pdontthink [Thu, 15 Dec 2011 15:08:06 +0000 (15:08 +0000)]
Allow addition of extra attributes to user/pwd inputs
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14229
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 29 Nov 2011 13:13:42 +0000 (13:13 +0000)]
Verify Reply To still has its uses
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14158
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 29 Nov 2011 12:44:31 +0000 (12:44 +0000)]
Ensure that Reply-To isn't missing domain - we already do the same for the From header in functions/identity.php
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14156
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 11 Sep 2011 12:26:58 +0000 (12:26 +0000)]
Temporarily sanitize output in wrong place
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14145
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 11 Sep 2011 01:11:03 +0000 (01:11 +0000)]
Fixed broken highlighting form (missing security tokens) (#
3381117)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14144
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 11 Sep 2011 01:08:13 +0000 (01:08 +0000)]
Fixed untranslated string
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14143
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 5 Sep 2011 07:00:18 +0000 (07:00 +0000)]
Fix hook name clash: new smtp_auth hook added recently (a few months ago) has been renamed to smtp_authenticate
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14141
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Tue, 26 Jul 2011 20:28:11 +0000 (20:28 +0000)]
document cve id's for posterity
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14138
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Wed, 13 Jul 2011 08:44:04 +0000 (08:44 +0000)]
attary may be empty at this point and the sq_fixatts call will generate PHP
Warnings. Wrap it in a conditional just like the other sq_fixatts call.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14134
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 12 Jul 2011 04:59:12 +0000 (04:59 +0000)]
Fix XSS problem with unsanitized style tags in messages [CVE-2011-2023]
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14122
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 12 Jul 2011 04:45:49 +0000 (04:45 +0000)]
Fix XSS holes in generic options inputs, XSS hole in the SquirrelSpell plugin, and added anti-CSRF protection to the empty trash feature (thanks to Nicholas Carlini for finding all these issues) [CVE-2010-4555]
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14120
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 12 Jul 2011 03:44:23 +0000 (03:44 +0000)]
Add clickjacking protection (thanks to Asbjorn Thorsen and Geir Hansen for bringing this to our attention) [CVE-2010-4554]
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14118
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 3 May 2011 06:23:56 +0000 (06:23 +0000)]
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14108
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 3 May 2011 06:05:08 +0000 (06:05 +0000)]
Allow administrators to configure subfolders of user INBOXes to be treated as special folders by adding $subfolders_of_inbox_are_special to config_local.php
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14107
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 27 Apr 2011 09:43:25 +0000 (09:43 +0000)]
Remove quotes around personal names in message list (#
3292587)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14106
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 2 Apr 2011 19:19:45 +0000 (19:19 +0000)]
Add smtp_auth hook (thanks to Emmanuel Dreyfus)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14094
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 11 Mar 2011 02:22:57 +0000 (02:22 +0000)]
Undelete button shouldn't be related to whether or not a trash folder is in use - it's just a product of auto-expunge
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14092
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 4 Mar 2011 01:19:33 +0000 (01:19 +0000)]
Don't use regular expressions when you don't need to
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14090
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 6 Jan 2011 03:16:21 +0000 (03:16 +0000)]
Happy New Year!
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14085
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 27 Dec 2010 00:35:24 +0000 (00:35 +0000)]
Refine HMAC-MD5 generator; use native PHP Hash extension if available
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14083
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 21 Dec 2010 14:04:08 +0000 (14:04 +0000)]
Unify output strings (Thanks to Juergen Edner) (#
3139973).
