Add IMAP ID command (RFC2971), sent after every login - use by setting $imap_id_comma...
[squirrelmail.git] / doc / ChangeLog
CommitLineData
a06602b9 1*************************************
2*** SquirrelMail Devel Series 1.5 ***
3*************************************
291324f5 4
8fea605c 5Version 1.5.2 - SVN
23a8174a 6-------------------
2f3be406 7 - Fixed system lock-ups caused by a combination of certain rare, malformed
8 message headers and buggy versions of PHP mbstring (#3053349, $2987016).
9ac8d987 9 - Fix broken set_url_var function in functions/html.php (#1729814).
9881d114 10 - Fix incorrect detection of auth mechanisms in conf.pl (#1727033).
af72b045 11 - The search expression in the LDAP backend of the Addressbook is now
12 configurable, which can allow the result set to be expanded.
13 - Preliminary support for NAMESPACE in Squirrelmail IMAP Backend: NAMESPACE
14 is parsed and stored in session upon login.
bc29bf70 15 - Now uses the $Forwarded IMAP keyword for forwarded messages, when it is
16 enabled or when arbitrary keywords ("PERMANENT FLAGS \*") are permitted.
17 RFC 4550, paragraph 2.8.
beaeac74 18 - Added support for authorization identifier in IMAP backend, for SASL
19 authentication mechanisms PLAIN and DIGEST-MD5. This can be set upon login
bc29bf70 20 by use of an external plugin.
c03f764a 21 - Fix warning about array required in array_keys for display options when no
22 fontset is defined.
23 - Added "bad plugin" blacklist in configtest.php.
23a8174a 24 - Fix MagicHTML fix with respect to parsing of u\rl in IE.
a9522df4 25 - Added monitored folders option to newmail plugin.
c4de9863 26 - Tweaked STARTTLS option for SMTP/IMAP to allow previous settings of just
27 pure TLS not to be used to assume STARTTLS.
1ba853e6 28 - Fixed quotes in configuration strings in administrator plugin.
13fb02bb 29 - Fixed View as HTML link so it doesn't forget it was part of a seach result.
bff157dd 30 - Don't use delimiter in IMAP subscription command, when noselect folder is
31 created.
f5a2d7b4 32 - Security: Possible cookie theft in src/redirect.php if
33 register_globals is enabled, and malicous site is running
34 in same domain.
4517d1c3 35 - Stop URL parsing, if 8bit symbols or HTML entities are detected (#1356798).
36 - Added new color themes by Jeremy Landes, Tammi Maggard and Lucas Austin-Howe
37 (#1378332), (#1377567), (#1377529), (#1377528), (#1377527), (#1377526),
38 (#1377525), (#1393188).
17f3d242 39 - Issue loading options page always loaded the prefs
40 initial_value on display, instead of the users' value.
8fe3d326 41 - Adding the message_body hook to src/view_html.php and src/view_text.php,
42 allowing display of unsafe images when viewing HTML attachments and when
43 HTML is in an <iframe>.
1a811a46 44 - Fixed from address in case of MDN receipts (patch from Dimitar Pashev)
ad36be8a 45 - Advanced tree folder listing is moved to templates. $advanced_tree
46 configuration variable is removed.
47 - Added system locale tests to configtest.php script.
11e3d657 48 - Fixed invalid HTML output that caused error notices in compose.php (#1454409).
867fed37 49 - Introduction of centralised initialization file init.php. Location of some
50 scripts is changed. If code tries to use older script layout, scripts will
51 break and display error messages.
f2ac3325 52 - Added session regenrate id functionality to prohibit session hijacking.
7a2fac94 53 - Fixed sqsession_cookie function for setting HttpOnly cookie attribute.
f2ac3325 54 - Reduce references header in a smart way to avoid "header too long"
55 errors from SMTP servers in really long threads (#1167754, #1465342).
045ec1a1 56 - Added code that allows to use internal password functions in sqimap_login().
57 Switched plugins to use this code instead of accessing key and otp information
58 directly.
8d810b7c 59 - Fixed automatic mailbox creation in left_main.php. 1.5.1 mailbox caching
248cf877 60 broke detection of unsubscribed special folders (#1461578).
bb27e0c3 61 - Undo extra sanitizing in decodeHeader() function (#1460638).
06783280 62 - Added workaround for broken OpenBSD 3.8+ setlocale() function (#1427512).
e4baf0ee 63 - Fixed session lockups on large attachment downloads.
4f535576 64 - Added configtest hook in src/configtest.php.
386c7b54 65 - Improved error handling for the help pages.
26eed4f7 66 - Fixed possibility to use single quote in provider name (#1475744).
4e38bc70 67 - Improve recovery when EHLO not supported on legacy SMTP servers
68 (#1031455).
867fed37 69 - Added error handling and $onlylocal argument to abook_init hook.
70 - Added PHP 5.1.0 date_default_timezone_set() function support. Allows
71 to use time zone settings in PHP safe_mode.
67a89a62 72 - Sanitized IMAP folder names in error_message() function and filters plugin.
0a0f05c6 73 - Take X-Forwarded-Host HTTP header in consideration when constructing
74 base_uri for redirects; reduces problems with transparent proxies
75 (#1488590).
045dee91 76 - Fixed server capability retrieval for "double" cases in capability
77 response, like "FOO FOO=bar".
e1ae8c4e 78 - Various address book database backend modifications. Fixed invalid
79 error checks in insert() and delete() methods (checks caused PHP
80 warnings). Turned on Pear DB field case portability mode. Escaped SQL
81 wildcards in search() method. Handle nickname changes in modify()
82 method when new nickname is already in use. Made search expressions
83 case insensitive in search() method.
e8be31f7 84 - Added special folder (Drafts, Sent, Trash) translations in mailbox
85 tree and folder selection boxes.
664fd7a0 86 - Added write support to address book LDAP backend. Patch by David
87 Hardeman (#1495763).
24bb7e49 88 - Added message copy options.
35235328 89 - Removed html formating from address book backend classes. Added
90 fullname() method to addressbook_backend class. Moved
91 htmlspecialchars() sanitizing from address book backend classes to
92 html output code. If third party code displays errors from address
93 book object in html, errors must be sanitized and ASCII line feeds
94 should be converted to html line breaks.
223cc0f5 95 - Add note to conf.pl / config_default.php to warn users that set
96 sensitive passwords in that file to properly secure it.
bf02c883 97 - Prevent modifications in advanced identities, when editing of
98 identities is disabled.
258f8985 99 - Configuration utility does not allow 8bit symbols in IMAP folder names
100 (#1485501).
7311c377 101 - Address book file backend will break with error message, if required
102 address book fields are not available. Prevents address book corruption
103 and address book format violations that can cause PHP notices.
104 - Added line length setting in local_file address book backend (#1181561).
0ece116f 105 - Removed proprietary wrap attribute from compose form (#1512681).
bfb55134 106 - Fix URL for Read Receipts being incorrect in some cases (#1177518).
345e009b 107 - Don't allow selecting INBOX as Sent, Draft or Trash folder (#1242346).
65533a92 108 - Session cookies are turned on, if session.use_cookies is turned off
109 in PHP configuration (#1518885).
08868a8c 110 - Make the default attachment dir /var/local/squirrelmail/attach, not
111 $data_dir.
828c58f1 112 - Add HTML labels for form elements.
d8795f3d 113 - Fixed spamcop web based reporting form (#1519673) and removed service
114 type options from spamcop plugin.
6c99d1de 115 - Removed trailing ?> from function scripts.
01066e58 116 - Added checks for non-existent backend to AddressBook class.
74530cf4 117 - Make the base for the SquirrelMail URL configurable. Adds a new variable
118 config_base_location to config.php and a new option to conf.pl. This is
119 to prevent problems in installs where our heuristic doesn't work
120 correctly (#1521299, #1460675, #1110064, #1000850, #1113791).
61e49023 121 - Removed conf.pl dependency on Perl IO::Socket module. Automatic detection
122 of supported authentication mechanisms is disabled, if IO::Socket is not
123 available.
29d387e7 124 - Removed HTTP Status header from signout page (#1424748).
5e68a08e 125 - config_default.php is loaded before site configuration file.
126 config_local.php overrides are removed from config.php and loaded by
127 main initiation script.
c6f28eb1 128 - Fixed resuming of compose when session expired while writing, and make
129 sure the code only sets those variables that are needed in compose and
130 are not already set. Thanks James Bercegay from GulfTech for pointing
131 this out.
ceb7ad3c 132 - Subfolders of system folders are not tagged as special in folder
133 management page in order to allow rename and delete operations with
134 subfolders (#1460011).
135 - Trash subfolders are allowed in courier. INBOX.Trash is not treated
ad648d4c 136 as special on Courier, unless some SquirrelMail configuration option
137 marks this folder as special (#1354393). Configtest utility should
ceb7ad3c 138 display warning, if Courier IMAP XMAGICTRASH extension is detected.
ad648d4c 139 - Show purge link for Trash folder without any messages, if folder has
140 subfolders (#1413569).
029d1fc2 141 - Custom SMTP AUTH configuration variables are moved from config_local.php
142 to main configuration file.
51fa8319 143 - Fixed subscription of new 'noselect' folders (#1315912).
0f6a5ba9 144 - Moving the development documentation to the documentation module.
cbc91f42 145 - Drop obsolete script plugins/make_archive.pl.
75cd948c 146 - Fix misspelled constant PREG_SPLIT_NI_EMPTY in sqimap_get_message
147 (#1543573).
be9f42bf 148 - Provide View Unsafe Images link on viewing a text/html attachment.
fc7260bb 149 - Added APOP, TLS and STLS support to mail_fetch plugin (#575299).
0fa9bde7 150 - Added Courier IMAP OUTBOX check to configtest utility.
3410accc 151 - Moved login_form hook to its own table row on login page.
3824e89a 152 - Added check_plugin_version() function.
153 - If mailbox name starts with slash or contains ../, error message is
154 generated. Safety check for insecure default UW IMAP setup (#1557078).
a2aa472a 155 - Ignore message copy errors when messages are deleted. Allows to delete
156 messages when quota is exceeded. (#614887) (#646386) (#1446026)
2aecdb55 157 - Fixed unintended literal fetching (#1562271).
b85f453e 158 - Checked if configuration file is readable in configuration utility
159 (#1568355).
db1dec97 160 - Added PHP pspell extension support to squirrelspell plugin.
c05566f6 161 - Add CEST and MEST (non-standard) timezone codes for +0200.
1a64a084 162 - Add support for SpamAssassin's X-Spam-Status header (#1589520).
93d67e0d 163 - Added plugin on/off switch, which completely disables all plugins
164 (optionally for one named user, otherwise for all users).
7e2ff844 165 - Security: close cross site scripting vulnerability in draft, compose
166 and mailto functionality [CVE-2006-6142].
167 - Security: work around an issue in Internet Explorer that would guess
168 the mime type of a file based on contents, not Content-Type header.
f0cb1f93 169 - Security: Multiple IE cross site scripting issues related to the
170 generous parsing of the words 'expression' and 'url' by IE.
171 - Security: Removing @import when sanitizing html mail.
031a141e 172 - Redesigned plugin hook system. do_hook_function() has been removed
173 and do_hook() now emulates do_hook_function()'s return value and
174 also has its plugin arguments passed by value, etc.
5cc5aa8f 175 - Drop obsolete ORDB RBL from filters plugin (#1629398).
99c1c0d6 176 - Add warning about magic_quotes_* in configtest.
7a4f9bfb 177 - Unify accepted versions for imap_server_type and set_defaults (#1629722).
628bce99 178 - Improve attachment temp file creation.
e5f21a91 179 - Add ability for listcommands plugin to show post and reply links for
180 user-configured non-RFC 2369-compliant lists; admin must enable by
16a0e3ca 181 configuring plugin. Thanks to Peter Steiner.
2741e624 182 - Fixed HttpOnly cookies again.
4b5049de 183 - Update for switch from CVS to Subversion.
8cd88a0d 184 - Default provider URI link fixed (was broken when on plugin options pages, etc)
ef3e6c1f 185 - Fix URL to send read receipts from read_body (#1637572).
209e24bb 186 - Add option to ask users for personal information on first login.
40c8e9a1 187 - Drop redundant call to session_register, which could trigger a segfault
188 in PHP 4.4.5 (#1664155).
df1288a4 189 - If a date-header cannot be parsed, display the unparsed version as a
190 better-than-nothing alternative.
191042a9 191 - Fix Priority and Receipt compose options being reset after return from
192 HTML addressbook, and allow returning from an empty address book (#1673056).
876fdb60 193 - Do not special case the 'None' folder.
d3ab6260 194 - Fixes for filters issues. (#1634735)
06b0bc33 195 - session_id reporting session id when no active session (#1685031).
36efe99d 196 - Added sq_change_text_domain() for plugins to use when switching text
197 domains. If plugins use this function, it fixes #1434043.
da07752d 198 - Add dynamic textarea sizing slider control to compose screen (default_advanced
199 skin)
567dc524 200 - Security: fixes for the HTML filter to counter further XSS exploits:
201 HTML attachments containing 'data:' URLs, Internet Explorer-specifc
202 charset conversion exploits, and request forgery through included
203 images. Thanks to Mikhail Markin, Tomas Kuliavas and Michael Jordon
e7d217b9 204 for reporting these issues. [CVE-2007-1262, CVE-2007-2589]
935d09e1 205 - Fix busy loop and notice when two literals in IMAP fetch (#1739433).
a140422a 206 - Resolved issue with compose session not being updated after send/save.
6a0c35d4 207 - Added ability to detect HTTP_X_FORWARDED_PROTO in get_location(),
a140422a 208 thanks to Daniel Watts.
209 - Fix test for signout.php in the logged in check in init.php so it
1f270d3c 210 cannot be circumvented by manipulating the URL. External plugins might
211 rely on init.php guaranteeing that the user is logged in.
805d352e 212 - Sort readdir() output in conf.pl (#1755886).
6e097501 213 - Made the webmail_top hook work again for plugins that want to change
214 the URI of the "right" frame; plugins have to change the value of the
215 global variable $right_frame_url
f8eb968d 216 - No longer store all message composition sessions in the PHP session,
217 since it was not made use of and in rare cases, made sessions too big
218 - Composition restoration functionality now correctly restores attachments
93917f92 219 - Added smtp_auth hook
e4835cf2 220 - Removed "Include CCs when Forwarding Messages", which had no functionality
221 whatsoever.
02def6a1 222 - Added "preselected" query argument to mailbox list.
fab8e10c 223 - Make the Message Details plugin actually show the correct entity when
224 viewing details of attached messages.
