written by Bryan Loniewski.
- Use Special Folder Color config option works again (#931956).
- In POP3-class, be more liberal regarding RFC-incompliant POP3-servers.
+ - Set up language before outputing errors in auth.php to make them appear in
+ the correct language.
- Added Basque translation support.
- Remove flag buttons / links from display if mailbox doesn't allow it.
- Make used of cached ordered uid list in case of server_side_sorting.
- Give proper error when PEAR DB not found.
- Remove inappropriate strip_tags() from add-to-addressbook (#968475).
- Prefs caching didn't work properly with register_globals off (#995102).
- - Security: fix SQL injection vulnerability in addressbook
- [CAN-2004-0521].
+ - Security: fix SQL injection vulnerability in addressbook.
+ [CAN-2004-0521]
- Removed html_top and html_bottom hooks. No longer used/needed.
- Added "trailing text" for options built by SquirrelMail (text placed
after text and select list inputs on options pages)
- Prevent & being eaten in set_url_var, thanks Marcin Orlowski. Fixes #1053725.
- Removed internal_link hook.
- Added sq_setlocale function in order to use multiple locale names.
+ - Set up language before outputing errors in signout.php to make them appear
+ in the correct language.
- Added size attributes to new_mail sound tags. Fixes #818958.
- Removed extra ; in SquirrelMail added Received header per RFC 822. Fixes #1088548.
- Add IMAP server type "hmailserver" to make search work with hMailServer.
Fixes #983614.
- Fix listcommands plugin to behave like normal reply/compose
links, and return to message page that originally called from.
-
+ - Max upload file size now correctly handles a '-1' value, meaning
+ unlimited. (#1094569).
+ - Security: Added hook for Preferences Backend to resolve potential
+ file inclusions. [CAN-2005-0075]
+ - Remove Printer Friendly Clean Display config option, the cleaning
+ is now always done.
+ - Create new Options section "Compose Preferences" and move some
+ options from Display Preferences there; also move some around within
+ Display Preferences.
+ - Security: Fix possible file/offsite inclusion in src/webmail.php.
+ [CAN-2005-0103]
+ - Security: Fix possible XSS issues in src/webmail.php. [CAN-2005-0104]
+ - Fix undefined variables in src/webmail.php.
+ - 24hr clock format should include a leading 0.
+ - Removed numeric keys for plugin array in config.php.
+ - Fixed translations of "On DATE, AUTHOR said" and "AUTHOR said" replies.
+ - Added sq_str_pad function for padding of multi-byte strings.
+ - Added sq_strlen function for calculation of multi-byte string length.
+ - Quoted "INBOX" in check for the status of INBOX in a LIST call. Fixes an
+ issue with a specific IMAP server.
+ - In sqgetGlobalVar(), reset $value if the var is not found in the
+ specified location.
+ - Move default_pref to the config/ dir, but keep checking legacy locations
+ first for bc. Do not fail with an error when default_pref not found, just
+ create an empty one.
+ - Add trailing slash for data directory used by global file based address
+ book (#1105760).
+ - Fixed sorting problem is get_squirrel_sort() function (#1115403).
+ - Add "Show Only Subscribed Folders" option to allow users to show all
+ folders instead of only subscribed ones (#1105756, #1105250).
+ - Add workaround for Mercury/32 servers that will subscribe again to
+ an already subscribed folder (#1115409).
+ - Added blank.png for missing image support.
+ - Use the proper attachment filenames in case of forwarding a message.
+ - Fix for #855320 where Outlook Express was creating CID: based URLs,
+ but not assigning a content-id to the attachment. This is a bug in
+ Outlook Express and is non-RFC compliant behaviour.
+ - Strip <outbind://> tags out. This is a Microsoft only protocol and
+ references files local to the sending machine. This causes issues
+ with Internet Explorer.
+ - Replace <img src="outbind://"> links with clean images to stop
+ issues with Internet Explorer not being able to track down the image.
+ - Empty src attribute on img tags causes logouts (IE only), replacing
+ string with blank.png.
+ - Added vmailmgrd backend to change_password plugin.
+ - Fixed change_password_init hook.
+ - Give an error to the user when SquirrelMail is not configured yet
+ (instead of "failed to include config.php").
+ - Added swf and mp3 support to newmail plugin. Restored custom user media
+ support.
+ - Removed unused save_option_header() function from display and compose
+ option includes.
+ - Fixed bug #1124764, view unsafe images inside printer friendly view.
+ - Fixed bug #1032366, remove NUL characters in text attachments on sent.
+ - URL Encode required for string being passed in mailto: links to pass on
+ additional values (cc, body, subject etc).
+ - Fixed bug #801060. Removed option for INBOX in filters plugin as source
+ is always INBOX.
+ - Always show Purge link next to Trash, even when empty.
+ - errors in addressbook_init() function are no longer fatal. If function
+ fails to activate address book backend, it displays error box (with
+ error_box() function). error box can be hidden by setting first
+ function argument to false.
+ - Sanitized search in ldap address book backend. Use of asterisk
+ together with other symbols is not supported.
+ - Added ldap backend to change_password plugin.
+ - Change defaults of some prefs to more sensible / usable settings.
+ - Revise the documentation of the packaged plugins.
+ - Fixed edit form checks in address listing (#1124018).
+ - After sending resumed draft, return to message list.
+ - Parse and replace mailto: links with internal compose links when
+ viewing in HTML format.
+ - Plugins may now define an "extra" array element to return to the attachment
+ types hook, which will be also inserted in the attachment link for the
+ plugin.
+ - Added mouseover row highlighting on message index.
+ - Added <label> for checkboxes on message index (when highlighting is off).
+ - Fixed mailto: parsing in functions/url_parser.php.
+ - Fixed broken signout page (plugins work here again).
+ - Fixed configtest to use correct PostgreSQL connection function
+ (#1166228).
+ - Added configuration option that blocks remote use of
+ src/configtest.php by default.
+ - Fixed ldap checks in configtest.php.
+ - Added configuration option that controls listing of global file based
+ address book.
+ - Fixed administrator's plugin breaks related to latest sqGetGlobalVar()
+ and $plugins array changes.
+ - Included local configuration file in config.php generated by
+ administrator's plugin.
+ - Updated the Filters plugin to comply with our Plugin Standards.
+ - Fixed Filters plugin problems with duplicate rule processing and false
+ unread message counts (Bug# 676073 and patch #919045).
+ - Strip position:absolute style from HTML mails.
+ - Add ability to the Filters plugin to filter on Message Body, or both
+ the Headers and the Message Body.
+ - Update the message copy and move functions to allow for error handling.
+ - Fix the filter plugin from halting the login process when copying errors
+ occur.
+ - Clean up the folder management (create, rename, subscribe) code.
+
Version 1.5.0
--------------------
- Added new preference that determines cursor focus when replying
- Added a server-side sorting global option
- Compose in new window size can be set in Display prefs.
- Logout error system unified.
- - Security: Fix for a "theme passed as cookie" exploit. [CVE-2002-0516]
+ - Security: Fix for a "theme passed as cookie" exploit. [CAN-2002-0516]
- PostgreSQL is now supported for database backed use
- Added user option to sort messages by internal date
- Changed attachment handling now attachments are adressed to
projects / squirrelmail.git / blobdiff