- Norwegian Bokmal translation uses nb_NO.
- Integrated Msg_Flags plugin - turn on/off icons using configuration tool,
menu number 11 (Tweaks), option number 3, after which users must select an
- icon theme in Options/Display Preferences.
+ icon theme in Options/Display Preferences.
"Flag"/"Unflag" buttons are implemented as separate plugin.
- Added Farsi and Tagalog translation support.
- Enabled Ukrainian and Russian-Ukrainian support
- Added sort by message size.
- Security: Fixed XSS vulnerability in content-type display in the attachment
area of read_body.php discovered by Roman Medina.
+ - Removed src/move_messages.php, move_before_move and move_messages_button_action
+ hooks. Mailbox listing actions should be handled by src/right_main.php and
+ functions/mailbox_display.php hooks.
- Get alternating row colors of addressbook in sync with mailbox list.
- Give proper error when PEAR DB not found.
- Remove inappropriate strip_tags() from add-to-addressbook (#968475).
- Prefs caching didn't work properly with register_globals off (#995102).
- Security: fix SQL injection vulnerability in addressbook.
- [CAN-2004-0521]
+ [CVE-2004-0521]
- Removed html_top and html_bottom hooks. No longer used/needed.
- Added "trailing text" for options built by SquirrelMail (text placed
after text and select list inputs on options pages)
- Fix bug when Saving to Draft folder that contains special characters.
- Added size limit to signatures saved in file backend. Created
error_option_save function, that allows sending error message to options
- page. Thanks to Martynas.
- Bieliauskas for spotting big signature "option".
+ page. Thanks to Martynas Bieliauskas for spotting big signature "option".
- Make SquirrelSpell work with safe_mode enabled, if using PHP >=4.3.0.
Patch by Ray Ferguson.
- Make IP-address in Message-ID RFC822 compliant.
8bit symbols. (provides fix for #934033).
- Fixed decoding function problems when mbstring.func_override has
MB_OVERLOAD_REGEX enabled.
- - Security: Fixed XSS exploit in decodeHeader function. [CAN-2004-1036]
+ - Security: Fixed XSS exploit in decodeHeader function. [CVE-2004-1036]
- Added site configuration and custom translation engine support to translate
plugin.
- Fixed SquirrelSpell error output. Patch courtesy David Boone.
- Max upload file size now correctly handles a '-1' value, meaning
unlimited. (#1094569).
- Security: Added hook for Preferences Backend to resolve potential
- file inclusions. [CAN-2005-0075]
+ file inclusions. [CVE-2005-0075]
- Remove Printer Friendly Clean Display config option, the cleaning
is now always done.
- Create new Options section "Compose Preferences" and move some
options from Display Preferences there; also move some around within
Display Preferences.
- Security: Fix possible file/offsite inclusion in src/webmail.php.
- [CAN-2005-0103]
- - Security: Fix possible XSS issues in src/webmail.php. [CAN-2005-0104]
+ [CVE-2005-0103]
+ - Security: Fix possible XSS issues in src/webmail.php. [CVE-2005-0104]
- Fix undefined variables in src/webmail.php.
- 24hr clock format should include a leading 0.
- Removed numeric keys for plugin array in config.php.
is always INBOX.
- Always show Purge link next to Trash, even when empty.
- errors in addressbook_init() function are no longer fatal. If function
- fails to activate address book backend, it displays error box (with
+ fails to activate address book backend, it displays error box (with
error_box() function). error box can be hidden by setting first
function argument to false.
- - Sanitized search in ldap address book backend. Use of asterisk
+ - Sanitized search in ldap address book backend. Use of asterisk
together with other symbols is not supported.
- Added ldap backend to change_password plugin.
- Change defaults of some prefs to more sensible / usable settings.
- Revise the documentation of the packaged plugins.
- Fixed edit form checks in address listing (#1124018).
- After sending resumed draft, return to message list.
- - Parse and replace mailto: links with internal compose links when
+ - Parse and replace mailto: links with internal compose links when
viewing in HTML format.
- Plugins may now define an "extra" array element to return to the attachment
types hook, which will be also inserted in the attachment link for the
is specific to Microsoft ADS (#1035454). Thanks to Michael Brown.