56196737 225 - Enabled user selection of address format when adding from address
226 book during message composition.
dc528046 227 - Added a "short_open_tag" configuration test.
b49d3e4f 228 - Fixed outgoing messages to allow addresses such as "0@..." or "000@...",
229 etc. (#1818398).
f74ec578 230 - PAGE_NAME might not be defined in all plugins, which might cause a
231 "not defined" error on session timeouts.
bc3acc5a 232 - Allow custom session handlers to work correctly (and be defined at the
233 application level with SquirrelMail).
1e09ecc2 234 - Fix off-by-one in bodystructure parsing triggered by servers sending
235 a body location part (e.g. Sun Java System Messaging Server). Thanks
236 John Callahan (#1808382).
7c8a0b77 237 - Invalid initialization of To: header (#1772893).
1888b1bf 238 - Added SquirrelMail debug mode.
f6cd95a1 239 - Handle PHP's insistence on setting the value to 'deleted' for destroyed sessions
240 (#1829098).
06bcb9c3 241 - Some IMAP servers send nil for an empty email body (See RFC2180,
242 section 4.1.3 on empty strings).
8a1f4ae3 243 - Let configtest.php use optional PEAR dynamic extension loading,
244 patch by Walter Huijbers (#1833123).
e2ccf284 245 - Fix for IMAP servers that were having problems saving sent messages
061108dc 246 - Added "Secured Configuration" mode.
daf77710 247 - Added edit list, checkbox, radio group, multiple-select folder list
947db1ab 248 and multiple-select string list option widget types.
3ec364a4 249 - Allow database based preferences to read in default settings from the
250 default_pref file next to hardcoding them into the DB class, thanks
251 Thierry Godefroy.
a6519f05 252 - Reimplement printer friendly to make use of CSS.
4fe67ca6 253 - Enhanced address book page: added address list pagination, added
254 'Compose to' button, put labels around address entries tied to
255 checkboxes, added hook and template plugin output sections for
256 plugins that can filter address book listings and modify the abook
257 navigation bar. Complements RisuMail team (risumail.jp).
09d3bc24 258 - Added submit button type option widget
259 - Allow address lookup by fields other than nickname/alias
260 - Implement preference override hooks for database prefs backend that
261 have long been in the file-based prefs backend
40f581e4 262 - Removed the Address Take (abook_take) plugin; please see the Add Address
263 (third party) plugin.
783e926e 264 - Allow a different server address for the POP server to be configured when
265 using POP before SMTP.
79dd8c72 266 - Seed random number generator in one place during script init.
775a1f52 267 - Add native output buffering.
e40b0e8e 268 - Allow control over white space wrapping of auto-generated SquirrelMail
269 option widgets.
1676d222 270 - Add informational type option widget
3fa09710 271 - Add password type option widget
61bd57f5 272 - Make all submit button names unique on compose screen
76d6a9ad 273 - Make address book file permissions 0600 - same as preference files
51bbe8fa 274 - Added compatibility with Dovecot's bigint UIDs
4fc07fb0 275 - Ensure that hash directory computation is the same on both 32 and
d3ab6260 276 64 bit architectures. (#2596879)
6378ee4a 277 - Allow multiple addresses in one abook entry (separate with commas),
278 although we HIGHLY DISCOURAGE grouping in this manner - note amongst
279 other issues that can come up, sizing for large groups will be a
d3ab6260 280 problem. (#2611967)
6c2abb90 281 - Added Tamil translation (Thanks to Kengatharaiyer Sarveswaran).
97a4c2ae 282 - Added Bengali (Bangladesh) translation (Thanks to Jamil Ahmed).
6969a7e1 283 - Implemented accesskeys on primary pages; is user-configurable in the
284 Options -> Accessibility Preferences page
7b4e717d 285 - Moved documentation to doc/ directory and added example .htaccess
d3ab6260 286 files in all directories to which browsers don't need direct access.
75b7d042 287 - Added RFC 2231 support. Thanks to Piotr Pawlow. (#2501379)
d3ab6260 288 - Date headers in outgoing messages have been brought into RFC 822
289 compliance (removed time zone name). (#1849410)
290 - Default Content-Transfer-Encoding is now RFC-compliant "7bit"
291 instead of "us-ascii". (#1942060)
ab93a9ac 292 - Outgoing attachments that have lines longer than allowed per RFC
293 are now encoded so they are not corrupted by artificial line folds.
294 Thanks to Kelly Fallon. (#2226470, $1473714)
980c6231 295 - Completed a massive update to contrib/flat2sql.pl.
1a753239 296 - Display visual indication of forwarded messages.
7e774255 297 - Added Khmer translation (Thanks to Khoem Sokhem).
b851e2be 298 - Removed use of session_unregister() for compatibility with PHP 5.3.0
299 and PHP 6
39352565 300 - Remove ability for HTML emails to use CSS positioning to overlay
301 SquirrelMail content (Thanks to Luc Beurton). (#2723196) [CVE-2009-1581]
960b7ec2 302 - Fixed improper sanitizing of PHP_SELF and the lack of sanitizing of
f43698c1 303 QUERY_STRING server environment variables (Thanks to Niels Teusink
960b7ec2 304 and Christian Balzer). [CVE-2009-1578]
f43698c1 305 - Fixed the lack of sanitizing of contrib/decrypt_headers.php input;
306 also includes general cleanup of that page (Thanks to Niels Teusink).
307 [also CVE-2009-1578]
41afe86f 308 - Fixed unsanitized shell command in example IMAP username mapping
a28de419 309 function (map_yp_alias) (Thanks to Niels Teusink).
310 [CVE-2009-1579, CVE-2009-1381]
1f80d9f5 311 - Fixed session fixation issues where someone who can modify a user's
312 cookies could gain control of their login session. The SquirrelMail
313 base URI is now uniformly generated, extraneous cookies are cleaned
314 up and session IDs are regenerated upon every login (Thanks to Tomas
315 Hoger). [CVE-2009-1580]
0885e0d7 316 - Cleanup variable name in address search for compose to clearup confusion.
317 - Remove Javascript from address search page when JavaScript is disabled.
318 - Add "Check All" function to address book when using "in-page" addressbook.
9bcaa839 319 - Fixed the Filters plugin to allow commas in filter criteria text.
320 - In SMTP, when we EHLO with an IP, wrap it in brackets (#2793154).
d1e68dd0 321 - Bug Report plugin not handling multiple same key capabilities (thread/auth)
322 (#2796007).
f9d816d4 323 - Removed the shut down DSBL blocklists (#2796734).
2600c421 324 - Fixed broken RFC1918 reference in contrib/.htaccess and doc/.htaccess (#2798839).
b7910e12 325 - Stop using deprecated ereg functions. (#2820952)
dda811a1 326 - Remove personal data from Message ID seed. (#880029/847107)
7428254a 327 - Implemented page referal verification mechanism. (Secunia Advisory SA34627)
199a9ab8 328 - Implemented security token system. (Secunia Advisory SA34627)
780555e6 329 - Fix issue with multi-part related messages not showing all attachments (#2830140).
74320ac6 330 - Fix for security token missing in newmail plugin (#2919418).
84edf699 331 - Fix for mailto: urls containing + characters, thanks to Michael Puls II for the
332 patch.
58fdbbde 333 - Make base URL autodetection more robust; fixes some lighttpd issues
334 (probably #1741469).
6b76cffa 335 - Encoded From headers now properly quoted (#2830141).
c19e5483 336 - Multibyte strings (notably subjects) are now handled correctly (#2824813,
337 #2925731).
a798d8b2 338 - X-DNS-Prefetch-Control: off header is now sent to browsers to prevent information
034efc16 339 leakage when Firefox does DNS prefetching for URLs contained in emails.
a798d8b2 340 - Added the ability to configure Google Mail (Gmail) as the mail server
341 behind SquirrelMail.
d887e067 342 - Fix error with SpamCop reporting plugin not being able to send report as
343 emails (#1795310).
344 - Fix typo in SpamCop plugin.
e1bab38c 345 - Reduced default time security tokens stay valid from 30 days to 2 days
346 (reduces chances of session data growing too large)
b571d899 347 - Fixed minor vulnerability in Mail Fetch plugin [CVE-2010-1637/TEHTRI-SA-2010-009]
a9b9e5d3 348 - Now properly quote personal part of encoded addresses when replying.
865050ce 349 - Now fill in default subject when forwarding as attachment (#2936541).
117aa0c5 350 - Fixed issues caused by use of PostgreSQL keyword "user" in SquirrelMail's
865050ce 351 default preferences database schema (#2943483).
117aa0c5 352 - Fixed attachment filename decoding problems (#2994865).
53901c7b 353 - Now allow multiple plugins to handle (add links for) a single
354 attachment MIME type.
8747058a 355 - Fixed sqauth_read_password() for plugins on the login_verified hook.
ace33b58 356 - Forced addition of a file suffix to attachments that lack a filename
9ae70b62 357 (helps forwarded messages avoid spam filters) (thanks to Petr
ace33b58 358 Kletecka) (#3139004).
9ae70b62 359 - Added smtp_authenticate hook (thanks to Emmanuel Dreyfus).
55e34626 360 - Allow administrators to configure subfolders of user INBOXes to be
361 treated as special folders by adding $subfolders_of_inbox_are_special
362 to config_local.php.
ba6d2a96 363 - Added clickjacking protection (thanks to Asbjorn Thorsen and Geir Hansen
364 for bringing this to our attention). [CVE-2010-4554]
ce102fcc 365 - Fixed XSS holes in generic options inputs, XSS hole in the SquirrelSpell
366 plugin, and added anti-CSRF protection to the empty trash feature (thanks
fc704be3 367 to Nicholas Carlini for finding all these issues).
368 [CVE-2011-2752, CVE-2011-2753, CVE-2010-4555]
bb40a9c1 369 - Fixed XSS problem with unsanitized style tags in messages. [CVE-2011-2023]
8b213268 370 - Always ensure that the Reply-To header is a full email address in
2f617223 371 outgoing messages
63389330 372 - Unified address book searches somewhat: file-backed address books now
373 search in each field individually; database-backed address books now
374 search in fields other than first/last name (nickname, email)
d20dfddd 375 - Made performance improvements in security token handling
5d0f90f4 376 - Improvements for PHP 5.4 compatibility.
ace75dcb 377 - Added option that allows users to have replies to their own
378 messages sent to the recipient of the previous message (#3520988).
282f8e7c 379 - Added associative edit list option widget, with optional folder
380 list selector for values
6ab8321f 381 - Added option to use blank spacer instead of security image ("This
382 image has been removed for security reasons.") for replacing
383 unsafe images.
d72549cb 384 - Full date and time is used as "title" (mouseover) text for dates
385 shown on the message list screen
9aaa9ae2 386 - Added advanced control over the SSL context used when connecting
9ae70b62 387 to the SMTP and IMAP servers over SSL/TLS (thanks to Emmanuel
a9805897 388 Dreyfus). See $imap_stream_options and $smtp_stream_options in
c97a848e 389 config_local.example.php for more information.
9ae70b62 390 - Added ability to show login error from the IMAP server instead of
391 traditional "Unknown user or password incorrect" (thanks to Alain
392 Williams). See $display_imap_login_error in the configuration
393 file or "4. General Options ==> 21. Display login error from IMAP"
394 in the configuration tool.
34aa9765 395 - Configuration tool now shows the SquirrelMail version
e63aa8cc 396 - Prevent session lock-up caused by filters plugin trying to move
397 messages in an account that is over quota.
36c59d84 398 - Added MD5 alternative to directory hash calculation
3f7a756d 399 - Added ability for administrator to control whether or not users
400 can edit their reply-to address ($edit_reply_to in config.php)
6ce16a17 401 - Added new "login_before_page_header" (boolean) hook; allows
402 plugins to have more explicit control over login page header
19efb8f0 403 - Added new "smtp_helo_override" hook; allows plugins to override
404 the HELO host sent to the SMTP server when sending messages
69a3ac89 405 - Added PDO support for database connections, so no external
406 database module needs to be installed
c6c3ccc4 407 - Fixed insufficient sendmail command argument escaping (thanks
52859dec 408 to Mitchel Sahertian, Beyond Security/Dawid Golunski and Filippo
bd3ebe3f 409 Cavallarin for bringing this to our attention). [CVE-2017-7692]
81feffd2 410 - Added ability to control the display of the "Check Spelling"
411 button provided by the squirrelspell plugin, which allows
412 administrators to offer this plugin but keep it out of the way
413 for users who do not want it. Put sqspell_show_button=0 in
414 default preferences if it should be hidden by default
3608d8a3 415 - Add ability for saved drafts to indicate if they are a reply
416 or forward and if so, to which message, and mark that message
417 as replied or forwarded when the draft is finally sent
8c1dfb24 418 - Added option to allow returning to the message one had been
419 replying to after sending
38c91156 420 - Sanitize user-supplied attachment filenames (thanks to Florian
421 Grunow for reporting this issue) [CVE-2018-8741]
18bd19a0 422 - Changed anti-CSRF security token lifetime to be session-based.
c552d9d2 423 - Added favicon and ability for admins to use their own by setting
424 $head_tag_extra in config_local.php (see documentation in
425 config/config_local.php)
b4218cbe 426 - Updated SVG handling, closing several related vulnerabilities
427 (#2831) [CVE-2018-14950] [CVE-2018-14951] [CVE-2018-14952]
428 [CVE-2018-14953] [CVE-2018-14954] [CVE-2018-14955]
629fb744 429 - Added IMAP ID command (RFC2971), sent after every login - use
430 by setting $imap_id_command_args in config/config_local.php
431 (see notes in config/config_local.example.php for more details)
1a811a46 432
b9385398 433Version 1.5.1 (branched on 2006-02-12)
434--------------------------------------
b0323712 435 - New reply citation to include date and author.
6c84ba1e 436 - Security: Fix some possible XSS bugs.
c17df115 437 - Norwegian Bokmal translation uses nb_NO.
8f2965ac 438 - Integrated Msg_Flags plugin - turn on/off icons using configuration tool,
439 menu number 11 (Tweaks), option number 3, after which users must select an
d4c14e51 440 icon theme in Options/Display Preferences.
8f2965ac 441 "Flag"/"Unflag" buttons are implemented as separate plugin.
e4b2105e 442 - Added Farsi and Tagalog translation support.
443 - Enabled Ukrainian and Russian-Ukrainian support
8f2965ac 444 - Fixed subfolders named "foo.inbox" didn't always work well.
c17df115 445 - sqimap_create_stream() was not obeying passed params properly.
d628670c 446 - Fix non-selectable inbox.
13721b47 447 - Add src/configtest.php script which checks for common errors in the config.