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14082
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 17 Dec 2010 21:41:39 +0000 (21:41 +0000)]
Force the addition of a file suffix to attachments that lack a filename (helps forwarded messages avoid spam filters) (Thanks to Petr Kletecka) (#
3139004)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14080
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 26 Nov 2010 10:02:51 +0000 (10:02 +0000)]
Unify SMTP auth mechanisms in configuration tool
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14076
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 25 Sep 2010 04:08:03 +0000 (04:08 +0000)]
Fix sqauth_read_password() for plugins running on the login_verified hook when the 'key' cookie isn't yet set
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14067
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Mon, 13 Sep 2010 10:43:27 +0000 (10:43 +0000)]
Adding strings to the template.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14062
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 12 Sep 2010 06:02:18 +0000 (06:02 +0000)]
Now allow multiple plugins to handle (add links for) a single attachment MIME type
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14059
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 3 Sep 2010 03:09:51 +0000 (03:09 +0000)]
Fixed system lock-ups caused by a combination of certain rare, malformed message headers and buggy versions of PHP mbstring (#
3053349, 987016)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14056
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 22 Jul 2010 01:24:53 +0000 (01:24 +0000)]
Retiring Seth per his request
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13971
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 21 Jul 2010 19:19:07 +0000 (19:19 +0000)]
Fix attachment filename decoding (#
2994865)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13967
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 21 Jul 2010 07:24:37 +0000 (07:24 +0000)]
The use of 'user' as a column name no longer causes errors in SquirrelMail/PostgreSQL
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13965
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 21 Jul 2010 07:06:12 +0000 (07:06 +0000)]
Fix issues caused by use of PostgreSQL keyword 'user' in SquirrelMail's default preferences database schema (#
2943483)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13963
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 21 Jul 2010 06:14:08 +0000 (06:14 +0000)]
Add information about online documentation
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13960
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 21 Jul 2010 05:46:42 +0000 (05:46 +0000)]
Retire Marc. We should probably retire some others who haven't contributed in the last few years
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13959
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 26 Jun 2010 10:15:49 +0000 (10:15 +0000)]
Aggressive sanitizing of REQUEST_URI, PHP_SELF, and QUERY_STRING corrupted page URIs by encoding ampersands in the query string, so we have to un-sanitize ampersands. Will this cause any security/XSS issues?
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13957
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 21 Jun 2010 08:16:05 +0000 (08:16 +0000)]
Now fill in default subject when forwarding as attachment (#
2936541)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13955
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 21 Jun 2010 07:58:11 +0000 (07:58 +0000)]
Now properly quote personal part of encoded addresses when replying
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13953
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 21 Jun 2010 07:18:55 +0000 (07:18 +0000)]
Fixed minor vulnerability in Mail Fetch plugin [CVE-2010-1637/TEHTRI-SA-2010-009]
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13950
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 21 Jun 2010 07:01:16 +0000 (07:01 +0000)]
Reduced default time security tokens stay valid from 30 days to 2 days (reduces chances of session data growing too large)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13949
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 21 Jun 2010 00:39:12 +0000 (00:39 +0000)]
Synchronize no-cache headers. This reverses revision 13940 because no-cahce headers were already being sent in displayHtmlHeader() for left_main.php and right_main.php (the tracker referred to in that revision only applies to SquirrelMail 1.4.x).
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13945
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Sun, 20 Jun 2010 16:58:46 +0000 (16:58 +0000)]
- Fix error with SpamCop reporting plugin not being able to send report as
emails (#
1795310).
- Fix typo in SpamCop plugin.
- Tidy some output (slightly personal to stop Eclipse complaining about errors in the code)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13942
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Sun, 20 Jun 2010 14:37:16 +0000 (14:37 +0000)]
Explicitly disable caching for left_main and right_main pages (#
2983134)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13940
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 16 Apr 2010 05:26:16 +0000 (05:26 +0000)]
Show what user/group the web server is running as; helps with debugging certain plugins for admins who aren't quite sure about these things
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13934
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 30 Mar 2010 03:30:24 +0000 (03:30 +0000)]
Fix PHP errors. Thanks to Jacek Kalinski
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13931
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 26 Mar 2010 18:36:33 +0000 (18:36 +0000)]
Add FIXME
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13930
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 19 Mar 2010 08:29:44 +0000 (08:29 +0000)]
Don't push out onsubmit handler unless necessary
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13929
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Mon, 8 Mar 2010 09:37:07 +0000 (09:37 +0000)]
r13926 from stable:
code in findDisplayEntity expects object, not array. Make findAltenativeEntity
return an object or null consistently.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13927
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 16 Feb 2010 20:13:21 +0000 (20:13 +0000)]
RFC 3676 says there can't be more in the signature delimiter line than this
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13913
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 13 Feb 2010 23:13:56 +0000 (23:13 +0000)]
Grammar
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13909
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 13 Feb 2010 23:11:28 +0000 (23:11 +0000)]
Added ability to configure Google Mail (Gmail) as the mail server behind SquirrelMail
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13907
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Sat, 13 Feb 2010 16:27:52 +0000 (16:27 +0000)]
Send X-DNS-Prefetch-Control: off header to browsers to prevent information
leakage when Firefox does DNS prefetching for URL's contained in emails.
