written by Bryan Loniewski.
- Use Special Folder Color config option works again (#931956).
- In POP3-class, be more liberal regarding RFC-incompliant POP3-servers.
- - Disabled Korean extra functions, because they don't provide all required
- options and message composition is broken.
- Added Basque translation support.
- Remove flag buttons / links from display if mailbox doesn't allow it.
- Make used of cached ordered uid list in case of server_side_sorting.
- Fixed XSS vulnerability in content-type display in the attachment area
of read_body.php discovered by Roman Medina.
- Get alternating row colors of addressbook in sync with mailbox list.
+ - Give proper error when PEAR DB not found.
+ - Remove inappropriate strip_tags() from add-to-addressbook (#968475).
+ - Prefs caching didn't work properly with register_globals off (#995102).
+ - Security: fix SQL injection vulnerability in addressbook
+ (CVE ID: CAN-2004-0521).
+ - Removed html_top and html_bottom hooks. No longer used/needed.
+ - Added "trailing text" for options built by SquirrelMail (text placed
+ after text and select list inputs on options pages)
+ - Custom option page values now repopulate correctly
+ - Added "no focus" option for compose page in display preferences (setting
+ reply focus to "No focus" also affects composing new messages)
+ - Current hook name is now globally available when running a hook ($currentHookName)
+ - Fix bug when Saving to Draft folder that contains special characters.
+ - Added size limit to signatures saved in file backend. Created error_option_save
+ function, that allows sending error message to options page. Thanks to Martynas
+ Bieliauskas for spotting big signature "option".
+ - Make SquirrelSpell work with safe_mode enabled, if using PHP >=4.3.0.
+ Patch by Ray Ferguson.
+ - Make IP-address in Message-ID RFC822 compliant.
+ - Uneditable address book entries no longer have checkboxes on addresses page.
+ - Alignment of title text above folder list fixed.
+ - Changed structure of xtra_code functions that are used by some translations.
+ - Added Uighur language support.
+ - Added status bar to compose window when "Compose In New Window" is used.
Version 1.5.0
--------------------
- Correctly fold encoded header lines.
- Fix prefs caching not working correctly in PHP 4.3 caused by a stupid
version checking mechanism.
- - Fix XXS hole that allowed JavaScript execution by sending someone
+ - Fix XSS hole that allowed JavaScript execution by sending someone
an email with specially crafted headers. Thanks Jason Munro, and
Masato Higashiyama.