2a9b0fad 448 - Improve display of some unparsable/absent dates (#891354).
d1db3699 449 - Add comment (Highest,Normal,Lowest) to X-Priority header.
450 Some SpamAssassin rule triggers on the absence of such a comment.
49c0360c 451 - Corrected moving of last message in a folder using Delete-Move-Next
8fe792a7 452 functionality added to core in 1.5.0.
d628670c 453 - Fix test for LOGINDISABLED, should only test when the auth mech actually
b7043f90 454 is 'login'.
abd74f7d 455 - Update required PHP version to 4.1.0, and remove PHP 4.0.x legacy code.
3ecad5e6 456 - Make writing of preferences, abook, calendars fail better when disk full
457 (#915527).
6201339c 458 - Remove code related to non-UID-supporting IMAP servers.
b6974f59 459 - Fix quoteimap() regex escaping problem (#921291).
d725f88c 460 - Added option to suppress Received: line in outbound SM headers (#847107).
461 - Changed read_body header from links to buttons (looks like message index).
99e5ab05 462 - Add functions for building HTML forms (functions/forms.php).
8f2965ac 463 - Moved javascript_on to session (from prefs). Centralized JavaScript
464 detection in prefs.php method checkForJavascript.
d725f88c 465 - Added abook_init and abook_add_class hooks.
466 - Fixed "Resume Draft" to continue using selected identities (#845290).
27c22153 467 - Fixed RFC2821 incompliancy by adding a fallback mechanism to HELO if
468 EHLO is not supported.
c17df115 469 - Fixed RFC2298 incompliancy by setting envelope sender to null.
aef36f9a 470 - Fixed problem where setting all the messages on the last page of the
471 message list would return one page higher.
49c0360c 472 - Remove call to perform expunge on mailbox select - auto-expunge will
9f84f4a5 473 still be performed on message delete, etc.
c17df115 474 - Allow single quotes to be used in theme name in conf.pl (#805309).
ceb1f2de 475 - Fixed on the fly decoding of base64 encoded attachments.
8f2965ac 476 - Fixed message rejects by the Postfix sendmail wrapper when attachments were
3c83f489 477 involved.
9c66bc9a 478 - Fixed date display bug for messages of today. Show short format in case
d628670c 479 of long format. (only occurs in the timeframe around 0:00 AM till
9c66bc9a 480 timezone).
49c0360c 481 - Added address book sorting options. Ascending/descending sorting code
a259636c 482 written by Bryan Loniewski.
483 - Use Special Folder Color config option works again (#931956).
402f38e2 484 - In POP3-class, be more liberal regarding RFC-incompliant POP3-servers.
8bac36ce 485 - Set up language before outputing errors in auth.php to make them appear in
486 the correct language.
23279352 487 - Added Basque translation support.
83163ef0 488 - Remove flag buttons / links from display if mailbox doesn't allow it.
489 - Make used of cached ordered uid list in case of server_side_sorting.
8754eacf 490 - Rewrite of internal mailbox sorting routines.
491 - Added sort by message size.
eaddf11f 492 - Security: Fixed XSS vulnerability in content-type display in the attachment
493 area of read_body.php discovered by Roman Medina.
ba6a37d8 494 - Removed src/move_messages.php, move_before_move and move_messages_button_action
495 hooks. Mailbox listing actions should be handled by src/right_main.php and
496 functions/mailbox_display.php hooks.
5b97257c 497 - Get alternating row colors of addressbook in sync with mailbox list.
c9fcea56 498 - Give proper error when PEAR DB not found.
a123157f 499 - Remove inappropriate strip_tags() from add-to-addressbook (#968475).
37d5278d 500 - Prefs caching didn't work properly with register_globals off (#995102).
01159d82 501 - Security: fix SQL injection vulnerability in addressbook.
5df6fb4e 502 [CVE-2004-0521]
6391f3aa 503 - Removed html_top and html_bottom hooks. No longer used/needed.
361d6e1b 504 - Added "trailing text" for options built by SquirrelMail (text placed
505 after text and select list inputs on options pages)
74e44765 506 - Custom option page values now repopulate correctly
192cdcf5 507 - Added "no focus" option for compose page in display preferences (setting
508 reply focus to "No focus" also affects composing new messages)
8f2965ac 509 - Current hook name is now globally available when running a hook
510 ($currentHookName)
304c159b 511 - Fix bug when Saving to Draft folder that contains special characters.
8f2965ac 512 - Added size limit to signatures saved in file backend. Created
513 error_option_save function, that allows sending error message to options
ba6a37d8 514 page. Thanks to Martynas Bieliauskas for spotting big signature "option".
38c5802f 515 - Make SquirrelSpell work with safe_mode enabled, if using PHP >=4.3.0.
516 Patch by Ray Ferguson.
d248a616 517 - Make IP-address in Message-ID RFC822 compliant.
722c39f7 518 - Uneditable address book entries no longer have checkboxes on addresses page.
519 - Alignment of title text above folder list fixed.
520 - Changed structure of xtra_code functions that are used by some translations.
2ba590f9 521 - Added Uighur language support.
68ffc5da 522 - Added status bar to compose window when "Compose In New Window" is used.
7c788b1c 523 - Reenabled the move_messages_button_action hook and changed its name to
524 mailbox_display_button_action to promote the new location
7fcab811 525 - Making delete button, when viewing a message, consider which page was viewed
526 before.
f03f6ee7 527 - $agresive_decoding configuration option changed to $aggressive_decoding.
528 Fixed spelling.
6d3689f5 529 - Added $lossy_encoding option (provides fix for #806698)
598294a7 530 - Reenabled use of $default_charset option. Option works only with en_US
fe48c808 531 translation in order to prevent language/charset misconfiguration.
7e564026 532 - Fixes for nonpopulation of folder lists and errors when emptying the trash
533 (provides fixes for #1019185 and #1017941)
e076240a 534 - Fixed $custom_css loading in squirrelspell plugin.
598294a7 535 - Turkish translation uses C character case conversion rules. Fixes PHP and
536 SquirrelMail functions are assume English conversion rules.
8f2965ac 537 - Fixed problem that caused an error when deleting all messages on the last
538 page of a paginated view (provides fix for #1014612).
4165198d 539 - Added MySQL password/UNIX crypt support to mysql backend in the
8f2965ac 540 change_password plugin.
5d28b77e 541 - Make SMTP Authentication detection in conf.pl more RFC-compliant.
71ae5cf2 542 - Fixed IMAP errors when using mail_fetch plugin to auto-fetch on login.
57564e64 543 - Fixed folder list in Create Folders list for Courier (properly skip INBOX).
c774572c 544 - Fixed undefined variables in sqimap_create_stream().
57564e64 545 - Added Bengali translation support.
845aa0ec 546 - Fixed left frame mailbox list when sorting by case.
14f64ce1 547 - Separated fortune plugin configuration variables from main plugin scripts.
548 See plugins/fortune/INSTALL.
3ad591f5 549 - Fix for #906217 when checking spelling of inline replies, the corrected
550 words would appear through original email.
916669ad 551 - Fixed empty information menu when viewing vCards without information
6f78ac78 552 but name and e-mail address.
916669ad 553 - User may now add an e-mail address when adding vCards without one to the
6f78ac78 554 address book. No need to wait for the error message anymore.
9d22b5fc 555 - Removed japanese_xtra function used by older XTRA_CODE calls. Plugins
556 should use separate xtra_code functions. Older function does not provide
557 information about supported options.
598294a7 558 - Added php-gettext classes (see class/l10n/*.php) and ngettext support
9d22b5fc 559 functions (provides fix for #1019007).
beca2d2d 560 - LC_NUMERIC locale is set to C. (workaround for #1027130). Some plugins
561 might use decimal delimiters incorrectly.
805e7c60 562 - Added sq_is8bit function that can be used to detect 8bit strings.
8f2965ac 563 - Added sq_mb_list_encodings function that provides list of encodings
564 supported by PHP mbstring module.
805e7c60 565 - Added Content-Transfer-Encoding: 8bit header for read receipts that contain
566 8bit symbols. (provides fix for #934033).
8f2965ac 567 - Fixed decoding function problems when mbstring.func_override has
568 MB_OVERLOAD_REGEX enabled.
5df6fb4e 569 - Security: Fixed XSS exploit in decodeHeader function. [CVE-2004-1036]
598294a7 570 - Added site configuration and custom translation engine support to translate
89f45e06 571 plugin.
99f2ece3 572 - Fixed SquirrelSpell error output. Patch courtesy David Boone.
13aabbcf 573 - Fixed bug in IMAP read routines that treated "0" as false instead of
574 a string (patch courtesy Maurice Makaay).
de2349c4 575 - Fixed PHP notice when header property value is blank.
576 - Added compact paginator option. Patch by Felix Egli.
8f2965ac 577 - Fixed reply/forward form in order to avoid warnings in SSL enabled sites.
578 Patch by Felix Egli.
598294a7 579 - Removed command line option unsupported by qmail-inject in
de2349c4 580 class/deliver/Deliver_SendMail.class.php. Thanks to Ken Brush.
675357d2 581 - Global file based address book is controled in configuration. Removed
ab9254db 582 global_file address book backend (use 'local_file' instead).
c720eadd 583 - Added Net-Style theme by Gabriele Maidecchi. Closes patch #1041323.
598294a7 584 - Fix: Messages shown with bad times in message list due to misinterpreted
ab9254db 585 UW IMAP internal date.
586 - Fixed path used by random theme.
598294a7 587 - Utf7-imap encoding/decoding functions will check, if required charset is
d7dd040a 588 supported by mbstring and use it. Fixes bug #1005353.
598294a7 589 - LDAP backend will use internal SquirrelMail charset conversion functions
590 instead of PHP XML extension. Fixes bug #655137.
8f2965ac 591 - Added Wood and Silver Steel themes by Pavel Spatny and Simple Green theme.
a9551b7f 592 - Fix two time zone calculation bugs, thanks to David White. Fixes #1063879.
bddb3448 593 - 'Priority' and 'Importance' headers are now also recognised, next to the
a9551b7f 594 'X-Priority' header that we've supported since a long time. Fixes #1039935.
d6599308 595 - Handle a reload of the signout page gracefully: do not present an error
a9551b7f 596 about having to be logged in to be able to sign out. Fixes #1070069.
8f2965ac 597 - Prevent & being eaten in set_url_var, thanks Marcin Orlowski (#1053725).
79c6cb71 598 - Removed internal_link hook.
599 - Added sq_setlocale function in order to use multiple locale names.
8bac36ce 600 - Set up language before outputing errors in signout.php to make them appear
601 in the correct language.
361c20e1 602 - Added size attributes to new_mail sound tags. Fixes #818958.
8f2965ac 603 - Removed extra ; in SquirrelMail added Received header per RFC 822
604 (#1088548).
b39825f0 605 - Add IMAP server type "hmailserver" to make search work with hMailServer.
606 Fixes #1085377.
598294a7 607 - Reuploaded newmail plugin sounds. Fixes files uploaded to cvs without binary
660ac10c 608 option.
04f8889b 609 - Changing your JavaScript preference required a re-login to work.
610 Fixes #983614.
e527e60e 611 - Fix listcommands plugin to behave like normal reply/compose
612 links, and return to message page that originally called from.
4f21ba00 613 - Max upload file size now correctly handles a '-1' value, meaning
01159d82 614 unlimited. (#1094569).
9d0239af 615 - Security: Added hook for Preferences Backend to resolve potential
5df6fb4e 616 file inclusions. [CVE-2005-0075]
2b0f4faf 617 - Remove Printer Friendly Clean Display config option, the cleaning
618 is now always done.
5ed9d4fd 619 - Create new Options section "Compose Preferences" and move some
620 options from Display Preferences there; also move some around within
621 Display Preferences.
f3fa1c10 622 - Security: Fix possible file/offsite inclusion in src/webmail.php.
5df6fb4e 623 [CVE-2005-0103]
624 - Security: Fix possible XSS issues in src/webmail.php. [CVE-2005-0104]
ef8d36ad 625 - Fix undefined variables in src/webmail.php.
3f7e6af3 626 - 24hr clock format should include a leading 0.
75e8653f 627 - Removed numeric keys for plugin array in config.php.
0e1a248b 628 - Fixed translations of "On DATE, AUTHOR Wrote" and "AUTHOR Wrote" replies.
75e8653f 629 - Added sq_str_pad function for padding of multi-byte strings.
3d29eb78 630 - Added sq_strlen function for calculation of multi-byte string length.
204f909c 631 - Quoted "INBOX" in check for the status of INBOX in a LIST call. Fixes an
3d29eb78 632 issue with a specific IMAP server.
a04a3c20 633 - Move default_pref to the config/ dir, but keep checking legacy locations
634 first for bc. Do not fail with an error when default_pref not found, just
635 create an empty one.
e4a468a7 636 - Add trailing slash for data directory used by global file based address
637 book (#1105760).
4d5f2b31 638 - Fixed sorting problem is get_squirrel_sort() function (#1115403).
639 - Add "Show Only Subscribed Folders" option to allow users to show all
640 folders instead of only subscribed ones (#1105756, #1105250).
7b1f03c9 641 - Add workaround for Mercury/32 servers that will subscribe again to
642 an already subscribed folder (#1115409).
2ed067ae 643 - Added blank.png for missing image support.
49f4fc5e 644 - Use the proper attachment filenames in case of forwarding a message.
c8f5f606 645 - Fix for #855320 where Outlook Express was creating CID: based URLs,
646 but not assigning a content-id to the attachment. This is a bug in
8f2965ac 647 Outlook Express and is non-RFC compliant behaviour.
ff940ebc 648 - Strip <outbind://> tags out. This is a Microsoft only protocol and
649 references files local to the sending machine. This causes issues
8f2965ac 650 with Internet Explorer.
ff940ebc 651 - Replace <img src="outbind://"> links with clean images to stop
652 issues with Internet Explorer not being able to track down the image.
834a1027 653 - Empty src attribute on img tags causes logouts (IE only), replacing
654 string with blank.png.
9d4786fb 655 - Added vmailmgrd backend to change_password plugin.
656 - Fixed change_password_init hook.
0da814b1 657 - Give an error to the user when SquirrelMail is not configured yet
658 (instead of "failed to include config.php").
470f0151 659 - Added swf and mp3 support to newmail plugin. Restored custom user media
660 support.
661 - Removed unused save_option_header() function from display and compose
662 option includes.
b79aed22 663 - Fixed bug #1124764, view unsafe images inside printer friendly view.
d8415ed8 664 - Fixed bug #1032366, remove NUL characters in text attachments on sent.
3e56c08d 665 - URL Encode required for string being passed in mailto: links to pass on
666 additional values (cc, body, subject etc).
