of read_body.php discovered by Roman Medina.
- Get alternating row colors of addressbook in sync with mailbox list.
- Give proper error when PEAR DB not found.
+ - Remove inappropriate strip_tags() from add-to-addressbook (#968475).
+ - Prefs caching didn't work properly with register_globals off (#995102).
+ - Security: fix SQL injection vulnerability in addressbook
+ (CVE ID: CAN-2004-0521).
+ - Removed html_top and html_bottom hooks. No longer used/needed.
+ - Added "trailing text" for options built by SquirrelMail (text placed
+ after text and select list inputs on options pages)
+ - Custom option page values now repopulate correctly
+ - Added "no focus" option for compose page in display preferences (setting
+ reply focus to "No focus" also affects composing new messages)
+ - Current hook name is now globally available when running a hook ($currentHookName)
+ - Fix bug when Saving to Draft folder that contains special characters.
+ - Added size limit to signatures saved in file backend. Created error_option_save
+ function, that allows sending error message to options page. Thanks to Martynas
+ Bieliauskas for spotting big signature "option".
+ - Make SquirrelSpell work with safe_mode enabled, if using PHP >=4.3.0.
+ Patch by Ray Ferguson.
Version 1.5.0
--------------------
- Correctly fold encoded header lines.
- Fix prefs caching not working correctly in PHP 4.3 caused by a stupid
version checking mechanism.
- - Fix XXS hole that allowed JavaScript execution by sending someone
+ - Fix XSS hole that allowed JavaScript execution by sending someone
an email with specially crafted headers. Thanks Jason Munro, and
Masato Higashiyama.
projects / squirrelmail.git / blobdiff