https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13903
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 4 Feb 2010 20:05:51 +0000 (20:05 +0000)]
Multibyte strings (notably subjects) are now handled correctly (#
2824813, #
2925731)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13901
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 30 Jan 2010 17:10:07 +0000 (17:10 +0000)]
Encoded From headers now properly quoted (#
2830141). A better fix might be to re-write encodeHeader()
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13900
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 28 Jan 2010 16:59:27 +0000 (16:59 +0000)]
displayInternalLink() was removed 2.5 years ago (revision 12549), but this plugin was not updated. Thanks to Christian Kujau for noticing.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13898
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 27 Jan 2010 23:36:52 +0000 (23:36 +0000)]
Avoid notices in some environments
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13897
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 27 Jan 2010 23:05:18 +0000 (23:05 +0000)]
REQUEST_URI is used in php_self(), so make sure it's sanitized too
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13895
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 25 Jan 2010 03:23:30 +0000 (03:23 +0000)]
Update copyrights to 2010
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13894
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 24 Jan 2010 23:26:33 +0000 (23:26 +0000)]
Slight rewrite of php_self()
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13891
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 21 Jan 2010 14:55:19 +0000 (14:55 +0000)]
Make base URL autodetection more robust (probably #
1741469). Sorry, this should have been included in the last commit.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13889
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 21 Jan 2010 14:40:52 +0000 (14:40 +0000)]
Make php_self() more robust. Seems to fix certain lighttpd issues, such as probably #
1741469
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13886
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Tue, 19 Jan 2010 03:17:14 +0000 (03:17 +0000)]
Fix for mailto: URLs containing a + sign. Thanks to Michael Puls II for the patch.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13885
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 5 Jan 2010 08:58:04 +0000 (08:58 +0000)]
Quote dynamic regex contents to be safe. Thanks to Daniel Hahler.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13882
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Tue, 22 Dec 2009 17:15:34 +0000 (17:15 +0000)]
Fix for security token missing in newmail plugin (#
2919418).
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13880
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 18 Dec 2009 06:46:16 +0000 (06:46 +0000)]
Add security tokens to change password plugin
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13878
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Fri, 27 Nov 2009 09:25:08 +0000 (09:25 +0000)]
need to move strtolower inside if-block to prevent notice when attached
file has no extention
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13876
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Sun, 22 Nov 2009 16:19:52 +0000 (16:19 +0000)]
Fix issue with multi-part related messages not showing all attachments (#
2830140).