174523e3 667 - Fixed bug #801060. Removed option for INBOX in filters plugin as source
668 is always INBOX.
dea5ef88 669 - Always show Purge link next to Trash, even when empty.
d58ed98f 670 - errors in addressbook_init() function are no longer fatal. If function
d4c14e51 671 fails to activate address book backend, it displays error box (with
d58ed98f 672 error_box() function). error box can be hidden by setting first
673 function argument to false.
d4c14e51 674 - Sanitized search in ldap address book backend. Use of asterisk
d58ed98f 675 together with other symbols is not supported.
42c8b9ff 676 - Added ldap backend to change_password plugin.
721db745 677 - Change defaults of some prefs to more sensible / usable settings.
12bf2985 678 - Revise the documentation of the packaged plugins.
2a7b34b6 679 - Fixed edit form checks in address listing (#1124018).
7ed4c524 680 - After sending resumed draft, return to message list.
d4c14e51 681 - Parse and replace mailto: links with internal compose links when
7ed4c524 682 viewing in HTML format.
96a6ee49 683 - Plugins may now define an "extra" array element to return to the attachment
7ed4c524 684 types hook, which will be also inserted in the attachment link for the
685 plugin.
686 - Added mouseover row highlighting on message index.
687 - Added <label> for checkboxes on message index (when highlighting is off).
688 - Fixed mailto: parsing in functions/url_parser.php.
689 - Fixed broken signout page (plugins work here again).
2a0be713 690 - Fixed configtest to use correct PostgreSQL connection function
691 (#1166228).
692 - Added configuration option that blocks remote use of
693 src/configtest.php by default.
694 - Fixed ldap checks in configtest.php.
695 - Added configuration option that controls listing of global file based
696 address book.
697 - Fixed administrator's plugin breaks related to latest sqGetGlobalVar()
698 and $plugins array changes.
699 - Included local configuration file in config.php generated by
700 administrator's plugin.
4eacb6ed 701 - Updated the Filters plugin to comply with our Plugin Standards.
698de88b 702 - Fixed Filters plugin problems with duplicate rule processing and false
4eacb6ed 703 unread message counts (Bug# 676073 and patch #919045).
704 - Strip position:absolute style from HTML mails.
a3a52091 705 - Add ability to the Filters plugin to filter on Message Body, or both
706 the Headers and the Message Body.
4e6e5d2d 707 - Update the message copy and move functions to allow for error handling.
32aa0074 708 - Fix the filter plugin from halting the login process when copying errors
709 occur.
710 - Clean up the folder management (create, rename, subscribe) code.
1d7f7b27 711 - Added filtering support to address book LDAP backend (#539534). Thanks
712 to Tim Bell.
713 - Added domain scope limit controls to address book LDAP backend. Issue
714 is specific to Microsoft ADS (#1035454). Thanks to Michael Brown.
715 - Missing PHP LDAP extension errors are now handled by ldap backend and
716 errors are displayed after address book initialization.
d4c14e51 717 - LDAP connections are opened during search and not during address book
1d7f7b27 718 initialization.
d4c14e51 719 - Fixed wrapping of multibyte strings in message view and replies
7324f915 720 (#1043576).
f5c507dc 721 - mbstring internal encoding is switched to ASCII, if mbstring.func_overload
722 is enabled (#929644).
7ec3a6b9 723 - Fixed checking for quota when appending to Sent folder (#1172694).
1519cc53 724 - Create a generic function to empty a folder tree, thanks to
725 Randy Smith (#1145578).
f9f738dc 726 - Add robots noindex/nofollow meta tag to SquirrelMail generated pages.
c3ce607e 727 - Fix incorrect folder hierarchy display (#1009654), thanks
728 Awais Ahmad for the patch (#1082558).
39143d80 729 - src/delete_message.php script is disabled. It provided functions that
649c6034 730 could be implemented without playing with multiple redirects.
3cbf882e 731 - Remove lots of obsoleted code from left_main.php.
1d20443c 732 - Partial support of IMAP REFERRAL: do not fail on IMAP REFERRAL response
733 (RFC 2221) but log the user out with a hint. Patch by Ariel Arjona
734 (#1006242).
67f9d5d7 735 - Fixed SquirrelMail language cookie detection in php register_globals=off.
d4c14e51 736 - If default SquirrelMail language is set to empty string, interface will
67f9d5d7 737 try to follow browser's HTTP_ACCEPT_LANGUAGE header or fallback to en_US
738 (#764709).
05f7db7a 739 - If From: field is unset in an email, header object for from field is not
740 correctly set, and generates an error on reply (#1179754).
1bb8fb4c 741 - Add Cancel button to addressbook (#1180565).
593d083d 742 - RFC 2046: Send mixed messages with multipart/alternative nested boundaries
ce8f79c4 743 with correct boundary strings.
d4c14e51 744 - EXPERIMENTAL: Mailbox listing converted to templated layout. Added
745 template support functions and classes. Rewrote some page header and
746 mailbox listing functions. Disabled 'show_recipient_instead' option.
88256ac8 747 Added more columns to mailbox listing and index order options.
d4c14e51 748 - Removed sort by internal date option. Now you can use the Received column
749 in the index order option page for that.
750 - WARNING: if same user data storage location is used to store SquirrelMail
ce8f79c4 751 1.4.x and 1.5.1+ user settings, SquirrelMail 1.5.1+ will reset mailbox
752 display order (Options->Index Options) in stable. Backup your data before
753 testing 1.5.1+ or use different storage location.
8f5d83e0 754 - Added experimental iframe sandbox for display of html formated emails.
755 - Disabled LOGINDISABLED check in src/login.php when IMAP server mapping is
756 used.
5c958ac3 757 - Check destination folder in mail_fetch plugin before storing messages
758 in it. Modify destination folder, if it is renamed or deleted within
759 SquirrelMail (#584658).
d4c14e51 760 - Made the Flags column a required column in the index order options page to
761 prohibit missing seen/unseen info in the messages list.
762 - Fixed disabled prev/next links in the message display when you reach the
763 end of the page (message set).
764 - Moved delete button to the right in the message list.
55b9cf55 765 - Fixed imap capability detection in bug_report plugin. It was broken
766 when IMAP TLS was enabled or imap server mapping was used.
c650b678 767 - Added mail_fetch plugin configuration file and moved plugin functions
768 from setup.php to functions.php file.
e6339917 769 - SquirrelSpell plugin was modified to use standard SquirrelMail
770 preference system. User dictionaries that are stored in $username.words
771 files should be automatically updated to new format, when user logs in.
772 Fixed possible php script errors caused by $SQSPELL_APP configuration
773 variable changes. Removed $SQSPELL_EREG configuration option. Plugin's
774 version increased to 0.5.
432db2fc 775 - $skip_SM_header option was replaced with $encode_header_key and
776 $hide_auth_header options. First option allows to encode user's information
777 with provided encryption key (set in 2. Server settings -> B. Update SMTP /
778 Sendmail settings). Second option allows to disable authenticated user part
6820d733 779 in Received: header, when user can't forge used email address. It is set in
432db2fc 780 4. General Options -> 9. Allow editing of identity.
88297155 781 - Added dovecot preset to configuration utility.
782 - Modified mercury32 preset in order to remove INBOX prefix in mercury32 4.01.
863c310b 783 - Added peardb backend to change_password plugin.
0a6be7d1 784 - Tweak IMAP connection error display (#1203154).
09047d19 785 - Gracefully recover from over quota error while sending a mail (#1145144).
b6e70801 786 - Fix get_identities() for the case where the user has not set an email
787 address: use the fallback $username@$domain that's used in compose aswell.
951fc72c 788 - Fix "Include me in CC on Reply All" for the case where email address was
789 not set in the prefs (#781202, #1093363).
ca68b212 790 - Move documentation for SquirrelMail developers to doc/Development.
f1a89e36 791 - Added id attribute support to form functions. It can be used for Section
792 508 or WAI fixes. Original idea and patch by dugan <at> passwall.com.
27ff4efb 793 - Fixed broken attachments caused by inconsistency of PHP chunk_split().
794 Thanks to Roalt Zijlstra.
f16477bc 795 - Identity code was not checking for domain part in username before setting
796 email address (Bug #1219184).
4c80d233 797 - Disallow access to the administrator plugin screens when the plugin is
798 not enabled in the config.
4aca972a 799 - Security: fix several cross site scripting (XSS) attacks. Thanks go to
5df6fb4e 800 Martijn Brinkers for finding a lot of these. [CVE-2005-1769]
8090d1fd 801 - Update COPYING with new address of the FSF.
bc017c1d 802 - Fixed missing quote character when trying to build cid: urls.
327e2d96 803 - Added address listing functions and listing controls to address
804 book LDAP backend. Blocked wildcard searches in file and database
805 backends when listing is disabled (#529563).
806 - Some LDAP address book backend configuration options (listing
807 controls, filtering, scope limit) are moved to 'advanced
808 configuration' subsection.
bca2d025 809 - Javascript relied on rg=1 in the login page to force focus to
810 password box if username was supplied as a url arg (#1222617).
f8cbf07f 811 - Fix variable typo in parseFetch which caused IMAP errors on Exchange.
812 Thanks Christian Froemmel.
c14fa1b5 813 - Added Bluesome theme by Saku Lehtiö (#1188209).
90dc5b72 814 - Rewrite of advanced identity handlying to remove stupid extraction
5df6fb4e 815 of all post variables. [CVE-2005-2095]
593370a4 816 - Added StartTLS support to address book LDAP backend (#1197703). Patch
817 by John Lane.
818 - Added subtree/one level search options to address book LDAP backend
819 (#1212618).
37b0cf0c 820 - Added Simple Green 2 and Simple Purple themes by Vicky Pyne (#1217066
821 and #1217069).
f20fb4f8 822 - sqimap_messages_delete|copy|flag and sqimap_get_small_header()
823 functions are removed from SquirrelMail IMAP API. Use sqimap_msgs_*
824 and sqimap_get_small_header_list() functions instead.
6ab20f61 825 - Fix for bad cache on massive expunge/delete/move operations.
4766fd60 826 - Moved time zone configuration from locale/timezones.cfg to php array.
827 Adds time zone name localization options and fixes problems on systems
ee20a285 828 that don't support GNU C time zone mappings (#1177067).
d2b6d0be 829 - Use default color theme in logout_error function when possible.
77749c5d 830 - Fixes for increased error checking in PHP 5.0.5+ array_shift() (#1237160).
b4316b34 831 - Added extra checks in delivery class for In-Reply-To header. Fixes
832 E_NOTICE level warnings in php 5.0.4 and later (#1206474). [php5]
9280dd9d 833 - Added extra checks in SquirrelMail charset_encode() function in case
17a70baf 834 somebody removes HTML to US-ASCII conversion library (#1239782).
a24cf710 835 - Fixed invalid reference in src/download.php. E_NOTICE level warnings
836 could corrupt attachments in php 4.4.0.
837 - Added internal dgettext() and dngettext() functions.
838 - Added display of attachments on printer friendly page.
a24cf710 839 - Added custom error handling class and related functions.
17a70baf 840 - Added option to disable upload of sounds in newmail plugin.
841 - Removed full URL from sound file preferences in newmail plugin
842 (#1233530).
843 - Stripped BaseDN from nicknames in address book's ldap_server backend.
6711158a 844 - Fixed error handling in SquirrelSpell plugin. sprintf and gettext
845 formating errors in check_me.mod. Reported by Edward Chapman.
451f54fe 846 - Translations are loaded automatically from locale/<localename>/setup.php
847 files (#1240889).
4e2b1aad 848 - Allow configure to be ran from any directory, thanks Ceri Davies.
5ba5dc8e 849 - Removed $available_languages configuration option. List is limited to
850 installed translations. Similar feature is implemented in limit_languages
851 plugin.
852 - Don't load plugins/administrator/auth.php during plugin initiation.
e9af3594 853 - Removed function references from address book database backend class,
854 list_addr(), lookup() and search() functions. Referenced lookup()
855 function caused E_NOTICE warnings in php 4.4.0. Reported by Cor Bosman.
c957afd1 856 - Test to ensure folder exists before attempting to delete it, otherwise
857 IMAP server will return an error.
b6c52e61 858 - Added $save_html argument to charset_decode() function in order to be
859 able to convert html formated mails to different character set. Initial
860 patch by Peter Draganov (#1195232). Fixed display of html formated emails
861 in formatBody() function (#1258925).
16436d92 862 - login_form hook changed from do_hook to concat_hook_function in order to
863 place form elements before login button (#1245070).
bd466893 864 - Forwarding broken when not using compose in new window (#1222436).
368ab966 865 - Drop data/ dir from distributed tarball.
3df61ef3 866 - Readded options_identity_process and options_identity_renumber hooks
5df6fb4e 867 broken by CVE-2005-2095 fixes.
3df61ef3 868 - Removed duplicate generic_header hook call in src/right_main.php (#1269189).
decb0c39 869 - Removed other special folders from rename/delete/unsubscribe folder forms.
870 Suggested by Florian Daumling.
0f00e259 871 - Focus on compose screen no longer shifts automatically if user has manually
872 focused somewhere herself.
77749c5d 873 - Running SquirrelMail with PHP register_globals = on will cause fatal error
874 in src/configtest.php.
875 - Added field size controls to database preference backend (#1233721).
e498ebbd 876 - Added bincimap preset (#1285099).
91b5aa02 877 - Fixed IMAP search command in filters plugin. Command was breaking
878 sqimap_mailbox_exists() check. Reported by Daniel Watts.
ea9d3b17 879 - Fixed decoding of quoted-printable text in decodeBody function.
880 Reported by João Carlos Mendes Luís.
6af7eb01 881 - Added CR trimming to SquirrelSpell plugin in order to fix problems on
882 Windows systems.
7b0ea860 883 - Sanitized names displayed in address book listing.
884 - Added extra field controls to address book class.
e9ee165a 885 - HttpOnly cookie support (cookies inaccessible by JS). This will protect
886 IE6 browsers.
dd13b825 887 - Rare case of session being destroyed causing PHP errors, so ensure session
888 is restarted.
9a43a06b 889 - If you don't have any filters defined, and spam filters are disabled, no
890 point issuing a STATUS call on INBOX for the filters plugin.
99ecf044 891 - Added folder filtering controls to SMOPT_TYPE_FLDRLIST option widget.
fa62b054 892 - Security: Fixed possible XSS issue in search feature. Issue was
893 originally resolved in stable, but changes not migrated forward.
c0c1a1ca 894 - Update the cached mailbox header with the \Answered flag in case of an
895 reply.
e630e080 896 - Added site configuration options to bug_report plugin. Plugin is available
897 only to interface administrators by default. See more information in
898 plugins/bug_report/README file.
a58b05b4 899 - E_NOTICE and unlink error message if user hits delete multiple times
900 before compose page has reloaded.
e44fc2eb 901 - Undefined variable in rare case in view_header.php
7f6171be 902 - Variable by reference fix in printer_friendly_bottom.php.
