pdontthink [Mon, 21 Jun 2010 07:18:55 +0000 (07:18 +0000)]
Fixed minor vulnerability in Mail Fetch plugin [CVE-2010-1637/TEHTRI-SA-2010-009]
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13950
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 21 Jun 2010 07:01:16 +0000 (07:01 +0000)]
Reduced default time security tokens stay valid from 30 days to 2 days (reduces chances of session data growing too large)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13949
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 21 Jun 2010 00:39:12 +0000 (00:39 +0000)]
Synchronize no-cache headers. This reverses revision 13940 because no-cahce headers were already being sent in displayHtmlHeader() for left_main.php and right_main.php (the tracker referred to in that revision only applies to SquirrelMail 1.4.x).
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13945
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Sun, 20 Jun 2010 16:58:46 +0000 (16:58 +0000)]
- Fix error with SpamCop reporting plugin not being able to send report as
emails (#
1795310).
- Fix typo in SpamCop plugin.
- Tidy some output (slightly personal to stop Eclipse complaining about errors in the code)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13942
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Sun, 20 Jun 2010 14:37:16 +0000 (14:37 +0000)]
Explicitly disable caching for left_main and right_main pages (#
2983134)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13940
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 16 Apr 2010 05:26:16 +0000 (05:26 +0000)]
Show what user/group the web server is running as; helps with debugging certain plugins for admins who aren't quite sure about these things
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13934
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 30 Mar 2010 03:30:24 +0000 (03:30 +0000)]
Fix PHP errors. Thanks to Jacek Kalinski
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13931
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 26 Mar 2010 18:36:33 +0000 (18:36 +0000)]
Add FIXME
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13930
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 19 Mar 2010 08:29:44 +0000 (08:29 +0000)]
Don't push out onsubmit handler unless necessary
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13929
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Mon, 8 Mar 2010 09:37:07 +0000 (09:37 +0000)]
r13926 from stable:
code in findDisplayEntity expects object, not array. Make findAltenativeEntity
return an object or null consistently.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13927
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 16 Feb 2010 20:13:21 +0000 (20:13 +0000)]
RFC 3676 says there can't be more in the signature delimiter line than this
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13913
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 13 Feb 2010 23:13:56 +0000 (23:13 +0000)]
Grammar
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13909
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 13 Feb 2010 23:11:28 +0000 (23:11 +0000)]
Added ability to configure Google Mail (Gmail) as the mail server behind SquirrelMail
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13907
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Sat, 13 Feb 2010 16:27:52 +0000 (16:27 +0000)]
Send X-DNS-Prefetch-Control: off header to browsers to prevent information
leakage when Firefox does DNS prefetching for URL's contained in emails.
https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13903
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 4 Feb 2010 20:05:51 +0000 (20:05 +0000)]
Multibyte strings (notably subjects) are now handled correctly (#
2824813, #
2925731)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13901
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 30 Jan 2010 17:10:07 +0000 (17:10 +0000)]
Encoded From headers now properly quoted (#
2830141). A better fix might be to re-write encodeHeader()
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13900
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 28 Jan 2010 16:59:27 +0000 (16:59 +0000)]
displayInternalLink() was removed 2.5 years ago (revision 12549), but this plugin was not updated. Thanks to Christian Kujau for noticing.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13898
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 27 Jan 2010 23:36:52 +0000 (23:36 +0000)]
Avoid notices in some environments
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13897
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 27 Jan 2010 23:05:18 +0000 (23:05 +0000)]
REQUEST_URI is used in php_self(), so make sure it's sanitized too
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13895
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 25 Jan 2010 03:23:30 +0000 (03:23 +0000)]
Update copyrights to 2010
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13894
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 24 Jan 2010 23:26:33 +0000 (23:26 +0000)]
Slight rewrite of php_self()
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13891
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 21 Jan 2010 14:55:19 +0000 (14:55 +0000)]
Make base URL autodetection more robust (probably #
1741469). Sorry, this should have been included in the last commit.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13889
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 21 Jan 2010 14:40:52 +0000 (14:40 +0000)]
Make php_self() more robust. Seems to fix certain lighttpd issues, such as probably #
1741469
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13886
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Tue, 19 Jan 2010 03:17:14 +0000 (03:17 +0000)]
Fix for mailto: URLs containing a + sign. Thanks to Michael Puls II for the patch.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13885
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 5 Jan 2010 08:58:04 +0000 (08:58 +0000)]
Quote dynamic regex contents to be safe. Thanks to Daniel Hahler.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13882
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Tue, 22 Dec 2009 17:15:34 +0000 (17:15 +0000)]
Fix for security token missing in newmail plugin (#
2919418).
