Projects
Kolab:3.4:Updates
roundcubemail
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 8
View file
roundcubemail.spec
Changed
@@ -41,7 +41,7 @@ %global tmpdir /var/lib/roundcubemail Name: roundcubemail -Version: 1.1.4 +Version: 1.1.5 Release: 1%{?dist} @@ -3000,6 +3000,9 @@ %defattr(-,root,root,-) %changelog +* Fri May 13 2016 Timotheus Pokorra <tp@tbits.net> - 1.1.5-1 +- Check in maintenance upstream 1.1.5 release + * Mon Jan 11 2016 Timotheus Pokorra <tp@tbits.net> - 1.1.4-1 - Check in maintenance upstream 1.1.4 release
View file
debian.changelog
Changed
@@ -1,3 +1,9 @@ +roundcubemail (1:1.1.5.0-0~kolab1) unstable; urgency=low + + * Check in maintenance upstream 1.1.5 release + + -- Timotheus Pokorra <tp@tbits.net> Fri, 13 May 2016 08:42:00 +0200 + roundcubemail (1:1.1.4.0-0~kolab1) unstable; urgency=low * Check in maintenance upstream 1.1.4 release
View file
roundcubemail-1.1.4.tar.gz/CHANGELOG -> roundcubemail-1.1.5.tar.gz/CHANGELOG
Changed
@@ -1,160 +1,181 @@ CHANGELOG Roundcube Webmail =========================== +RELEASE 1.1.5 +------------- +- Plugin API: Add html2text hook +- Plugin API: Added addressbook_export hook +- Fix missing emoticons on html-to-text conversion +- Fix random "access to this resource is secured against CSRF" message at logout (#4956) +- Fix missing language name in "Add to Dictionary" request in HTML mode (#4951) +- Enable use of TLSv1.1 and TLSv1.2 for IMAP (#4955) +- Fix XSS issue in SVG images handling (#4949) +- Fix (again) security issue in DBMail driver of password plugin [CVE-2015-2181] (#4958) +- Fix bug where Archive/Junk buttons were not active after page jump with select=all mode (#4961) +- Fix bug in long recipients list parsing for cases where recipient name contained @-char (#4964) +- Fix additional_message_headers plugin compatibility with Mail_Mime >= 1.9 (#4966) +- Hide DSN option in Preferences when smtp_server is not used (#4967) +- Protect download urls against CSRF using unique request tokens (#4957) +- newmail_notifier: Refactor desktop notifications +- Fix so contactlist_fields option can be set via config file +- Fix so SPECIAL-USE assignments are forced only until user sets special folders (#4782) +- Fix performance in reverting order of THREAD result +- Fix converting mail addresses with @www. into mailto links (#5197) + RELEASE 1.1.4 ------------- -- Add workaround for https://bugs.php.net/bug.php?id=70757 (#1490582) -- Fix duplicate messages in list and wrong count after delete (#1490572) +- Add workaround for https://bugs.php.net/bug.php?id=70757 (#4931) +- Fix duplicate messages in list and wrong count after delete (#4925) - Fix so Installer requires PHP5 -- Make brute force attacks harder by re-generating security token on every failed login (#1490549) -- Slow down brute-force attacks by waiting for a second after failed login (#1490549) -- Fix .htaccess rewrite rules to not block .well-known URIs (#1490615) -- Fix mail view scaling on iOS (#1490551) -- Fix so database_attachments::cleanup() does not remove attachments from other sessions (#1490542) -- Fix responses list update issue after response name change (#1490555) -- Fix bug where message preview was unintentionally reset on check-recent action (#1490563) -- Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#1490539) -- Fix redundant blank lines when using HTML and top posting (#1490576) -- Fix redundant blank lines on start of text after html to text conversion (#1490577) -- Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583) -- Fix invalid LDAP query in ACL user autocompletion (#1490591) -- Fix regression in displaying contents of message/rfc822 parts (#1490606) -- Fix handling of message/rfc822 attachments on replies and forwards (#1490607) -- Fix PDF support detection in Firefox > 19 (#1490610) -- Fix path traversal vulnerability (CWE-22) in setting a skin (#1490620) -- Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#1490619) +- Make brute force attacks harder by re-generating security token on every failed login (#4913) +- Slow down brute-force attacks by waiting for a second after failed login (#4913) +- Fix .htaccess rewrite rules to not block .well-known URIs (#4943) +- Fix mail view scaling on iOS (#4915) +- Fix so database_attachments::cleanup() does not remove attachments from other sessions (#4907) +- Fix responses list update issue after response name change (#4917) +- Fix bug where message preview was unintentionally reset on check-recent action (#4921) +- Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#4905) +- Fix redundant blank lines when using HTML and top posting (#4927) +- Fix redundant blank lines on start of text after html to text conversion (#4928) +- Fix HTML sanitizer to skip <!