8419c13b 903 - Undefined index in addressbook backends.
9e0f10a8 904 - sqimap_utf7_decode_mbx_tree returns variables by reference, rather than a
905 return value (#1351822)
cfffd60b 906 - Make test for IE6 in SendDownloadHeaders also match versions higher
907 than 6 (#1339211).
8278a58d 908 - Allow double quote to be used in MOTD (#1276959).
0a03f924 909 - Prevent right_frame to be set to '//www.example.com'.
179aed24 910 - Tweak printer friendly attachment view.
50090cd2 911 - Added new compose_send_after hook.
a34b07a5 912 - Added new scheme to allow multiple plugins to share the onsubmit handler
913 for the compose form from the compose_form hook. See plugin.txt for more
914 information.
d3f4aef7 915 - Support for LIST-SUBSCRIBED extension. This speeds up the retrieval of
916 the subscribed mailbox-list.
9dbb6208 917 - Properly clean up temporary attachment files when saving as Draft
c077ffeb 918 (#1358407) and fix attachment cleaning code on logout.
f21a761c 919 - Fixed error message in addressbook.php lookup (#1351825).
920 - Fixed incorrect curly escape in sqimap_append(). Error triggered by PHP 5.1
a3e60d99 921 bugfix (#1366982).
f21a761c 922 - Fixed ContentType object check in Rfc822Header class. E_NOTICE error
923 in PHP 5.1.
c02ae58e 924 - Key value being overwritten by reuse of var in filters plugin.
962a6686 925 - Add doc/security.txt with some hints for a more secure installation.
9cda0cc6 926 - Added sqauth_read_password() and sqauth_save_password() functions.
927 - Unset global GET, POST and COOKIE variables registered in PHP
ea40af7b 928 register_globals=on setups. (Also addresses: CVE-2006-2842, CVE-2006-3174)
96f7a1db 929 - Capabilities array now contains all multivalue information provided
930 by the IMAP server. (Such as THREAD=SORT, THREAD=REFERENCES).
32440af3 931 - Inclusion of Compatibility plugin automatic (no patch needed for plugin)
932 - Moved sqm_baseuri() into more centralized location (strings.php)
fd7ab795 933 - Introduced $sendmail_args configuration variable in order to control
934 /usr/sbin/sendmail command arguments (#1365779). Deliver_SendMail class was
935 modified to provide support of $sendmail_args. Modifications broke backwards
936 compatibility with qmail-inject workarounds.
937 - Added execution error handling in Deliver_SendMail class (#1374174).
0cc4fb0d 938 - Sanitized Draft folder error message in compose.
465ebe8b 939 - Fixed character wrapping/encoding issues in Japanese translation (#1377622).
940 Issue is specific to sqBodyWrap() and string function wrappers introduced in
941 1.5.1.
dfce8fce 942 - Security: MagicHTML fix for comments in styles which allowed
943 for cross site scripting when using Internet Explorer
944 [CVE-2006-0195].
17a62a1b 945 - Added 'mail' and 'sn' attributes to address book LDAP backend search
946 expression (#1368154).
a462b928 947 - Added mailbox caching code by Michael Long.
517f5099 948 - Prevent output of whitespace during plugin activation. Fixes possible
949 attachment corruption by incorrectly coded plugins.
13aa8427 950 - Fixed data sanitizing in calendar plugin (#1291081)(#705796).
dfce8fce 951 - Security: Prohibit imap injection attempts (reported by Vicente Aguilera)
952 [CVE-2006-0377].
940cb52f 953 - Don't move messages in sqimap_msgs_list_move() function call, when target
20c79aa7 954 mailbox is same as source mailbox. Adds fifth argument to
955 sqimap_msgs_list_move() function. Fixes possible issues on MacOS Cyrus
956 IMAP server (#1409453).
6a824ce0 957 - Style sheets are moved to template.
958 - displayHtmlHeader() function call sends http headers in order to prevent
959 page caching.
fc99a551 960 - Added Template set selection.
3335f095 961 - Merged patch from Steve Brown to transform current templates to css
fc99a551 962 based templates.
963 - Added footer template to every page.
964 - Added experimental IMAP and SMTP STARTTLS extension support.
02d8345e 965 - Security: Fix possible cross site scripting through the right_main
966 parameter of webmail.php. This now uses a whitelist of acceptable
967 values. [CVE-2006-0188]
151562a7 968 - Disabled display of regexp compilation errors in local_file address
969 book backend.
970 - DOCTYPE tags are switched from quirks to standard compliance mode.
4a4ebffe 971 - Improved error reporting concerning THREAD, SORT and BADCHARSET.
972 - Added options to disable THREAD and SORT extension.
9f98dff2 973 - Fixed mailbox cache issues caused by using prev/next links in
974 read_body.php.
7277191e 975 - Added View as HTML support to the SquirrelMail core.
325b057a 976 - Fixed bug #550557.
977 - Applied status cache patch created by Michael Long.
978 - Updated newmail plugin to make use of status cache (Michael Long)
979 - Added RECENT check to left_main.php to bold the unseen message string if
980 there are recent messages.
981 - Fixed search query in filters.php, now we respect the imap continuation
982 request (Michael Long).
983 - Fixed bug in digest message view where the from name disappeared after
984 opening a digest message.
985 - Fixed checkall link in case javascript was disabled.
986 - Rewrite of thread parsing code in order to improve performance.
987 - Adapted message squisher function to gain performance.
988 - Fixed bug #1093360, skip untagged NO responses in APPEND query.
9280dd9d 989
3cbf882e 990Version 1.5.0 - 2 February 2004
8f2965ac 991-------------------------------
ab2ad51e 992 - Added new preference that determines cursor focus when replying
98468fba 993 - Added support in conf.pl for MS cls command.
994 - conf.pl changes for relative paths outside the SM tree (#715119).
995 - conf.pl changes for delete_folder restrictions with Courier-IMAP and
996 UW-IMAP (#715550).
ba7974a0 997 - Fixed code to allow for \ in password/username (#718116).
c67e4479 998 - Added mailto: support for Windows clients. See
999 contrib/squirrelmail.mailto.reg
f2829a1f 1000 - Added lowsrc to the list of attributes to be removed.
306b6393 1001 - Fixed message highlighting for To, CC and From and
1002 for RFC1522 headers (bug #719564)
02fae800 1003 - Fixed incorrect folding inside message-id's
49c0360c 1004 - Fix for Folders being listed in create/remove/rename operations
81b1b847 1005 (#725443, #722823, #729225)
6381332a 1006 - Fix for bad attachment view link (#697381, #729295)
b899bb85 1007 - Fix comp_in_new in search and addressbook not having right parameters (#731768).
4d30dc83 1008 - Fix max attachment filesize off by factor 10 when ini_var set in bytes (#730742).
d5d24d63 1009 - Fix for parsing fetch results. We are now able to extract the UID if it's
1010 returned after the header.
786a04e4 1011 - Remove obsoleted parsing functions.
6c0aac27 1012 - Fixed language bug in posting on modifying/deleting servers on mail_fetch plugin
1013 (#742705).
19910870 1014 - Fixed infinite loop in parseAddress on invalid mailaddress (#742584).
d62c4938 1015 - Rewrote ugly "Not a very useful errormessage" to something more friendly.
1016 - Make central function for compose links to make sure compose_in_new always
1017 works the same way.
1018 - Fix that when JavaScript off, compose in new was broken (#749654).
1019 - Do not output JavaScript functions in page_header when JavaScript off.
30487bc8 1020 - Support MS Exchange "DOMAIN/username/mailbox"-style usernames (#745814).
1021 - Do not set Full Name to empty when edit_identity is false and edit_name is true (#750728).
707ad8a0 1022 - Added koi8-u, windows-1255, windows-1256, iso-8859-6 charset decoding support.
49c0360c 1023 - Rewrite of sqimap_read_data_list which as result we better handle the
1024 returned imap responses and we display error messages when connections are
19162717 1025 dropped.
1026 - Rewrite of email address parser and solve the infinite loops issues due to
1027 bad formatted addresses.
b79b84c2 1028 - Modified conf.pl: default to force usernames lowercase for servers which
3e3b60e3 1029 are case-insensitive.
7d06541f 1030 - Applied bugfixes from stable to htmlfilter code.
3e3b60e3 1031 - Fix bug #722933 where resuming a draft message would lose the reference headers.
dfb94cac 1032 - Removed hard coded colors from login.php and made it use the default theme and css file
32485e5e 1033 - Fix that sending of read receipts failed when JavaScript on and comp in new off (#738130).
ba4da366 1034 - Replaced search with new version by Alex Lemaresquier. (Originally
3e3b60e3 1035 "asearch" plugin).
1036 - New debugging function: sm_print_r() in strings.php.
19910870 1037 - Use SM_PATH in config_default. Change default server type to 'other' instead
3e3b60e3 1038 of cyrus. (#766577).
1039 - Added feature to allow user to switch on full date display in mailboxes instead
19910870 1040 of just partial date/time based on time of email and current date.
7e27023f 1041 - Fixed bug that would cause e-mails dated in the future to be displayed with only
1042 the time.
1bc66127 1043 - Fixed unseen/total notifications to return behaviour back to 1.2.x style.
c5aaf57f 1044 - Added 4 hooks (internal_link, mailbox_display_buttons, move_messages_button_action, create_collapse_link)
891b9306 1045 - Fix SquirrelSpell JS problem with other plugins that use forms (ie Menu Buttons).
94a81e93 1046 - Fix when forwarding messages as attachment from message list, the displayed subject
1047 was wrong (appearing to the user that the wrong messages were attached).
1048 Closes #772371.
602bf228 1049 - Fix that when user has no theme preference set, Alien Glow would be selected under
34cd27bb 1050 display preferences instead of Default.
8db3e26e 1051 - Updated 'action' to be 'smaction' so that plugins can modify the submit/action of
1052 forms. This was suggested for the gpg plugin, but might be useful elsewhere.
b268e66b 1053 - Add support for Mail-Followup-To header.
1f2209c2 1054 - Add a confirmation for the user that their mail has been sent.
c2517a3b 1055 - Fixed issue with forwarding emails having a ) appended to the end.
9ad17edb 1056 - Add "attachments_bottom" hook to allow manipulating/adding to the attachments
ac46cce0 1057 - Fix to prevent username & password from being displayed in error messages
1058 if IMAP connection dropped during login
1059 - Modified preference loading code to always have a complete $color array
1060 set in case a user uses an incomplete theme.
7c3e0802 1061 - new function sqimap_msgs_list_move() to replace sqimap_msgs_list_copy()
1062 - sqimap_msgs_list_copy() no longer deletes messages copied.
5a0c140f 1063 - Workaround for Mozilla bug #200412 in order to show multipart/related html mail.
34cd27bb 1064 - Fix for disappearing '0' from decoded strings (bug #784193).
748ba6c0 1065 - Replace all session_start() calls with sqsession_is_active() to be compatible
1066 with upcoming PHP 4.3.3.
629923d3 1067 - Encoding of Russian translation changed to utf-8. Lithuanian translation changed
f67cfab7 1068 to utf-8. Fix allows to use national letters in folder names correctly.
6c540963 1069 - Added "Bypass Trash" checkbox to folder index, used with the Delete
5576644b 1070 button. (update: This needs work and will be changed, possibly removed)
1071 - Fixed a problem with delete_move_next and server thread-sorting.
1072 - New hook function: boolean_hook_function() Used for true/false hooks.
2ae247d5 1073 - Calendar plugin: in month view, display events on the same day sorted by time,
1074 and include the time of the event in its tooltip.
e6fb2fc9 1075 - Added default settings for Mercury/32 to conf.pl.
b5bdbbe8 1076 - Fix to prevent mailboxes are deleted in selected stage which is against
1077 RFC3501.
49c0360c 1078 - Fix reply all address string in case the personal name contained a comma
b5bdbbe8 1079 (address separator).
33feaaec 1080 - Added SASL PLAIN to IMAP and SMTP. Thanks to avel for the prodding and
1081 code snippet.
80e3fcf8 1082 - conf.pl will no longer offer to detect login methods if TLS is enabled.
19910870 1083 - conf.pl no longer offers UID support toggle, which is forced true in
1084 global.php
2dd879b8 1085 - HTML Filter bugfixes and further strengthening in response to some
1086 findings reported by stardust.
49c0360c 1087 - Disabled Vietnamese and Ukrainian translations. They are done in different
87c6b544 1088 language.
a8fa8e33 1089 - Removed all translations. SquirrelMail translations are distributed as
1090 separate packages and kept in different cvs module.
57208637 1091 - New function: imap_general.php:create_imap_stream()
1092 - Updated src/login.php to detect, handle, and warn on LOGINDISABLED from IMAP server.
055659ab 1093 - Fixed SquirrelMail to work under PHP5.
ef5bea7d 1094 - Reintroduce alternating row colors in addressbook, something that has
1095 accidentally disappeared in the past.
e3fff184 1096 - Disabled Quick-email-reporting feature in spamcop plugin. Bug.809452. Admin
1097 can enable it by setting variable in plugins/spamcop/setup.php
0731faea 1098 - Fix again for Internet Explorer's stupidity of decoding characters, then
1099 executing it blindly. See http://www.securityfocus.com/archive/1/340118.
1c20a10b 1100 - Replaced obsolete 2mbit.com RBL with ahbl.org RBL. Bug.No.829887
c475d271 1101 - Added a sitewide override for authenticated SMTP - see authentication.txt.
720bbc45 1102 - Fixed sorting of sent_subfolders.
1103 Sent_subfolder plugin is hooked to special_mailbox hook.
3db385e7 1104 - Integration of delete_move_next plugin into core.
49c0360c 1105 - Compression of buttons/headers for message index and message body
3db385e7 1106 - New option to save replies in the same folder as the original message.
7eb6261e 1107 - Remove possible unneeded IMAP call for NAMESPACE if it was saved in the
1108 session (suggestion by Michael Long).
0731faea 1109
7d9d8474 1110
a06602b9 1111**************************************
1112*** SquirrelMail Stable Series 1.4 ***
1113**************************************
1114
ef1932a4 1115Version 1.4.0 -- 3 April 2003
1116-----------------------------
67a86296 1117 - Fixed mail_fetch plugin. Now folder edition defaults to actual value.