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13880
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 18 Dec 2009 06:46:16 +0000 (06:46 +0000)]
Add security tokens to change password plugin
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13878
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Fri, 27 Nov 2009 09:25:08 +0000 (09:25 +0000)]
need to move strtolower inside if-block to prevent notice when attached
file has no extention
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13876
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Sun, 22 Nov 2009 16:19:52 +0000 (16:19 +0000)]
Fix issue with multi-part related messages not showing all attachments (#
2830140).
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13874
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 19 Nov 2009 20:09:06 +0000 (20:09 +0000)]
Synch message list table width with css/default.css since the lack of a width here seems to break some layouts/browsers/configurations
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13872
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 1 Nov 2009 08:02:25 +0000 (08:02 +0000)]
NULL not accepted as a replacement for empty arrays as of PHP 5.3
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13870
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Wed, 28 Oct 2009 12:01:57 +0000 (12:01 +0000)]
Turning som FIXMEs into one-liners.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13867
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 12 Oct 2009 22:11:35 +0000 (22:11 +0000)]
Avoid prefixing global $check_referrer value with protocol prefix - use local variable instead
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13865
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 4 Oct 2009 23:01:35 +0000 (23:01 +0000)]
Fixed broken SpamCop email submission: needed updated send button name and security token
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13862
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 4 Oct 2009 22:58:41 +0000 (22:58 +0000)]
Fix wrong doc
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13861
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sun, 4 Oct 2009 21:00:28 +0000 (21:00 +0000)]
If we add a token to lang_setup (#13855), need to check it in lang_change
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13858
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Sun, 4 Oct 2009 15:42:49 +0000 (15:42 +0000)]
Additional smtoken changes.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13855
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Tue, 29 Sep 2009 12:37:05 +0000 (12:37 +0000)]
Adding and improving comments.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13851
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Tue, 29 Sep 2009 12:15:33 +0000 (12:15 +0000)]
The copyright symbol isn't really needed since the word "copyright" is there. Also it doesn't display right in the documentation.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13850
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Tue, 29 Sep 2009 09:36:26 +0000 (09:36 +0000)]
Clarifying a TODO.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13849
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 19 Sep 2009 20:22:15 +0000 (20:22 +0000)]
Fix broken'Thread' and the no-javascript 'All' links (add security tokens)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13848
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 19 Sep 2009 20:11:13 +0000 (20:11 +0000)]
Fix broken search pagination (add security tokens)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13847
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 19 Sep 2009 19:36:25 +0000 (19:36 +0000)]
Fix for deleting message from search expiring cache.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13846
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 15 Sep 2009 20:48:33 +0000 (20:48 +0000)]
Ungreedy modifier does nothing here; remove to avoid unecessary confusion
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13844
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 12 Sep 2009 20:49:22 +0000 (20:49 +0000)]
Fix PHP notice - $use_js was removed from the core in revision 13713
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13843
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 12 Sep 2009 20:25:52 +0000 (20:25 +0000)]
Attachments were being lost when going to address book page due to lack of proper encoding [#
2851493]
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13842
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 12 Sep 2009 19:12:26 +0000 (19:12 +0000)]
Allow plugins to submit security token via GET request
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13841
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 2 Sep 2009 06:00:28 +0000 (06:00 +0000)]
Fixed more links that needed security tokens
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13836
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 17 Aug 2009 23:47:07 +0000 (23:47 +0000)]
Delete requests can come via GET or POST
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13829
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 17 Aug 2009 23:18:47 +0000 (23:18 +0000)]
Protect message deletion with security token system. (Secunia Advisory SA34627)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13826