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13874
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 19 Nov 2009 20:09:06 +0000 (20:09 +0000)]
Synch message list table width with css/default.css since the lack of a width here seems to break some layouts/browsers/configurations
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13872
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 1 Nov 2009 08:02:25 +0000 (08:02 +0000)]
NULL not accepted as a replacement for empty arrays as of PHP 5.3
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13870
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Wed, 28 Oct 2009 12:01:57 +0000 (12:01 +0000)]
Turning som FIXMEs into one-liners.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13867
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 12 Oct 2009 22:11:35 +0000 (22:11 +0000)]
Avoid prefixing global $check_referrer value with protocol prefix - use local variable instead
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13865
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 4 Oct 2009 23:01:35 +0000 (23:01 +0000)]
Fixed broken SpamCop email submission: needed updated send button name and security token
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13862
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 4 Oct 2009 22:58:41 +0000 (22:58 +0000)]
Fix wrong doc
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13861
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 4 Oct 2009 21:00:28 +0000 (21:00 +0000)]
If we add a token to lang_setup (#13855), need to check it in lang_change
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13858
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Sun, 4 Oct 2009 15:42:49 +0000 (15:42 +0000)]
Additional smtoken changes.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13855
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Tue, 29 Sep 2009 12:37:05 +0000 (12:37 +0000)]
Adding and improving comments.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13851
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Tue, 29 Sep 2009 12:15:33 +0000 (12:15 +0000)]
The copyright symbol isn't really needed since the word "copyright" is there. Also it doesn't display right in the documentation.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13850
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Tue, 29 Sep 2009 09:36:26 +0000 (09:36 +0000)]
Clarifying a TODO.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13849
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 19 Sep 2009 20:22:15 +0000 (20:22 +0000)]
Fix broken'Thread' and the no-javascript 'All' links (add security tokens)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13848
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 19 Sep 2009 20:11:13 +0000 (20:11 +0000)]
Fix broken search pagination (add security tokens)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13847
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 19 Sep 2009 19:36:25 +0000 (19:36 +0000)]
Fix for deleting message from search expiring cache.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13846
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 15 Sep 2009 20:48:33 +0000 (20:48 +0000)]
Ungreedy modifier does nothing here; remove to avoid unecessary confusion
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13844
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 12 Sep 2009 20:49:22 +0000 (20:49 +0000)]
Fix PHP notice - $use_js was removed from the core in revision 13713
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13843
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 12 Sep 2009 20:25:52 +0000 (20:25 +0000)]
Attachments were being lost when going to address book page due to lack of proper encoding [#
2851493]
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13842
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 12 Sep 2009 19:12:26 +0000 (19:12 +0000)]
Allow plugins to submit security token via GET request
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13841
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 2 Sep 2009 06:00:28 +0000 (06:00 +0000)]
Fixed more links that needed security tokens
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13836
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 17 Aug 2009 23:47:07 +0000 (23:47 +0000)]
Delete requests can come via GET or POST
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13829
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 17 Aug 2009 23:18:47 +0000 (23:18 +0000)]
Protect message deletion with security token system. (Secunia Advisory SA34627)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13826
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 12 Aug 2009 08:36:13 +0000 (08:36 +0000)]
Correct documentation
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13821
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 12 Aug 2009 08:30:59 +0000 (08:30 +0000)]
Add controls for page referal verification and security token system to the configuration tool
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13819
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 12 Aug 2009 08:28:38 +0000 (08:28 +0000)]
Implemented security token system. (Secunia Advisory SA34627)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13817
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 12 Aug 2009 08:20:46 +0000 (08:20 +0000)]
Implemented page referal verification mechanism. (Secunia Advisory SA34627)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13816
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 10 Aug 2009 23:18:20 +0000 (23:18 +0000)]
Fix incorrect stristr() parameter order
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13813
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 8 Aug 2009 20:15:19 +0000 (20:15 +0000)]
Don't encode stuff that's used in hyperlink addresses
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13812
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 8 Aug 2009 19:23:59 +0000 (19:23 +0000)]
Allow forward slashes in Windows-style full paths
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13811
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 1 Aug 2009 19:17:55 +0000 (19:17 +0000)]
Fix broken regular expression
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13809
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 1 Aug 2009 19:15:13 +0000 (19:15 +0000)]
Fix broken regular expression
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13808
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 31 Jul 2009 05:23:04 +0000 (05:23 +0000)]
Remove personal data from Message ID seed. (#880029/847107)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13805
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 29 Jul 2009 03:35:07 +0000 (03:35 +0000)]
This time really make abook files get created with correct permissions
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13803
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 29 Jul 2009 01:55:21 +0000 (01:55 +0000)]
Stop using deprecated ereg() functions (#
2820952)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13799
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 28 Jul 2009 23:24:11 +0000 (23:24 +0000)]
Remove possible bad system admin typos (#
2827153).
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13794
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 28 Jul 2009 23:13:45 +0000 (23:13 +0000)]
PHP 5.3 deprecated ereg() function (#
2820952)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13793
7612ce4b-ef26-0410-bec9-
ea0150e637f0