24077d2b 1118 All settings from other servers are preserved when deleting one.
c5d87fa3 1119 - Added Vietnamese translation.
d2aaae4e 1120 - Fixed the newmail plugin.
1121 - Added RECENT response to sqimap_get_status.
1122 - Fixed attachment filename resolving.
35036cf9 1123 - Added check for X-Confirm-Reading-To to make MDN work for messages sent by Pine.
44009644 1124 - sqextractGlobalVar removed (use sqgetGlobalVar instead).
1125 - Subfolders of Sent and Drafts show To field instead of From
1126 - Updates in conf.pl to infamous delete_folder setting, including
1127 addition of appropriate default value for courier and UW.
24077d2b 1128 - Fix for date/time display in certain timezones.
5250f7e7 1129 - Fix some features of login.php that are used by some plugins and was broken
1130 by register_globals = off.
49c0360c 1131 - Added Greek locale. Thanks to George P. Kremmydas
bfd8dec0 1132 <george at kefalonia-ithaki.gr> and Alexandros Vellis <avel at noc.uoa.gr>
e9c378fe 1133 - Added notes about PHP 4.3.x to documentation.
b2e76811 1134 - Fixed \Noselect mailbox detection.
7fb67902 1135 - Fixed charset decode of base64 encoded strings.
1136 - Fixed encoding of email addresses in our composed messages.
1137 - Fixed folder creation for Courier using Autoconfig options.
73450a11 1138 - Fixed encoded string handling inside MDN notifications.
53b3a6f0 1139 - Fixed unfold header routine in imap_messages (for mailbox_display).
73450a11 1140 - Fixed subject_line hook.
1141 - Fixed sqgetGlobalVar switching.
1142 - Fixed handling of encoding/decoding strings.
1143 - Fixed wrong array_slice call for a subset of the headers.
1144 - Allow encoded personal names in compose.php.
4ff327ab 1145 - Improved address parsing of addresses coming from the compose form.
df0db9ce 1146 - Fixed uninitialized indices when parsing attachments.
35036cf9 1147 - Support text/directory MIME-type for vCards (RFC 2425).
d069e6db 1148 - Added Arabic locale. Thanks to Asrar Abbasi <asrar at canasoft.net> and
8905fa13 1149 Naveed Saqib <naveed.saqib at biznas.com>.
1150 - Update required PHP version in documentation to 4.0.6.
b21aa464 1151 - Fixed delete_move_next plugin to remember where it moved mail to.
6defa1f6 1152 - Fixed compose to remember attachments.
eaddf11f 1153 - Security: Fixed possible XSS in compose when replying to malicious sources.
67a86296 1154 - Add display of the maximum filesize for attachment uploads.
0f257091 1155 - Do not add < and > if an identity doesn't contain a full name.
4ff327ab 1156 - Fixed bug in parsing Content-Type properties part.
3a877e87 1157 - Added move_before_move hook to allow plugins to act upon the different buttons
1158 - Fixed bug in Forwarding of Emails (move_messages.php)
1159 - Fixed variable spelling error in filters.php
1160 - Fixed some operator bugs in compose.php, move_messages.php, and spamcop.php
73450a11 1161
7669bfac 1162Version 1.4.0 RC 2a
1163-------------------
82345c3e 1164 - Fix broken themes box in display options.
1165 - Massive overhaul of administrator plugin.
a3b29468 1166 - Added new function sqgetGlobalVar to global.php to provide direct access
291324f5 1167 to variables in $_GET, $_POST, $_SESSION, $_COOKIE and $_SERVER.
a3b29468 1168 - Patch from O'Shaughnessy Evans <shaug-sqm@wumpus.org> to allow disabled $org_logo
1169 - Lots of language/internationalization updates
82345c3e 1170 - conf.pl fixes for certain uses of SM_PATH, esp. $signout_page.
49c0360c 1171 - SMTP & IMAP auth method "plain" was a misnomer - now corrected to
82345c3e 1172 the more accurate name "login" (Plain to be implemented soon).
b2953e98 1173 - Fix for compose after search bug. (Closes #662346)
291324f5 1174 - Improved error reporting when sending mail with SMTP.
259faa39 1175 - Changed SquirrelMail identification to use User-Agent instead of X-Mailer.
291324f5 1176 - Prevent endless loop when timezone config is not found. Thanks Joshua Colson.
1177 - Fix IMAP error when returning to message from viewing image attachment.
bb0f211b 1178 - Do more trimming to indented subjects in threadview so they don't wrap.
259faa39 1179 - Trash folder now displays purge link in all cases. (Closes #655943)
598294a7 1180 - Fix typo in delete_move_next plugin which caused PHP file-handle errors.
82345c3e 1181 - Make vCard more liberal in what it accepts (thanks Kurt Pires).
1182 - Fix problem with subject encoding when using Japanse.
1183 - Move login_form hook to be actually in the login form.
1184 - Fix message_details plugin ability to save a raw message.
1185 - Try better to get the filename of an attachment.
0c0e6024 1186 - Deliver_SMTP class now uses HTTP_HOST in SMTP HELO. Should fix DNS
1187 issues some people have reported. (Closes #560524)
26f9a94a 1188 - Obsolete sqm_topdir(), which caused login trouble with installs that
1189 have open_basedir restrictions. Thanks Jimmy Connor.
0787ff23 1190 - Fix broken abook_take plugin.
f6536dcf 1191 - Fix HTML errors that caused display problems in NS4.
7669bfac 1192 - Correctly fold encoded header lines.
1193 - Fix prefs caching not working correctly in PHP 4.3 caused by a stupid
1194 version checking mechanism.
eaddf11f 1195 - Security: Fix XSS hole that allowed JavaScript execution by sending someone
879694a5 1196 an email with specially crafted headers. Thanks Jason Munro, and
1197 Masato Higashiyama.
1198
7669bfac 1199
bbe77a75 1200Version 1.4.0 RC 1
1201------------------
1c159927 1202 - Change the way highlighting rules are stored to make them more reliable and
1203 easier to manage.
99e7abe7 1204 - Reorganization of conf.pl, menu #2
1205 - Added CRAM-MD5 and DIGEST-MD5 authentication support for IMAP and SMTP
1206 - Experimental TLS support for IMAP and SMTP (requires PHP 4.3.x)
1207 - Override settings with config_local.php
598294a7 1208 - Compose form no longer shows attachment options if PHP file_uploads
7669bfac 1209 disabled
bbe77a75 1210 - Improved bodystructure parsing.
1211 - Support for windows-1257 charset.
1212 - Optimizations to the number of IMAP calls.
1213 - Fix problem with IE6 + iso-8859-13.
1214 - Allow Mail Fetch to use a different POP3 server port number.
1215 - Force magic_quotes_runtime to be off to avoid problems with this setting.
1216 - Introduce check_sm_version function for plugins wanting to know
a522dd2e 1217 which version of SquirrelMail this is.
1218 - Configurable session name to avoid conflicts with other PHP applications.
bbe77a75 1219 - Miscellaneous fixes for systems with error_reporting set to E_ALL.
1220 - Many many other bugfixes and tweaks!
1221
1222
1223*************************************
1224*** SquirrelMail Devel Series 1.3 ***
1225*************************************
1226
1c159927 1227
1228Version 1.3.2
87f88f1a 1229-------------
96ab67dc 1230 - Rewrite of message delivery related functions.
a3b29468 1231 - User interface modifications.
72d7d19b 1232 - Added Japanese support thanks to Masato HIGASHIYAMA <masato@yamaai-tech.com>
77e6058f 1233 - Remove NOOP checks in the POP3 client of mail_fetch to make things more
1234 compatible and not break things which don't need to be broken.
66c03760 1235 - Fix src directory being moved on Windows systems, bugs #586518 #605256 #610676.
baa59994 1236 - This release is compatible with installations that have register_globals set to off.
1237 - Do not lose user prefs/sigs/abooks when trying to save to a full disk.
1238 - Make the SquirrelMail link on the right top configurable so a provider can point
1239 to their own FAQ for example.
31afdbff 1240 - Enable TZ in safe_mode if safe_mode_allowed_env_vars permits this bug #612148.
679ef4a0 1241 - Fix some bugs in folder management (create, delete,...) and add enhancements.
04eb3f03 1242
ebea1016 1243Version 1.3.1
1244-------------
1245 - lots of fixes by Marc, including #596781 and #596930
5f11ab12 1246
31188a11 1247Version 1.3.0
1248-------------
e0273d5d 1249 - allow_call_time_by_reference=off fixes.
1250 - Added forward as attachment in read_body.
3ea86201 1251 - Better clean-up of left attachments at login.
1252 - Restore compose sessions in case of a expired session.
40dfa888 1253 - Added "Display Message" / "Up" links in read_body to navigate in messages with
1254 attached messages (message/rfc822).
1255 - Don't activate the Send Receipt link when the folder is the Sent folder.
1256 - Moved view_header code out of read_body.php and put it in view_header.php.
1257 - Open message/rfc822 attachments in read_body what makes it possible to
1258 reply to attached messages.
49c0360c 1259 - Rewrite of the newMail function in compose.php. This simplifies the
40dfa888 1260 interface between read_body.php and compose.php.
1261 - Moved compose related code from read_body to compose.
1262 - Rewrite of mailbox-display to make it more modular (we use it in search.php).
10991183 1263 - Added support for displaying multiple entities.
1264 - Changed finding display entities.
49c0360c 1265 - Extract disposition and xmailer header information in the headerparser
40dfa888 1266 instead of request them individualy by an imap-call.
1267 - Store message objects in the current session. This saves a lot of imap-calls.
1268 - Added UID support.
1269 - Store addresses in an object instead of a string.
49c0360c 1270 - Rewrite of the bodystructureparser function. Now the message object contains
40dfa888 1271 all described parameters in RFC2060.
1272 - Introduction of the mime class where all mime related functions are situated
7de0d3d1 1273 - Fixed removing MDN attachments.
1274 - Fixed MDN problems with js confirmbox.
04eb3f03 1275 - Speedimprovements in case we download mime-entities.
a0326336 1276 - Added possibility to extract message/rfc822 attachments and store them as
49c0360c 1277 the original message in a folder.
de943558 1278 - Right to left languages implementation initiated
6adfdbe3 1279 - Enable people with file_uploads = off to still send mail. Patch from Seth
1280 E. Randall.
cdaf8338 1281 - Moved the generic_header hook back to page_header.php. bug #554278
57c6fabc 1282 - Make default theme work. Bug #557313, thanks Tyler Bannister.
1283
77e6058f 1284Version 1.2.7 -- June 21 2002
1285-----------------------------
8de7f698 1286 - fix for 'compose as new' link. bug #554886
1287 - fix charset format in the admin plugin. bug #550725
1288 - fix for errant '.' in default_folder_prefix. bug #551310
1289 - fix for folder names with '?' and '*'. bug # 559257, #552180
1290 - added the ability to search without the charset argument. #552288
49c0360c 1291 - Made /noselect node display optional. bug #554988, patch #452178
8de7f698 1292 - Improved support for macosx IMAP server thanks Brian Haun
1293 - Added macosx friendly search, thanks Brian Haun bug #553038
1294 - Fixed word wrap problems when sending mail. bug #552961, #556143
e15e2f96 1295 - Added possibility to use multiple compose windows without loss
1296 of attachements.
49c0360c 1297 - Fixed forward message/rfc822 attachments from a search
430be822 1298 - Fix SpamCop plugin.
e191a77d 1299 - Fixed send MDN link.
49c0360c 1300 - Fixed dealing with \r\n and \n in smtp.php.
e191a77d 1301 - Fixed to, cc, bcc arrays in message->header
49c0360c 1302 - Speed optimizements in generating message-lists.
86d89042 1303 - Fixed loss of attachment with html addressbook.
1304 - Fixed saving drafts with attachments
49c0360c 1305
1306Version 1.2.6 -- April 29 2002
77e6058f 1307------------------------------
eaddf11f 1308 - Security: A complete MagicHTML rewrite since the existing codebase was
74b6c40b 1309 causing too many XSS problems. Hopefully now Nick Cleaton will
1310 leave us alone. :) Testing credits go to Nick.
eaddf11f 1311 - Security: Fix for cross-site scripting vulnerability (bug #545933)
eb3b5319 1312 Reported by Nick Cleaton.
1313 - Changing "emtpy" to "purge" for more clarity.
eaddf11f 1314 - Security: Fix for cross-site scripting vulnerability (bug #544658)
60b20552 1315 Reported by Nick Cleaton.
1316 - Fix for incorrect word wrap in Opera (bug #495073)
bf0eb96d 1317 - Workaround for older prefs: some of them contain "None" for
1318 left_refresh (bug #540108)
36399c8b 1319 - Fix for entities in cc and bcc fields on message display (bug #522493)
f39274d6 1320 - Fixes for quoted values in the addressbook by David Rees (bug #538389)
1321 - Fixed src/src problem (bug #538803)
b3775870 1322 - Fixed so non-ascii searches no longer fail both when searching
1323 and when applying filters (bug #520918)
2044f95a 1324 - Added POP3 Before SMTP option (feature request: #498428)
10e841cf 1325 - Added a server-side thread sorting option per folder
1326 - Added a server-side sorting global option
76045c47 1327 - Compose in new window size can be set in Display prefs.
d43122ed 1328 - Logout error system unified.
5df6fb4e 1329 - Security: Fix for a "theme passed as cookie" exploit. [CVE-2002-0516]
faf99b21 1330 - PostgreSQL is now supported for database backed use
9a39da67 1331 - Added user option to sort messages by internal date
49c0360c 1332 - Changed attachment handling now attachments are adressed to
9a39da67 1333 unique compose session.
1334 - Added forward messages as message/rfc822 attachment
1335 - Fixed handling message/rfc822 attachments
a13a757b 1336 - Fixed folder list display when special folders have subfolders
1337 - Added option to auto-append sig before reply/forward text (523853)
1338 - Fixed subfolders being "orphaned" when renaming parents (498167)
76045c47 1339 - Filters can be applied to only new mail.
a13a757b 1340 - Filters are updated when renaming/deleting folders (512056)
1341 - Filtering now happens on login (filters plugin)
aa3c545a 1342 - Added option for WIDTH and HEIGHT tags to Org. Logo. (patch #412754)
cdb361b1 1343 - Fixed resume draft bug #513521, #514639
0037f048 1344 - Newmail plugin: admin can disable the use of audio (patch #517698)
f9cabaf8 1345 - Fixed quoting problem in safe html (patch #516542)
d9a8ac55 1346 - SPAM folder no longer special folder (filters plugin)
1347 - Filtering now happens on folder list refresh (filters plugin)
0037f048 1348 - Added checking of input of the folders page
1349 - Made erronous deleting of folders harder (patch #514208)
49c0360c 1350 - Made SquirrelMail display \Noselect nodes in Cyrus also made it
11f6f685 1351 impossible to try to delete \Noselect nodes. (patch #452178)
56eb3bba 1352 - SquirrelSpell version 0.3.8 -- pretty configuration error reporting
1353 added by popular demand.