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 12 Aug 2009 08:36:13 +0000 (08:36 +0000)]
Correct documentation
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13821
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 12 Aug 2009 08:30:59 +0000 (08:30 +0000)]
Add controls for page referal verification and security token system to the configuration tool
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13819
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 12 Aug 2009 08:28:38 +0000 (08:28 +0000)]
Implemented security token system. (Secunia Advisory SA34627)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13817
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 12 Aug 2009 08:20:46 +0000 (08:20 +0000)]
Implemented page referal verification mechanism. (Secunia Advisory SA34627)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13816
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 10 Aug 2009 23:18:20 +0000 (23:18 +0000)]
Fix incorrect stristr() parameter order
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13813
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 8 Aug 2009 20:15:19 +0000 (20:15 +0000)]
Don't encode stuff that's used in hyperlink addresses
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13812
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 8 Aug 2009 19:23:59 +0000 (19:23 +0000)]
Allow forward slashes in Windows-style full paths
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13811
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 1 Aug 2009 19:17:55 +0000 (19:17 +0000)]
Fix broken regular expression
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13809
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Sat, 1 Aug 2009 19:15:13 +0000 (19:15 +0000)]
Fix broken regular expression
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13808
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Fri, 31 Jul 2009 05:23:04 +0000 (05:23 +0000)]
Remove personal data from Message ID seed. (#880029/847107)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13805
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 29 Jul 2009 03:35:07 +0000 (03:35 +0000)]
This time really make abook files get created with correct permissions
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13803
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 29 Jul 2009 01:55:21 +0000 (01:55 +0000)]
Stop using deprecated ereg() functions (#
2820952)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13799
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 28 Jul 2009 23:24:11 +0000 (23:24 +0000)]
Remove possible bad system admin typos (#
2827153).
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13794
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 28 Jul 2009 23:13:45 +0000 (23:13 +0000)]
PHP 5.3 deprecated ereg() function (#
2820952)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13793
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 28 Jul 2009 22:50:12 +0000 (22:50 +0000)]
Port Thijs fix (rev.13790) to DEVEL: no words must be an empty array, not a string, to prevent notices when later array operations are done on $words.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13792
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Tue, 2 Jun 2009 02:10:56 +0000 (02:10 +0000)]
Fixed broken RFC1918 reference in contrib/.htaccess and doc/.htaccess (#
2798839).
This probably needs further discussion
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13778
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Fri, 29 May 2009 10:55:17 +0000 (10:55 +0000)]
Porting comments and strings between 1.4 and 1.5.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13772
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Thu, 28 May 2009 22:46:56 +0000 (22:46 +0000)]
No double spaces in strings please. They will not show up in HTML anyway.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13770
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Thu, 28 May 2009 06:22:05 +0000 (06:22 +0000)]
Adding comments to the translators.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13769
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Thu, 28 May 2009 06:19:45 +0000 (06:19 +0000)]
Adding more strings to the template.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13768
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 26 May 2009 18:05:35 +0000 (18:05 +0000)]
QUERY_STRING is already sanitized
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13767
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Tue, 26 May 2009 13:11:31 +0000 (13:11 +0000)]
Porting comments betweeen 1.4 and 1.5.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13766
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Tue, 26 May 2009 12:35:43 +0000 (12:35 +0000)]
Removing "www." from some links.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13765
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Tue, 26 May 2009 12:29:07 +0000 (12:29 +0000)]
Porting comments betweeen 1.4 and 1.5.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13764
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Tue, 26 May 2009 11:52:09 +0000 (11:52 +0000)]
Removing the shut down DSBL blocklists. Thanks to Martin Jalakas for the report (#
2796734).