-- node type X --> in output (#4932) +- Fix invalid LDAP query in ACL user autocompletion (#4934) +- Fix regression in displaying contents of message/rfc822 parts (#4937) +- Fix handling of message/rfc822 attachments on replies and forwards (#4938) +- Fix PDF support detection in Firefox > 19 (#4941) +- Fix path traversal vulnerability (CWE-22) in setting a skin (#4945) +- Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#4944) RELEASE 1.1.3 ------------- -- Fix closing of nested menus (#1490443) -- Fix so E_DEPRECATED errors from PEAR libs are ignored by error_reporting change (#1490281) -- Fix compatibility with PHP 5.3 in rcube_ldap class (#1490424) -- Get rid of Mail_mimeDecode package dependency (#1490416) -- Fix "Importing..." message does not hide on error (#1490422) -- Fix SQL error on logout when using session_storage=php (#1490421) -- Update to jQuery 2.1.4 (#1490406) -- Fix Compose action in addressbook for results from multiple addressbooks (#1490413) -- Fix bug where some messages in multi-folder search couldn't be viewed/printed/downloaded (#1490426) -- Fix unintentional messages list page change on page switch in compose addressbook (#1490427) -- Fix race-condition in saving user preferences and loading plugin config (#1490431) -- Fix so plain text signature field uses monospace font (#1490435) -- Fix so links with href == content aren't added to links list on html to text conversion (#1490434) -- Fix handling of non-break spaces in html to text conversion (#1490436) -- Fix self-reply detection issues (#1490439) -- Fix multi-folder search result sorting by arrival date (#1490450) -- Fix so *-request@ addresses in Sender: header are also ignored on reply-all (#1490452) -- Update to TinyMCE 4.1.10 (#1490405) -- Fix draft removal after a message is sent and storing sent message is disabled (#1490467) -- Fix so imap folder attribute comparisons are case-insensitive (#1490466) +- Fix closing of nested menus (#4854) +- Fix so E_DEPRECATED errors from PEAR libs are ignored by error_reporting change (#4770) +- Fix compatibility with PHP 5.3 in rcube_ldap class (#4842) +- Get rid of Mail_mimeDecode package dependency (#4836) +- Fix "Importing..." message does not hide on error (#4840) +- Fix SQL error on logout when using session_storage=php (#4839) +- Update to jQuery 2.1.4 (#5165) +- Fix Compose action in addressbook for results from multiple addressbooks (#4834) +- Fix bug where some messages in multi-folder search couldn't be viewed/printed/downloaded (#4843) +- Fix unintentional messages list page change on page switch in compose addressbook (#4844) +- Fix race-condition in saving user preferences and loading plugin config (#4845) +- Fix so plain text signature field uses monospace font (#4848) +- Fix so links with href == content aren't added to links list on html to text conversion (#4847) +- Fix handling of non-break spaces in html to text conversion (#4849) +- Fix self-reply detection issues (#4852) +- Fix multi-folder search result sorting by arrival date (#4858) +- Fix so *-request@ addresses in Sender: header are also ignored on reply-all (#4860) +- Update to TinyMCE 4.1.10 (#5164) +- Fix draft removal after a message is sent and storing sent message is disabled (#4869) +- Fix so imap folder attribute comparisons are case-insensitive (#4868) - Fix bug where new messages weren't added to the list in search mode -- Fix wrong positioning of message list header on page scroll in Webkit browsers (#1490035) -- Fix some javascript errors in rare situations (#1490441) -- Fix error when using back button after sending an email (#1490009) -- Fix removing signature when switching to identity with an empty sig in HTML mode (#1490470) -- Disable links list generation on html-to-text conversion of identities or composed message (#1490437) +- Fix wrong positioning of message list header on page scroll in Webkit browsers (#4646) +- Fix some javascript errors in rare situations (#4853) +- Fix error when using back button after sending an email (#4628) +- Fix removing signature when switching to identity with an empty sig in HTML mode (#4872) +- Disable links list generation on html-to-text conversion of identities or composed message (#4850) - Fix "washing" of style elements wrapped into many lines -- Fix so input field (e.g. search box) does not loose focus on list load (#1490455) -- Fix so css of one html part does not apply to other text parts on message display (#1490505) -- Fix handling of plus character in mailto: links (#1490510) -- Fix so adding CC/BCC recipients from the sidebar unhides compose form fields in Classic skin (#1490472) -- Fix so gc.sh script removes also expired sessions from sql database (#1490512) -- Fix support for Mozilla-based browsers, e.g. Pale Moon (#1490517) -- Fix various issues with Turkish (and similar) locales (#1490519) -- Fix so In-Reply-To header is set also for MDN receipts (#1490523) +- Fix so input field (e.g. search box) does not loose focus on list load (#4862) +- Fix so css of one html part does not apply to other text parts on message display (#4887) +- Fix handling of plus character in mailto: links (#4891) +- Fix so adding CC/BCC recipients from the sidebar unhides compose form fields in Classic skin (#4874) +- Fix so gc.sh script removes also expired sessions from sql database (#4893) +- Fix support for Mozilla-based