1d039092 1354 - Improved the handling of IMAP [PARSE] messages to reduce retrieval error.
49c0360c 1355 - Fixed small bug in handeling timezone (bug #536149).
984427e8 1356 - MDN message now RFC compatible (bug #537662).
1357 - Fixed html tables in printer_friendly_bottom.php (patch #542367), and
1358 make it so that printer friendly uses black-on-white colors in stead
1359 of the theme colors.
7aaa1434 1360 - Fixed return address of MDN receipts when having multiple identities
984427e8 1361 (patch #530139).
49c0360c 1362
4bbca183 1363Version 1.2.5 -- 22 February 2002
e56abf88 1364---------------------------------
fb7e97bf 1365 - Multiple mailbox list calls cached.
c300d795 1366 - Added 'View unsafe images' link to the bottom of pages which contain
1367 unsafe images.
1368 - Fixed 'too many close table tags' and various other issues
1369 which meant SM output didn't always validate as clean HTML.
01265fba 1370 - Added the ability to add special folders through plugins.
7be6dc8a 1371 - Added an Always compose in a pop-up window option.
1372 - Search page update with ability to save searches and search
1373 all folders at once.
e2b6aa40 1374 - Made searching on multiple criteria possible, with thanks to Jason Munro
1375 - Fixed 'list all' in addressbook (#506624, thanks to Kurt Yoder)
9701346b 1376 - Fixed small bugs in db_prefs
ab38c6cf 1377 - Allowed SquirrelMail to work from within a frame, eg. not using _top
1378 this is configureable. (thanks to Simon Dick)
4626cf87 1379 - Added options to conf.pl to enable automated plugin installation:
1380 ./conf.pl --install-plugin <pluginname>. This allows plugins to be
1381 distributed in packages. Conf.pl now also reports when saving fails.
ae2f65a9 1382 - Attachment hooks now also allow specification of generic rules like
1383 text/* which will be used when no specific rule is available.
9701346b 1384 - conf.pl can now configure database backed address books and
1385 preferences.
19070c0b 1386 - Version 0.3.7 of SquirrelSpell. Fixes a potential privacy
01265fba 1387 vulnerability (symlink attack), plus introduces formatting fixes
19070c0b 1388 and javadoc-style comments.
5fdc77eb 1389 - Bugfix in mailfetch reported by Mateusz Mazur
cb850f18 1390 - Administrator plugin. A web based conf.pl replacement.
1391 - Removed GLOBALS from conf.pl
1392 - HTML messages optimization.
01265fba 1393 - Added support for requesting read receipts (MDN) and delivery receipts.
8a7d0669 1394 - Added the ability to stop users changing their names and email addresses.
01265fba 1395 - Added signature into multiple identities (Stefan Meier <Stefan.Meier@cimsource.com>)
05d23eda 1396 - Updated user help files to reflect UI chanegs and added functionality.
01265fba 1397
c4db9729 1398Version 1.2.4 -- 25 January 2002
1399--------------------------------
eaddf11f 1400 - Security: Fixes a nasty remote arbitrary command execution vulnerability
c4db9729 1401 in the spellchecker plugin.
49c0360c 1402
7aa617a0 1403Version 1.2.3 -- 21 January 2002
1404--------------------------------
5be9f195 1405 - Fixed focus system on pages that contain forms.
49c0360c 1406 - Fixed IMAP code to send different command identifiers as per
5395f61e 1407 section 2.2.1 of RFC 2060.
f75e4fe4 1408 - Fixed 'sticky priority' so that replies are set to the same
1409 priority as the original message.
93f67b01 1410 - Fixed Printer Friendly to print HTML messages.
ca6e7f05 1411 - Fixed multiple receivers in Sent mailbox (#500910).
21392ee6 1412 - Disabled prefs caching under PHP 4.1
1413 - Added "Search Memory". Enabling to store up to
1414 9 predefined searchs.
c28faaad 1415 - Increased security in html message.
8f1ba72b 1416 - Added the possibility to specify system-defined css in order to
1417 allow users to change the font family and size of SM. Making possible to
1418 make it bigger or smaller depending on their screen size. Sysops may add
1419 or remove these system-defined css located in themes/css/
84760860 1420 - Fixed a bug appearing on some apache virtual hosts
1421 - Fixed javascript error (#505255)
125b602f 1422 - Fixed the db_prefs so they work again (#499609, thanks to Simon Dick)
49c0360c 1423
0fbbeed6 1424Version 1.2.2 -- 1 January 2002
1425-------------------------------
b1dde0de 1426
49c0360c 1427 - Fixed an infinite loop in printer friendly when wrapping option
1428 is not in the prefs.
1429 Bug reported by Boris Manojlovic <steki@verat.net>
bd9bbfef 1430 - Html cleanup, with patch from Dave Huang (#496712)
9cf915f1 1431 - Fixed a problem saving prefs when using PHP 4.1
ce861a7b 1432 - Russian, Thai, Swedish, Dutch and French update.
e0a50f24 1433 - Changed configure invocation from bash to sh. (Bug #496752)
9cb0db5c 1434 - Changed conf.pl invocation from '#!/usr/bin/perl' to
e0a50f24 1435 '#!/usr/bin/env perl' to help people who have perl somewhere
1436 else. (Bug #496753)
c64c33f4 1437 - Fixed sorting of folder list, bug #497181
f506bb2c 1438 - Fixed wrong behavior of non-javascript select all, bug #496681
1439 - Added "Show Pages" link to message list showing all messages
1440 (the resultant page of clicking "Show All")
c17a6e06 1441 - i18n Fix. Because of different configurations in the gettext system,
1442 some installations could not manage correctly SM languages other than
1443 English. This has been corrected.
e936f765 1444 - Miscellaneous rewrites and improvements.
9cb0db5c 1445 - Moved locale files into the ISO-conformant directories.
1446 - Moved help files into the ISO-conformant directories.
1447 - Moved compilepo and mergepo files from locale/ into po/
1448 - Slight i18n fixes and rewrites to accommodate for moved files.
1360e6b5 1449 - Fixes for entities in the subject when replying.
7ba2534a 1450 - Fixes for entities in the To: header. (Bug #489365)
1451 - Fix for incorrect javascript prefs handling (Bug #497688)
edebf177 1452 - Added color 15 for themes to separate background and foreground colors.
1453 - Added several new themes.
7ba2534a 1454
077c0273 1455Version 1.2.1 -- 25 December 2001
1456---------------------------------
1457
24087232 1458 - Fixed the bug that kept the create, delete, and rename sections
1459 from appearing in the folders page (#496604)
b0929329 1460 - Fixed the motd bug not allowing ' (#496616)
24087232 1461 - Sorting of addressbook_search fixed, thanks to the patch of
1462 Cor Bosman (xs4all)
077c0273 1463
f840ae6b 1464Version 1.2.0 -- 25 December 2001
1465---------------------------------
1466
1467 - Collapsible Folders
7d11248c 1468 - The Paginator!!!
f840ae6b 1469 - Hundreds of UI Tweaks
1470 - Message Drafts
1471 - Rewrite of much of the options pages
1472 - Multiple identities
1473 - Reply Citations
1474 - Better Attachment Handling
1893cac6 1475 - Integration of Several Plugins into Core Code (including xmailer,
f840ae6b 1476 attachment_common, paginator, priority, printer_friendly, sqclock)
7d11248c 1477 - Ability to mark messages as Read/Unread
1478 - New themes (including a Christmas theme, and several changing themes)
1479 - Rewrite of much of the options pages code
f840ae6b 1480 - Improved support for newer versions of PHP
1481 - Message lists can be shown with alternating colors for easier reading
1482 - Can include/exclude yourself when using the "Reply All"
1483 - Message highlighting comes with dozens more easily accessable colors.
1484 - Option to set the "Priority" of the message(Normal/High/Low)
1485 - Now able to show all messages of an inbox at the same time.
1486 - Cleanup of the paginator code, improving display style
1487 - Cleanup of configuration file code, a bit
1488 - Introduction of sent_subfolders plugin as Official Plugin
1489 - Bugfixes..and more Bugfixes!
15e6162e 1490
c17f5025 1491
15e6162e 1492***************************************************************
598294a7 1493*** SquirrelMail Development Series 1.1 and 1.1 Pre-Releases ***
15e6162e 1494****************************************************************
7b294953 1495
f840ae6b 1496Version 1.2.0-rc3 -- 2 December 2001
1497------------------------------------
fe3de9b1 1498 - Speed improvements and optimizations on much of the code
1499 - Comments added, formatting cleaned up for much of the code
598294a7 1500 - Several plugins integrated into the SquirrelMail core
fe3de9b1 1501 (focus change, attachment common, printer friendly, etc)
1502 - Several plugins added as "Official Plugins" to the main
598294a7 1503 SquirrelMail distribution
fe3de9b1 1504 - First half of a rewrite of the option pages code
1505 - The Paginator!!!
49c0360c 1506 - Other stuff that I don't recall (developers, please fill this in!)
6a3509e6 1507
1508Version 1.1.3 -- (never really released)
f840ae6b 1509----------------------------------------
1510 - Added major speed improvements to IMAP functions by our
1511 friends at XS4ALL
fe3de9b1 1512 - Fixed MOTD
1513 - Fixed multipart/alternative messages
1514 - Updated Dutch translation
1515 - Added Indonesian translation
1516 - Added Portuguese (Portugal) translation
1517 - Added language aliasing
1518 - Added Turkish translation
d632bf70 1519
49c0360c 1520Version 1.1.2 -- May 21, 2001
c2fabbf4 1521-----------------------------
fe3de9b1 1522 - Many bugs squashed
1523 - Several UI tweaks and improvements
1524 - Added option (3 -> 14 in conf.pl) to auto create sent and trash folders.
1525 - Updated Czech translation
1526 - Support for multiple identities
1527 - Support for Russian Apache removed. It is now deemed easier to just
49c0360c 1528 turn off Charset Recoding in the Russian Apache config. See the file
fe3de9b1 1529 doc/README.russian_apache
60ad318c 1530
1531Version 1.1.1 -- April 30, 2001
1532-------------------------------
fe3de9b1 1533 - Added built-in support for gettext if compiled support isn't available
1534 - Made validate.php include a few more standard things
1535 - Corrected a bug when sending an email properly
ab68b3f6 1536
49c0360c 1537Version 1.1.0 -- April 21, 2000
ab68b3f6 1538-------------------------------
fe3de9b1 1539 - Added option to have signout page redirect to another page (patch from
1540 Scott Bronson) This can be configured in conf.pl (Org Prefs)
1541 - Much improved SMTP error handling (patch from Jeff Evans)
1542 - Preferences are now cached instead of read in every page load.
1543 - Improved URL parser
1544 - Added ability to read HTML messages by default instead of plain text
1545 (Display Options)
1546 - Added authenticated SMTP server support (configure in conf.pl)
1547 - Rewrote attachment handling code in compose.php
1548 - If aliases are typed in To, Cc, or Bcc, they are automatically looked up
80bb6546 1549 in the addressbook and converted to the associated addresses.
fe3de9b1 1550 - Added collapseable folder listing (an option that can be turned on in
1551 Folder Options)
1552 - Added alternating row colors to improve interface (Display Options)
ceae39cc 1553
7351b45d 1554
fe3de9b1 1555**************************************
598294a7 1556*** SquirrelMail Stable Series 1.0 ***
fe3de9b1 1557**************************************
7351b45d 1558
dbf934ba 1559Version 1.0.6 -- April 19, 2001
1560-------------------------------
fe3de9b1 1561 - Reworked validation for each page. It's now standardized in validate.php
1562 - Fixed login bug that resulted from 1.0.5 security updates
1563 - Fixed plugin incompatibilities that were introduced in 1.0.5
1564 - Added more security checking to preference saving/loading
1565 - Updated German translation (thanks to Ronald Bauerschmidt <rb@debian.org>)
1566 - Updated Finnish help files
dbf934ba 1567
49c0360c 1568Version 1.0.5 -- April 17, 2001
80bb6546 1569-------------------------------
fe3de9b1 1570 - MAJOR security issues addressed. Please upgrade as soon as possible.
5df6fb4e 1571 [CVE-2001-1159]
fe3de9b1 1572 - Downloading attachments should work better due to a tip by Ray Black III.
1573 - Fixed bug with drop-down folder list not containing INBOX
1574 - Added Swedish help files Teemu Junnila <teejun@vallcom.com>
1575 - Added Italian help files Antonetti Roberto <antonr@piceniaweb.com>
49c0360c 1576
1577Version 1.0.4 -- April 9, 2001
e40bd151 1578------------------------------
fe3de9b1 1579 - Fixed some bugs with folder creation
1580 - Security fix for UW IMAP server to disallow folder paths outside of
1581 $folder_prefix
1582 - Some problems with header encoding/decoding fixed
1583 - Made subject column take up whatever width is available
1584 - Added bcc to html addressbook search
e40bd151 1585
49c0360c 1586Version 1.0.3 -- March 9, 2001
e40bd151 1587------------------------------
fe3de9b1 1588 - Many i18n enhancements/fixes
1589 - Fixed bug with default theme path being set incorrectly
1590 - Fixed problem when sending/forwarding multiple attachments
1591 - Made folder drop-down list consistant in look to the other drop-downs
1592 - Fixed problem where some attachment filenames would not be displayed
1593 - Added Finnish help files by Teemu Junnila <teejun@vallcom.com>
1594 - Updated Norwegian translation
1595 - Updated Brazillian Portuguise translation
49cfb501 1596
49c0360c 1597Version 1.0.2 -- February 8, 2001
49cfb501 1598---------------------------------
49c0360c 1599 - Added a workaround for RedHat's 4.0.4pl1-3 binary package (It's also
fe3de9b1 1600 the same workaround for Konqueror and other PHP installations?)