- Missing PHP LDAP extension errors are now handled by ldap backend and
errors are displayed after address book initialization.
- - LDAP connections are opened during search and not during address book
+ - LDAP connections are opened during search and not during address book
initialization.
- - Fixed wrapping of multibyte strings in message view and replies
+ - Fixed wrapping of multibyte strings in message view and replies
(#1043576).
- mbstring internal encoding is switched to ASCII, if mbstring.func_overload
is enabled (#929644).
(RFC 2221) but log the user out with a hint. Patch by Ariel Arjona
(#1006242).
- Fixed SquirrelMail language cookie detection in php register_globals=off.
- - If default SquirrelMail language is set to empty string, interface will
+ - If default SquirrelMail language is set to empty string, interface will
try to follow browser's HTTP_ACCEPT_LANGUAGE header or fallback to en_US
(#764709).
- If From: field is unset in an email, header object for from field is not
- Add Cancel button to addressbook (#1180565).
- RFC 2046: Send mixed messages with multipart/alternative nested boundaries
with correct boundary strings.
- - WARNING: if same user data storage location is used to store SquirrelMail
+ - EXPERIMENTAL: Mailbox listing converted to templated layout. Added
+ template support functions and classes. Rewrote some page header and
+ mailbox listing functions. Disabled 'show_recipient_instead' option.
+ Added more columns to mailbox listing and index order options.
+ - Removed sort by internal date option. Now you can use the Received column
+ in the index order option page for that.
+ - WARNING: if same user data storage location is used to store SquirrelMail
1.4.x and 1.5.1+ user settings, SquirrelMail 1.5.1+ will reset mailbox
display order (Options->Index Options) in stable. Backup your data before
testing 1.5.1+ or use different storage location.
- Check destination folder in mail_fetch plugin before storing messages
in it. Modify destination folder, if it is renamed or deleted within
SquirrelMail (#584658).
+ - Made the Flags column a required column in the index order options page to
+ prohibit missing seen/unseen info in the messages list.
+ - Fixed disabled prev/next links in the message display when you reach the
+ end of the page (message set).
+ - Moved delete button to the right in the message list.
+ - Fixed imap capability detection in bug_report plugin. It was broken
+ when IMAP TLS was enabled or imap server mapping was used.
+ - Added mail_fetch plugin configuration file and moved plugin functions
+ from setup.php to functions.php file.
+ - SquirrelSpell plugin was modified to use standard SquirrelMail
+ preference system. User dictionaries that are stored in $username.words
+ files should be automatically updated to new format, when user logs in.
+ Fixed possible php script errors caused by $SQSPELL_APP configuration
+ variable changes. Removed $SQSPELL_EREG configuration option. Plugin's
+ version increased to 0.5.
+ - $skip_SM_header option was replaced with $encode_header_key and
+ $hide_auth_header options. First option allows to encode user's information
+ with provided encryption key (set in 2. Server settings -> B. Update SMTP /
+ Sendmail settings). Second option allows to disable authenticated user part
+ in Received: header, when user can't forge used email address. It is set in
+ 4. General Options -> 9. Allow editing of identity.
+ - Added dovecot preset to configuration utility.
+ - Modified mercury32 preset in order to remove INBOX prefix in mercury32 4.01.
+ - Added peardb backend to change_password plugin.
+ - Tweak IMAP connection error display (#1203154).
+ - Gracefully recover from over quota error while sending a mail (#1145144).
+ - Fix get_identities() for the case where the user has not set an email
+ address: use the fallback $username@$domain that's used in compose aswell.
+ - Fix "Include me in CC on Reply All" for the case where email address was
+ not set in the prefs (#781202, #1093363).
+ - Move documentation for SquirrelMail developers to doc/Development.
+ - Added id attribute support to form functions. It can be used for Section
+ 508 or WAI fixes. Original idea and patch by dugan <at> passwall.com.
+ - Fixed broken attachments caused by inconsistency of PHP chunk_split().
+ Thanks to Roalt Zijlstra.
+ - Identity code was not checking for domain part in username before setting
+ email address (Bug #1219184).
+ - Disallow access to the administrator plugin screens when the plugin is
+ not enabled in the config.
