- Added sort by message size.
- Security: Fixed XSS vulnerability in content-type display in the attachment
area of read_body.php discovered by Roman Medina.
+ - Removed src/move_messages.php, move_before_move and move_messages_button_action
+ hooks. Mailbox listing actions should be handled by src/right_main.php and
+ functions/mailbox_display.php hooks.
- Get alternating row colors of addressbook in sync with mailbox list.
- Give proper error when PEAR DB not found.
- Remove inappropriate strip_tags() from add-to-addressbook (#968475).
- Fix bug when Saving to Draft folder that contains special characters.
- Added size limit to signatures saved in file backend. Created
error_option_save function, that allows sending error message to options
- page. Thanks to Martynas.
- Bieliauskas for spotting big signature "option".
+ page. Thanks to Martynas Bieliauskas for spotting big signature "option".
- Make SquirrelSpell work with safe_mode enabled, if using PHP >=4.3.0.
Patch by Ray Ferguson.
- Make IP-address in Message-ID RFC822 compliant.
$hide_auth_header options. First option allows to encode user's information
with provided encryption key (set in 2. Server settings -> B. Update SMTP /
Sendmail settings). Second option allows to disable authenticated user part
- in Received: header, when user can't force used email address. It is set in
+ in Received: header, when user can't forge used email address. It is set in
4. General Options -> 9. Allow editing of identity.
- Added dovecot preset to configuration utility.
- Modified mercury32 preset in order to remove INBOX prefix in mercury32 4.01.
508 or WAI fixes. Original idea and patch by dugan <at> passwall.com.
- Fixed broken attachments caused by inconsistency of PHP chunk_split().
Thanks to Roalt Zijlstra.
-
+ - Identity code was not checking for domain part in username before setting
+ email address (Bug #1219184).
+ - Disallow access to the administrator plugin screens when the plugin is
+ not enabled in the config.
+ - Security: fix several cross site scripting (XSS) attacks. Thanks go to
+ Martijn Brinkers for finding a lot of these. [CAN-2005-1769]
+ - Update COPYING with new address of the FSF.
+ - Fixed missing quote character when trying to build cid: urls.
+ - Added address listing functions and listing controls to address
+ book LDAP backend. Blocked wildcard searches in file and database
+ backends when listing is disabled (#529563).
+ - Some LDAP address book backend configuration options (listing
+ controls, filtering, scope limit) are moved to 'advanced
+ configuration' subsection.
+ - Javascript relied on rg=1 in the login page to force focus to
+ password box if username was supplied as a url arg (#1222617).
+ - Fix variable typo in parseFetch which caused IMAP errors on Exchange.
+ Thanks Christian Froemmel.
+ - Added Bluesome theme by Saku Lehtiƶ (#1188209).
+ - Rewrite of advanced identity handlying to remove stupid extraction
+ of all post variables. [CAN-2005-2095]
+ - Added StartTLS support to address book LDAP backend (#1197703). Patch
+ by John Lane.
+ - Added subtree/one level search options to address book LDAP backend
+ (#1212618).
+ - Added Simple Green 2 and Simple Purple themes by Vicky Pyne (#1217066
+ and #1217069).
+ - sqimap_messages_delete|copy|flag and sqimap_get_small_header()
+ functions are removed from SquirrelMail IMAP API. Use sqimap_msgs_*
+ and sqimap_get_small_header_list() functions instead.
+ - Fix for bad cache on massive expunge/delete/move operations.
+ - Moved time zone configuration from locale/timezones.cfg to php array.
+ Adds time zone name localization options and fixes problems on systems
+ that don't support GNU C time zone mappings (#1177067).
+ - Use default color theme in logout_error function when possible.
+ - Fixes for increased error checking in PHP 5.1 array_shift() (#1237160).
+ - Added extra checks in delivery class for In-Reply-To header. Fixes
+ E_NOTICE level warnings in php 5.0.4 and later (#1206474). [php5]
+ - Added extra checks in SquirrelMail charset_encode() function in case
+ somebody removes HTML to US-ASCII conversion library (#1239782).
+ - Fixed invalid reference in src/download.php. E_NOTICE level warnings
+ could corrupt attachments in php 4.4.0.
+ - Added internal dgettext() and dngettext() functions.
+ - Added display of attachments on printer friendly page.
+ - Added custom error handling class and related functions.
+ - Added option to disable upload of sounds in newmail plugin.
+ - Removed full URL from sound file preferences in newmail plugin
+ (#1233530).
+ - Stripped BaseDN from nicknames in address book's ldap_server backend.
+ - Fixed error handling in SquirrelSpell plugin. sprintf and gettext
+ formating errors in check_me.mod. Reported by Edward Chapman.
+ - Translations are loaded automatically from locale/<localename>/setup.php
+ files (#1240889).
+ - Allow configure to be ran from any directory, thanks Ceri Davies.
+ - Removed $available_languages configuration option. List is limited to
+ installed translations. Similar feature is implemented in limit_languages
+ plugin.
+ - Don't load plugins/administrator/auth.php during plugin initiation.
+ - Removed function references from address book database backend class,
+ list_addr(), lookup() and search() functions. Referenced lookup()
+ function caused E_NOTICE warnings in php 4.4.0. Reported by Cor Bosman.
+ - Test to ensure folder exists before attempting to delete it, otherwise
+ IMAP server will return an error.
+ - Added $save_html argument to charset_decode() function in order to be
+ able to convert html formated mails to different character set. Initial
+ patch by Peter Draganov (#1195232). Fixed display of html formated emails
+ in formatBody() function (#1258925).
+ - login_form hook changed from do_hook to concat_hook_function in order to
+ place form elements before login button (#1245070).
Version 1.5.0 - 2 February 2004
-------------------------------