1601 - Select All works through the search
1602 - Better escaped string handling from POST variables
1603 - Many more code cleanups and optimizations
1604 - Added Hungarian translation by Teemu Junnila <teejun@vallcom.com>
d4c14e51 1605 - Added Icelandic translation by Karl Hei�r <karlh@macho.is>
fe3de9b1 1606 - Updated Taiwan translation
95a1cd99 1607 - Updated Swedish translation
fe3de9b1 1608 - Updated Finnish translation
68b6d237 1609
49c0360c 1610Version 1.0.1 -- February 1, 2001
4f5c1bcb 1611---------------------------------
fe3de9b1 1612 - Improved the way sqimap_read_data() is handled
49c0360c 1613 - Sped up "no sorting" even more
fe3de9b1 1614 - Fixed problems with sending messages
1615 - Fixed some pass-by-reference calls that caused problems with newer
1616 PHP versions
1617 - Fixed bug that didn't display last folder subscribed to
1618 - Removed requirement of PHP 4.0.1 for array_unique() function
1619 - Removed unnecessary echo statements by breaking out of PHP
1620 - Changed evaluation method from using " to ' for speed improvements
1621 - If no plugin array set in config.php, now handled correctly
1622 - If subject is > 55 chars, trims it and puts "..." in message list
1623 - Hundreds of minor changes to remove all verbose PHP warning messages
34b13bf4 1624
49c0360c 1625Version 1.0 -- January 30, 2001
34b13bf4 1626-------------------------------
fe3de9b1 1627 - Updated config_default.php to include attachment_common plugin
1628 (now in distribution)
1629 - A few minor speed improvements
1630 - Fixed problems in sqimap_read_body(), made it more reliable
1631 - Added French translation of help files by gore K <gore_k@ymca-cepiere.org>
1632 - Added Finnish translation by Teemu Junnila <teejun@vallcom.com>
95a1cd99 1633 - Updated Swedish translation
fe3de9b1 1634 - Updated Russian translation
1635
1636
1637********************************************************
598294a7 1638*** SquirrelMail Development Series 1.0 Pre-Releases ***
fe3de9b1 1639********************************************************
7da0cdcc 1640
49c0360c 1641Version 1.0pre3 -- January 22, 2001
94d5377a 1642-----------------------------------
fe3de9b1 1643 - Fixed some "Select All" bugs
1644 - Finally fixed the IE/SSL download problem!!
1645 - Added Danish translation by Claus Rasmussen <claus@webclaus.com>
1646 - Updated Spanish translation
1647 - Updated Polish translation
1648 - Updated Taiwan translation
1649 - Updated Czech translation
1650 - Updated Korean translation
792b45c7 1651
49c0360c 1652Version 1.0pre2 -- January 15, 2001
07f616ad 1653-----------------------------------
fe3de9b1 1654 - A number of security fixes
1655 - Replaced error messages with better, formatted, and meaningful messages.
1656 - Fixed "reply all" so that it works intelligently now
1657 - Made deleted (but not expunged) messages easier to detect (only if
1658 $auto_expunge = false)
1659 - Fixed bug that didn't display size correctly in search results
1660 - Major memory management and speed improvements with downloading of
1661 attachments
1662 - Made $auto_expunge variable actually do something
1663 - Fixed bug that didn't display login failure message
1664 - Fixed minor bug in sqimap_mailbox_list
1665 - Added sqimap_capability function to check capabilities of server.
1666 - Rewrote sqimap_get_delim to use NAMESPACE capability (if available) to
1667 get delimiter.
1668 - Added Catalan translation of Help documents by Josep Sanz <jsanz@fa.upc.es>
1669 - Added Taiwan translation by "ching" <ching@kiwa.com.tw>
8219a101 1670
49c0360c 1671Version 1.0pre1 -- December 14, 2000
8219a101 1672------------------------------------
fe3de9b1 1673 - Fixed bug in sending messages with a blank line with a "."
1674 - Folder displays have been changed to be more readable in drop-down lists
1675 - For security, login verification happens, then we're redirected to
1676 webmail.php
1677 - Folder sorting now case insensative
1678 - added config option to set IMAP folder delimiter rather than always
1679 detecting it
1680 - Made session cookie parameter use PHP's settings rather than making
1681 assumptions
1682 - Select/Deselect all implemented using only HTML (not Javascript)
1683 - Fixed default charset that is sent with outbound messages (now user's
1684 preferred charset)
1685 - Sort method saving now transparent to user, and saves between sessions
1686 - Now replacing all \n with \r\n before sending the message.
1687 - Added sorting option for NO sorting.. 10000 times faster!
1688 - Using <pre> tags for viewing message body instead of <tt> and &nbsp;
1689 - Added redirection from subdirectories to login page
1690 - Attachments are shown in message index (shown as a "+")
1691 - Updated attachment plugin support and passing values to hooks (see
1692 plugins.txt)
1693 - Added file and message size in many locations
1694 - Made message index order customizable (from, subject, date) can be (date,
1695 from, subject)
1696 - Fixed some security problems with uploading attachments
1697 - When reading, attachments look better and have a better plugin interface
1698 - Some functions now pass values by reference to save on memory
1699 - Added Catalan translation from Josep Sanz <jsanz@fa.upc.es>
1700 - Added Serbian translation from Boris Manojlovic <steki@verat.net>
1701 - Added Polish translation of Help from Krystian Kanabrodzki
1702 <krys@voruta.eu.org>
1703
1704
1705*****************************************
598294a7 1706*** SquirrelMail 0.5 and Pre-Releases ***
fe3de9b1 1707*****************************************
8219a101 1708
49c0360c 1709Version 0.5 -- September 25, 2000
bafefd39 1710---------------------------------
fe3de9b1 1711 - Fixed some problems with downloading attachments in IE
1712 - If no date is set in header, we take internal date of the imap server
49c0360c 1713 - Fixed some lingering bugs in mime parsing
fe3de9b1 1714 - Searching specifies CHARSET option
1715 - Security fixes
1716 - Fixed hyperlink rendering problems
e2ef6f4b 1717
49c0360c 1718Version 0.5pre2 -- September 6, 2000
e2ef6f4b 1719------------------------------------
fe3de9b1 1720 - Added quite a few new themes
1721 - Fixed double folder problem on some servers
1722 - Using encryption for passwords
1723 - Added a patch from Bill Thousand to allow easier virtual domains
1724 - Security updates with attachments
1725 - Added more hooks for plugins, updated plugin.txt
1726 - Improved HTML address book
1727 - Fixed bugs in parsing email addresses in smtp.php
1728 - Applied fixes for Courier IMAP server (by Andreas Dahl)
1729 - Fixed some buggy IMAP handling
1730 - Improved word wrapping
1731 - Fixed bugs with adding and not adding backslashes
1732 - Made message highlighting case insensative
1733 - Added Korean translation from Jong-II Kim <aporie@netian.com>
1734 - Added Italian translation from Aldo Moresco <moresco@idcm.it>
1735 - Added French translation from Ali Nedjimi <lrdfrx@club-internet.fr>
74a7d5b0 1736
49c0360c 1737Version 0.5pre1 -- August 9, 2000
74a7d5b0 1738---------------------------------
49c0360c 1739 - Searching folders functionality added
fe3de9b1 1740 - Date display now is similar to Netscape Messenger
1741 - Many bugs have been reported to the list, and been squashed
49c0360c 1742 - Help system developed
fe3de9b1 1743 - Folder list now shows configurable details about messages
1744 - It is now possible to select multiple subscribes/unsubscribes
1745 - Removed a bunch of annoying "success" screens, improved navigation
1746 - Better IMAP session handling
1747 - Redid the options section and split it into different parts
1748 - Added "view all headers" option when reading a message
1749 - In-Reply-To and References headers are inserted when replying to a message.
1750 - Changed how attachments are displayed and handled
1751 - Rewrote MIME support from scratch, optomizing it an unbelievable amount
1752 - Added support for message highlighting
49c0360c 1753 - Moved Address and Send buttons on Compose form for easier access
fe3de9b1 1754 - Added Polish translation from Lukasz Klimek <casa@LO.Pila.PL>
1755 - Added Swedish translation from Tobias Ekbom
1756 - Added Brazilian Portuguse translation from Henrique Moura
1757 - Added Dutch translation from Arjen Halma
1758
1759
1760*****************************************
598294a7 1761*** SquirrelMail 0.4 and Pre-Releases ***
fe3de9b1 1762*****************************************
e9f8ea4e 1763
49c0360c 1764Version 0.4 -- May 15, 2000
cf59dc94 1765---------------------------
fe3de9b1 1766 - If subject is blank, displays "(no subject)"
1767 - Fixed a few minor bugs and typos reported to list
1768 - Changed <? to <?php in a few places
349ca9f7 1769
1770Version 0.4pre2 -- May 5, 2000
a8194730 1771------------------------------
fe3de9b1 1772 - Replying sets the "Answered" flag on the original message
1773 - When message is sent, it sends you to the folder you were looking at.
1774 - HTML based address book search
1775 - Made folder listing look first at subscribed folders, making it
1776 faster, even if you don't have $folder_prefix set.
1777 - Fixed some bugs with default sent and trash folders
1778 - Fixed some bugs with folder manipulating
a8194730 1779
3b3d853f 1780Version 0.4pre1 -- April 29, 2000
1781---------------------------------
fe3de9b1 1782 - For speed's sake, unseen messages are only noted on INBOX in left
3b3d853f 1783 folder list. This will change with 0.5.
fe3de9b1 1784 - Optomizations, fewer IMAP calls, more efficient sorting algorithms.
1785 - Fixed all bugs listed in BUG
49c0360c 1786 - When inside the Sent folder, it displays "To" instead of "From"
fe3de9b1 1787 - Added ability to go to Next and Previous message while reading a message
1788 - Caching of the message headers in mailbox (much faster)
1789 - Added a preference that allows users to customize how many messages
1790 they see when they index a mailbox
1791 - Added flag status showing on message list (Answered, Flagged, and Seen)
1792 - Now using PHP session management
1793 - Parsing the body for URLs and Email addrs
1794 - Added option to configure default folder directory. ie: ~/mail
1795 - Configuration script added: config/conf.pl
1796 - Addressbook with LDAP support
1797 - Big speed improvements with folder listing
1798 - Added Subscribe/Unsubscribe to folders
1799 - Fixed bug in UW that didn't mark unseen messages
1800 - Saving sent messages into $sent_folder
49c0360c 1801 - It doesn't bail out if PHP wasn't compiled with --with-gettext.
d17b1a71 1802 It only uses english in this case.
fe3de9b1 1803 - Added support for Cyrillic (thanks to Artem Botchkov for help)
1804 - Included information on Russian Apache from Konstantin Riabitsev
1805 - Honoring charset parameter for the body.
1806 - Changed the way emptying of trash was done to work better
a9eed94d 1807 across different IMAP servers
d17b1a71 1808
1809
fe3de9b1 1810*****************************************
598294a7 1811*** SquirrelMail 0.3 and Pre-Releases ***
fe3de9b1 1812*****************************************
ecf51658 1813
d17b1a71 1814Version 0.3.1 -- March 13, 2000
1815-------------------------------
fe3de9b1 1816 - Fixed a bug that didn't allow downloading of attachments
d17b1a71 1817
ebb42164 1818Version 0.3 (final) -- March 10, 2000
1819-------------------------------------
fe3de9b1 1820 - Fixed bug in smtp.php and made sending RFC complient
1821 - Fixed a bug that wouldn't let you rename folders with UW server.
1822 - Other minor bugfixes
c973661d 1823
49c0360c 1824Version 0.3pre2 -- March 5, 2000
c973661d 1825--------------------------------
fe3de9b1 1826 - Rewrote folder deletion. It works much more flexably now.
1827 - Fixed message deletion that didn't always delete the right messages.
1828 - Removed font tags
1829 - Better character translation, especially for i18n
1830 - Added the choice of language as a user preference
1831 - Bug fixes, bug fixes, bug fixes
1832 - Fixed bugs in message moving and deleting
1833 - Rewrote all IMAP functions from scratch
4ca45d7b 1834
1835Version 0.3pre1 -- February 17, 2000
1836------------------------------------
fe3de9b1 1837 - Added user-specific preferences including:
1838 Full Name (for outbound messages)
1839 Reply-to address
1840 Theme
1841 Move messages to trash option (true/false)
1842 Wrap incoming text at XX characters
1843 Editor window size (in characters)
1844 Time between reloads of the left folder list
1845 Signature
1846 - Rewrote SMTP functions. It now works and handles error correction.
1847 - Only folders that you're subscribed to will be listed
1848 - Fixed a bug in outbound messages that translated " into \"
1849 - Added themes in distribution (7 total)
1850 - Added option to send email via sendmail rather than SMTP
1851 - Increased speed of viewing folder by date about 25%, and viewing the
1852 folder by Subject or Sender by up to 100%.
1853 - Added internationalization
1854 - Added sending of attachments
1855 - Left folder refreshing at intervals (with META tags)
1856
1857
1858*****************************************
598294a7 1859*** SquirrelMail 0.2 and Pre-Releases ***
fe3de9b1 1860*****************************************
4ca45d7b 1861
78509c54 1862Version 0.2.1 -- January 05, 2000
1863---------------------------------
fe3de9b1 1864 - Rewrote how MULTIPART messages were handled and made it recursive
1865 - We now take into account the encoding type rather than guessing
1866 - Redesigned how attachments are displayed
1867 - Fixed the bug that wouldn't let you send messages (I hope)
1868 - Added a "download message" option
1869 - Added a plain text viewer for text messages
78509c54 1870
8dc0fb27 1871Version 0.2 -- January 02, 2000
1872-------------------------------
fe3de9b1 1873 - Attachment support (much better MIME support in general)
1874 - Themeable support replaced Custom Colors. Themes are pluggable.
8dc0fb27 1875
cb8dd416 1876
fe3de9b1 1877*****************************************
598294a7 1878*** SquirrelMail 0.1 and Pre-Releases ***
fe3de9b1 1879*****************************************
4ca45d7b 1880
8dc0fb27 1881Version 0.1.2 -- December 20, 1999
1882-----------------------------------
fe3de9b1 1883 - Date translation to local time
1884 - Rewrote folder fetching code universally
1885 - Added attachment detection (no downloads yet)
1886 - Fixed many minor bugs that were reported
0f1835f3 1887
1888Version 0.1.1 -- December 16, 1999
1889-----------------------------------
fe3de9b1 1890 - Reworked all the IMAP functions to make them RFC 2060 compliant
1891 (should work with all IMAP servers)
1892 - Added color customization
1893 - Sorted folder list (on left bar)
1894 - Added MUCH better error correction and notification
0f1835f3 1895
d92b6f31 1896Version 0.1 -- December 14, 1999
1897--------------------------------
fe3de9b1 1898 - Message composing (with to, cc, bcc)
1899 - Message viewing, including HTML messages
1900 - Basic MIME support, no attachments...yet
1901 - Message sorting by Date, Name, or subject
1902 - Folder manipulation (deleting, creating, moving, and renaming)
1903 - IMAP email (currently only Cyrus IMAP server has been tested)
1904 - Many other features that are basic email functionality