+ - Security: fix several cross site scripting (XSS) attacks. Thanks go to
+ Martijn Brinkers for finding a lot of these. [CVE-2005-1769]
+ - Update COPYING with new address of the FSF.
+ - Fixed missing quote character when trying to build cid: urls.
+ - Added address listing functions and listing controls to address
+ book LDAP backend. Blocked wildcard searches in file and database
+ backends when listing is disabled (#529563).
+ - Some LDAP address book backend configuration options (listing
+ controls, filtering, scope limit) are moved to 'advanced
+ configuration' subsection.
+ - Javascript relied on rg=1 in the login page to force focus to
+ password box if username was supplied as a url arg (#1222617).
+ - Fix variable typo in parseFetch which caused IMAP errors on Exchange.
+ Thanks Christian Froemmel.
+ - Added Bluesome theme by Saku Lehtiö (#1188209).
+ - Rewrite of advanced identity handlying to remove stupid extraction
+ of all post variables. [CVE-2005-2095]
+ - Added StartTLS support to address book LDAP backend (#1197703). Patch
+ by John Lane.
+ - Added subtree/one level search options to address book LDAP backend
+ (#1212618).
+ - Added Simple Green 2 and Simple Purple themes by Vicky Pyne (#1217066
+ and #1217069).
+ - sqimap_messages_delete|copy|flag and sqimap_get_small_header()
+ functions are removed from SquirrelMail IMAP API. Use sqimap_msgs_*
+ and sqimap_get_small_header_list() functions instead.
+ - Fix for bad cache on massive expunge/delete/move operations.
+ - Moved time zone configuration from locale/timezones.cfg to php array.
+ Adds time zone name localization options and fixes problems on systems
+ that don't support GNU C time zone mappings (#1177067).
+ - Use default color theme in logout_error function when possible.
+ - Fixes for increased error checking in PHP 5.0.5+ array_shift() (#1237160).
+ - Added extra checks in delivery class for In-Reply-To header. Fixes
+ E_NOTICE level warnings in php 5.0.4 and later (#1206474). [php5]
+ - Added extra checks in SquirrelMail charset_encode() function in case
+ somebody removes HTML to US-ASCII conversion library (#1239782).
+ - Fixed invalid reference in src/download.php. E_NOTICE level warnings
+ could corrupt attachments in php 4.4.0.
+ - Added internal dgettext() and dngettext() functions.
+ - Added display of attachments on printer friendly page.
+ - Added custom error handling class and related functions.
+ - Added option to disable upload of sounds in newmail plugin.
+ - Removed full URL from sound file preferences in newmail plugin
+ (#1233530).
+ - Stripped BaseDN from nicknames in address book's ldap_server backend.
+ - Fixed error handling in SquirrelSpell plugin. sprintf and gettext
+ formating errors in check_me.mod. Reported by Edward Chapman.
+ - Translations are loaded automatically from locale/<localename>/setup.php
+ files (#1240889).
+ - Allow configure to be ran from any directory, thanks Ceri Davies.
+ - Removed $available_languages configuration option. List is limited to
+ installed translations. Similar feature is implemented in limit_languages
+ plugin.
+ - Don't load plugins/administrator/auth.php during plugin initiation.
+ - Removed function references from address book database backend class,
+ list_addr(), lookup() and search() functions. Referenced lookup()
+ function caused E_NOTICE warnings in php 4.4.0. Reported by Cor Bosman.
+ - Test to ensure folder exists before attempting to delete it, otherwise
+ IMAP server will return an error.
+ - Added $save_html argument to charset_decode() function in order to be
+ able to convert html formated mails to different character set. Initial
+ patch by Peter Draganov (#1195232). Fixed display of html formated emails
+ in formatBody() function (#1258925).
+ - login_form hook changed from do_hook to concat_hook_function in order to
+ place form elements before login button (#1245070).
+ - Forwarding broken when not using compose in new window (#1222436).
+ - Drop data/ dir from distributed tarball.
+ - Readded options_identity_process and options_identity_renumber hooks
+ broken by CVE-2005-2095 fixes.
+ - Removed duplicate generic_header hook call in src/right_main.php (#1269189).