browsers, e.g. Pale Moon (#4895) +- Fix various issues with Turkish (and similar) locales (#4896) +- Fix so In-Reply-To header is set also for MDN receipts (#4897) - Fix missing HTTP_X_FORWARDED_FOR address in generated Received header -- Fix XSS issue in drag-n-drop file uploads (#1490530) -- Fix issue where Content-Length of some attachments could be set to wrong value causing browser errors (#1490482) +- Fix XSS issue in drag-n-drop file uploads (#4900) +- Fix issue where Content-Length of some attachments could be set to wrong value causing browser errors (#4877) RELEASE 1.1.2 ------------- -- Add new plugin hook 'identity_create_after' providing the ID of the inserted identity (#1490358) +- Add new plugin hook 'identity_create_after' providing the ID of the inserted identity (#4807) - Add option to place signature at bottom of the quoted text even in top-posting mode [sig_below] -- Fix handling of %-encoded entities in mailto: URLs (#1490346) -- Fix zipped messages downloads after selecting all messages in a folder (#1490339) +- Fix handling of %-encoded entities in mailto: URLs (#4799) +- Fix zipped messages downloads after selecting all messages in a folder (#4797) - Fix vpopmaild driver of password plugin -- Fix PHP warning: Non-static method PEAR::setErrorHandling() should not be called statically (#1490343) -- Fix tables listing routine on mysql and postgres so it skips system or other database tables and views (#1490337) -- Fix message list header in classic skin on window resize in Internet Explorer (#1490213) -- Fix so text/calendar parts are listed as attachments even if not marked as such (#1490325) -- Fix lack of signature separator for plain text signatures in html mode (#1490352) -- Fix font artifact in Google Chrome on Windows (#1490353) -- Fix bug where forced extwin page reload could exit from the extwin mode (#1490350) -- Fix bug where some unrelated attachments in multipart/related message were not listed (#1490355) -- Fix mouseup event handling when dragging a list record (#1490359) -- Fix bug where preview_pane setting wasn't always saved into user preferences (#1490362) -- Fix bug where messages count was not updated after message move/delete with skip_deleted=false (#1490372) -- Fix security issue in contact photo handling (#1490379) -- Fix possible memcache/apc cache data consistency issues (#1490390) -- Fix bug where imap_conn_options were ignored in IMAP connection test (#1490392) -- Fix bug where some files could have "executable" extension when stored in temp folder (#1490377) -- Fix attached file path unsetting in database_attachments plugin (#1490393) -- Fix issues when using moduserprefs.sh without --user argument (#1490399) -- Fix potential info disclosure issue by protecting directory access (#1490378) -- Fix blank image in html_signature when saving identity changes (#1490412) -- Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402) -- Fix XSS vulnerability in _mbox argument handling (#1490417) +- Fix PHP warning: Non-static method PEAR::setErrorHandling() should not be called statically (#4798) +- Fix tables listing routine on mysql and postgres so it skips system or other database tables and views (#4796) +- Fix message list header in classic skin on window resize in Internet Explorer (#4732) +- Fix so text/calendar parts are listed as attachments even if not marked as such (#4795) +- Fix lack of signature separator for plain text signatures in html mode (#4802) +- Fix font artifact in Google Chrome on Windows (#4803) +- Fix bug where forced extwin page reload could exit from the extwin mode (#4801) +- Fix bug where some unrelated attachments in multipart/related message were not listed (#4805) +- Fix mouseup event handling when dragging a list record (#4808) +- Fix bug where preview_pane setting wasn't always saved into user preferences (#4809) +- Fix bug where messages count was not updated after message move/delete with skip_deleted=false (#4814) +- Fix security issue in contact photo handling (#4817) +- Fix possible memcache/apc cache data consistency issues (#4820) +- Fix bug where imap_conn_options were ignored in IMAP connection test (#4822) +- Fix bug where some files could have "executable" extension when stored in temp folder (#4815) +- Fix attached file path unsetting in database_attachments plugin (#4823) +- Fix issues when using moduserprefs.sh without --user argument (#4825) +- Fix potential info disclosure issue by protecting directory access (#4816) +- Fix blank image in html_signature when saving identity changes (#4833) +- Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#4827) +- Fix XSS vulnerability in _mbox argument handling (#4837) RELEASE 1.1.1 ------------- - ACL: Allow other plugins to adjust the list of permissions and groups to edit - Add possibility to print contact information (of a single contact) -- Add possibility to configure max_allowed_packet value for all database engines (#1490283) +- Add possibility to configure max_allowed_packet value for all database engines (#4772) - Improved