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13763
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Sun, 24 May 2009 10:00:10 +0000 (10:00 +0000)]
add more labling for options pages
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13755
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Sun, 24 May 2009 09:59:41 +0000 (09:59 +0000)]
misplaced labels
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13754
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Sun, 24 May 2009 06:08:56 +0000 (06:08 +0000)]
Fix for bug_report plugin not handling multiple values for same key (AUTH= AUTH=)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13753
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Fri, 22 May 2009 11:28:21 +0000 (11:28 +0000)]
add labels to login page
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13748
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Fri, 22 May 2009 09:44:53 +0000 (09:44 +0000)]
Using a better domain name.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13745
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Fri, 22 May 2009 09:40:19 +0000 (09:40 +0000)]
Fixing HTML vaidation - the same anchor can't appear twice in a page.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13744
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Fri, 22 May 2009 09:34:32 +0000 (09:34 +0000)]
Fixing HTML vaidation.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13743
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Thu, 21 May 2009 17:11:22 +0000 (17:11 +0000)]
The shell escaping fix in map_yp_alias (CVE-2009-1579) was incomplete.
Thanks Michal Hlavinka for noticing this. [CVE-2009-1381]
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13734
7612ce4b-ef26-0410-bec9-
ea0150e637f0
kink [Thu, 21 May 2009 10:23:43 +0000 (10:23 +0000)]
update changelog
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13732
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 21 May 2009 09:21:56 +0000 (09:21 +0000)]
Anchor the regexp. Thanks Thijs Kinkhorst.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13730
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 20 May 2009 20:59:44 +0000 (20:59 +0000)]
When sending an address literal to an SMTP EHLO command, do it with the right syntax
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13728
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Wed, 20 May 2009 17:22:31 +0000 (17:22 +0000)]
Add FIXME
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13726
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 19 May 2009 01:51:16 +0000 (01:51 +0000)]
- Fixed the Filters plugin to allow commas in filter criteria text
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13721
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jangliss [Sun, 17 May 2009 00:38:30 +0000 (00:38 +0000)]
- Cleanup variable name in address search for compose to clearup confusion.
- Remove Javascript from address search page when JavaScript is disabled.
- Add "Check All" function to address book when using "in-page" addressbook.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13713
7612ce4b-ef26-0410-bec9-
ea0150e637f0
jervfors [Fri, 15 May 2009 15:09:55 +0000 (15:09 +0000)]
Including the colon in the string.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13706
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 14 May 2009 18:43:06 +0000 (18:43 +0000)]
Show real values for error settings
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13704
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 14 May 2009 17:20:47 +0000 (17:20 +0000)]
Clarify docs and use correct $nbsp
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13702
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 14 May 2009 17:03:10 +0000 (17:03 +0000)]
Add documentation and default case to catch unknown suffixes to getByteSize()
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13701
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Thu, 14 May 2009 06:31:47 +0000 (06:31 +0000)]
MAX_FILE_SIZE hidden field must be before the file input according to the PHP docs
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13697
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Tue, 12 May 2009 07:42:28 +0000 (07:42 +0000)]
Forgot to mention PHP 5.3/6 compatibility update the other day
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13684
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 11 May 2009 22:50:16 +0000 (22:50 +0000)]
Always generate $base_uri for every page request as opposed to doing it only on some pages. Always regenerate session ID at login to prevent session fixation by an attacker who has set a malicious cookie on the client browser. Try to clean up extraneous cookies, such as ones some browsers might actually obey from the src/ directory. Thanks to Tomas Hoger. (CVE-2009-1580)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13677
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 11 May 2009 22:17:46 +0000 (22:17 +0000)]
OMG - unsanitized shell command. Thanks to Niels Teusink. (CVE-2009-1579)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13675
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 11 May 2009 22:08:25 +0000 (22:08 +0000)]
Dunno why this was never implemented, but the comments say it's OK, so here goes...
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13673
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 11 May 2009 22:04:40 +0000 (22:04 +0000)]
Sanitize decrypt_headers.php form input (base64 decoding is not the same as sanitizing), general cleanup and grammatical fixes. Thanks to Niels Teusink. (also CVE-2009-1578)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13671
7612ce4b-ef26-0410-bec9-
ea0150e637f0
pdontthink [Mon, 11 May 2009 21:49:23 +0000 (21:49 +0000)]
Fixed improper sanitizing of PHP_SELF and the lack of sanitizing of QUERY_STRING server environment variables. Thanks to Niels Teusink and Christian Balzer. (CVE-2009-1578)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13669
7612ce4b-ef26-0410-bec9-
ea0150e637f0