+ - Removed other special folders from rename/delete/unsubscribe folder forms.
+ Suggested by Florian Daumling.
+ - Focus on compose screen no longer shifts automatically if user has manually
+ focused somewhere herself.
+ - Running SquirrelMail with PHP register_globals = on will cause fatal error
+ in src/configtest.php.
+ - Added field size controls to database preference backend (#1233721).
+ - Added bincimap preset (#1285099).
+ - Fixed IMAP search command in filters plugin. Command was breaking
+ sqimap_mailbox_exists() check. Reported by Daniel Watts.
+ - Fixed decoding of quoted-printable text in decodeBody function.
+ Reported by João Carlos Mendes Luís.
+ - Added CR trimming to SquirrelSpell plugin in order to fix problems on
+ Windows systems.
+ - Sanitized names displayed in address book listing.
+ - Added extra field controls to address book class.
+ - HttpOnly cookie support (cookies inaccessible by JS). This will protect
+ IE6 browsers.
+ - Rare case of session being destroyed causing PHP errors, so ensure session
+ is restarted.
+ - If you don't have any filters defined, and spam filters are disabled, no
+ point issuing a STATUS call on INBOX for the filters plugin.
+ - Added folder filtering controls to SMOPT_TYPE_FLDRLIST option widget.
+ - Security: Fixed possible XSS issue in search feature. Issue was
+ originally resolved in stable, but changes not migrated forward.
+ - Update the cached mailbox header with the \Answered flag in case of an
+ reply.
+ - Added site configuration options to bug_report plugin. Plugin is available
+ only to interface administrators by default. See more information in
+ plugins/bug_report/README file.
Version 1.5.0 - 2 February 2004
-------------------------------
was wrong (appearing to the user that the wrong messages were attached).
Closes #772371.
- Fix that when user has no theme preference set, Alien Glow would be selected under
- display preferences in stead of Default.
+ display preferences instead of Default.
- Updated 'action' to be 'smaction' so that plugins can modify the submit/action of
forms. This was suggested for the gpg plugin, but might be useful elsewhere.
- Add support for Mail-Followup-To header.
- new function sqimap_msgs_list_move() to replace sqimap_msgs_list_copy()
- sqimap_msgs_list_copy() no longer deletes messages copied.
- Workaround for Mozilla bug #200412 in order to show multipart/related html mail.
- - Fix for disapearing '0' from decoded strings (bug #784193)
+ - Fix for disappearing '0' from decoded strings (bug #784193).
- Replace all session_start() calls with sqsession_is_active() to be compatible
with upcoming PHP 4.3.3.
- Encoding of Russian translation changed to utf-8. Lithuanian translation changed
- Moved the generic_header hook back to page_header.php. bug #554278
- Make default theme work. Bug #557313, thanks Tyler Bannister.
-
Version 1.2.7 -- June 21 2002
-----------------------------
- fix for 'compose as new' link. bug #554886
- Added a server-side sorting global option
- Compose in new window size can be set in Display prefs.
- Logout error system unified.
- - Security: Fix for a "theme passed as cookie" exploit. [CAN-2002-0516]
+ - Security: Fix for a "theme passed as cookie" exploit. [CVE-2002-0516]
- PostgreSQL is now supported for database backed use
- Added user option to sort messages by internal date
- Changed attachment handling now attachments are adressed to
Version 1.0.5 -- April 17, 2001
-------------------------------
- MAJOR security issues addressed. Please upgrade as soon as possible.
- [CAN-2001-1159]
+ [CVE-2001-1159]
- Downloading attachments should work better due to a tip by Ray Black III.
- Fixed bug with drop-down folder list not containing INBOX
- Added Swedish help files Teemu Junnila <teejun@vallcom.com>
- Better escaped string handling from POST variables
- Many more code cleanups and optimizations
- Added Hungarian translation by Teemu Junnila <teejun@vallcom.com>
- - Added Icelandic translation by Karl Heiðar <karlh@macho.is>
+ - Added Icelandic translation by Karl Hei�r <karlh@macho.is>
- Updated Taiwan translation
- Updated Swedish translation
- Updated Finnish translation
projects / squirrelmail.git / blobdiff