:23 +0000)]
update changelog
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13732
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 21 May 2009 09:21:56 +0000 (09:21 +0000)]
Anchor the regexp. Thanks Thijs Kinkhorst.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13730
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 20 May 2009 20:59:44 +0000 (20:59 +0000)]
When sending an address literal to an SMTP EHLO command, do it with the right syntax
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13728
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 20 May 2009 17:22:31 +0000 (17:22 +0000)]
Add FIXME
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13726
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 19 May 2009 01:51:16 +0000 (01:51 +0000)]
- Fixed the Filters plugin to allow commas in filter criteria text
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13721
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Sun, 17 May 2009 00:38:30 +0000 (00:38 +0000)]
- Cleanup variable name in address search for compose to clearup confusion.
- Remove Javascript from address search page when JavaScript is disabled.
- Add "Check All" function to address book when using "in-page" addressbook.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13713
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Fri, 15 May 2009 15:09:55 +0000 (15:09 +0000)]
Including the colon in the string.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13706
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 14 May 2009 18:43:06 +0000 (18:43 +0000)]
Show real values for error settings
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13704
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 14 May 2009 17:20:47 +0000 (17:20 +0000)]
Clarify docs and use correct $nbsp
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13702
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 14 May 2009 17:03:10 +0000 (17:03 +0000)]
Add documentation and default case to catch unknown suffixes to getByteSize()
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13701
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 14 May 2009 06:31:47 +0000 (06:31 +0000)]
MAX_FILE_SIZE hidden field must be before the file input according to the PHP docs
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13697
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 12 May 2009 07:42:28 +0000 (07:42 +0000)]
Forgot to mention PHP 5.3/6 compatibility update the other day
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13684
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 11 May 2009 22:50:16 +0000 (22:50 +0000)]
Always generate $base_uri for every page request as opposed to doing it only on some pages. Always regenerate session ID at login to prevent session fixation by an attacker who has set a malicious cookie on the client browser. Try to clean up extraneous cookies, such as ones some browsers might actually obey from the src/ directory. Thanks to Tomas Hoger. (CVE-2009-1580)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13677
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 11 May 2009 22:17:46 +0000 (22:17 +0000)]
OMG - unsanitized shell command. Thanks to Niels Teusink. (CVE-2009-1579)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13675
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 11 May 2009 22:08:25 +0000 (22:08 +0000)]
Dunno why this was never implemented, but the comments say it's OK, so here goes...
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13673
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 11 May 2009 22:04:40 +0000 (22:04 +0000)]
Sanitize decrypt_headers.php form input (base64 decoding is not the same as sanitizing), general cleanup and grammatical fixes. Thanks to Niels Teusink. (also CVE-2009-1578)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13671
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 11 May 2009 21:49:23 +0000 (21:49 +0000)]
Fixed improper sanitizing of PHP_SELF and the lack of sanitizing of QUERY_STRING server environment variables. Thanks to Niels Teusink and Christian Balzer. (CVE-2009-1578)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13669
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 11 May 2009 21:19:52 +0000 (21:19 +0000)]
Remove ability for HTML emails to use CSS positioning to overlay SquirrelMail content. Thanks to Luc Beurton. (#
2723196/CVE-2009-1581)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13668
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 8 May 2009 17:53:37 +0000 (17:53 +0000)]
Stop using session_unregister()
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13662
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 7 May 2009 21:55:41 +0000 (21:55 +0000)]
Adding Khmer translation. Thanks to Khoem Sokhem.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13655
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Sun, 3 May 2009 12:33:46 +0000 (12:33 +0000)]
Adding a comment with an explanation for translators.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13650
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Sun, 3 May 2009 12:30:42 +0000 (12:30 +0000)]
Adding a comment with an explanation for translators.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13649
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Fri, 1 May 2009 14:39:28 +0000 (14:39 +0000)]
Fixing spelling error (I hope).
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13635
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 28 Apr 2009 22:03:23 +0000 (22:03 +0000)]
Reduce confusion about what user is running the web server
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13624
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 23 Apr 2009 02:23:20 +0000 (02:23 +0000)]
Use squirrelmail.org
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13586
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 23 Apr 2009 02:21:42 +0000 (02:21 +0000)]
Use squirrelmail.org
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13585
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 21 Apr 2009 21:24:16 +0000 (21:24 +0000)]
Repoint
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13569
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 21 Apr 2009 21:07:01 +0000 (21:07 +0000)]
This has all been previously migrated to the documentation repo
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13567
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Fri, 17 Apr 2009 14:16:04 +0000 (14:16 +0000)]
Updating templates.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13560
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 17 Apr 2009 10:49:38 +0000 (10:49 +0000)]
Add display indicator for forwarded messages
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13559
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Fri, 17 Apr 2009 10:28:27 +0000 (10:28 +0000)]
Changing back to messages.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13558
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 17 Apr 2009 05:46:18 +0000 (05:46 +0000)]
Fix: Messages forwarded as attachments from message list were not getting flagged as forwarded
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13557
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Thu, 16 Apr 2009 10:30:36 +0000 (10:30 +0000)]
Updating the translation templates.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13556
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Thu, 16 Apr 2009 10:28:10 +0000 (10:28 +0000)]
A mail is what's stored at the IMAP/POP3 server. A message is information from an application.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13555
7612ce4b-ef26-0410-bec9-
ea0150e637f0