handling of storage errors after message is sent - Update to TinyMCE 4.1.9 - Unified request* event arguments handling, added support for _unlock and _action parameters -- Security: Generate random hash for the per-user local storage prefix (#1490279) -- Fix refreshing of drafts list when sending a message which was saved in meantime (#1490238) +- Security: Generate random hash for the per-user local storage prefix (#4768) +- Fix refreshing of drafts list when sending a message which was saved in meantime (#4745) - Fix saving/sending emoticon images when assets_dir is set -- Fix PHP fatal error when visiting Vacation interface and there's no sieve script yet (#1490292) +- Fix PHP fatal error when visiting Vacation interface and there's no sieve script yet (#4778) - Fix setting max packet size for DB caches and check packet size also in shared cache -- Fix needless security warning on BMP attachments display (#1490282) -- Fix handling of some improper constructs in format=flowed text as per the RFC3676[4.5] (#1490284) +- Fix needless security warning on BMP attachments display (#4771) +- Fix handling of some improper constructs in format=flowed text as per the RFC3676[4.5] (#4773) - Fix performance of rcube_db_mysql::get_variable() -- Fix missing or not up-to-date CATEGORIES entry in vCard export (#1490277) -- Fix fatal errors on systems without mbstring extension or mb_regex_encoding() function (#1490280) -- Fix cursor position on reply below the quote in HTML mode (#1490263) +- Fix missing or not up-to-date CATEGORIES entry in vCard export (#4766) +- Fix fatal errors on systems without mbstring extension or mb_regex_encoding() function (#4769) +- Fix cursor position on reply below the quote in HTML mode (#4759) - Fix so "over quota" errors are displayed also in message compose page -- Fix duplicate entries supression in autocomplete result (#1490290) -- Fix "Non-static method PEAR::isError() should not be called statically" errors (#1490281) -- Fix parsing invalid HTML messages with BOM after <!DOCTYPE> (#1490291) -- Fix duplicate entry on timezones list in rcube_config::timezone_name_from_abbr() (#1490293) -- Fix so localized folder name is displayed in multi-folder search result (#1490243) -- Fix javascript error after creating a folder which is a subfolder of another one (#1490297) -- Fix bug where subject of sent/saved message was removed if mbstring wasn't installed (#1490295) -- Fix missing vcard_attachment icon on messages list (#1490303) -- Fix storing signatures with big images in MySQL database (#1490306) -- Fix Opera browser detection in javascript (#1490307) +- Fix duplicate entries supression in autocomplete result (#4776) +- Fix "Non-static method PEAR::isError() should not be called statically" errors (#4770) +- Fix parsing invalid HTML messages with BOM after <!DOCTYPE> (#4777) +- Fix duplicate entry on timezones list in rcube_config::timezone_name_from_abbr() (#4779) +- Fix so localized folder name is displayed in multi-folder search result (#4750) +- Fix javascript error after creating a folder which is a subfolder of another one (#4781) +- Fix bug where subject of sent/saved message was removed if mbstring wasn't installed (#4780) +- Fix missing vcard_attachment icon on messages list (#4783) +- Fix storing signatures with big images in MySQL database (#4785) +- Fix Opera browser detection in javascript (#4786) - Fix so search filter, scope and fields are reset on folder change -- Fix rows count when messages search fails (#1490266) -- Fix bug where spellchecking in HTML editor do not work after switching editor type more than once (#1490311) -- Fix bug where TinyMCE area height was too small on slow network connection (#1490310) -- Fix backtick character handling in sql queries (#1490312) -- Fix redirct URL for attachments loaded in an iframe when behind proxy (#1490191) -- Fix menu container references to point to the actual <ul> element (#1490313) -- Fix javascripts errors in IE8 - lack of Event.which, focusing a hidden element (#1490318) +- Fix rows count when messages search fails (#4760) +- Fix bug where spellchecking in HTML editor do not work after switching editor type more than once (#4789) +- Fix bug where TinyMCE area height was too small on slow network connection (#4788) +- Fix backtick character handling in sql queries (#4790) +- Fix redirct URL for attachments loaded in an iframe when behind proxy (#4724) +- Fix menu container references to point to the actual <ul> element (#4791) +- Fix javascripts errors in IE8 - lack of Event.which, focusing a hidden element (#4793) RELEASE 1.1.0 ------------- - Make SMTP error log more verbose - include server response and error code -- Fix download options menu (added by zipdownload plugin) in classic skin (#1490228) +- Fix download options menu (added by zipdownload plugin) in classic skin (#4740) - Fix blocked.gif image usage with assets_dir set -- Fix bug where max_group_members was ignored when adding a new contact (#1490214) -- Hide MDN and DSN options in compose if disabled by admin (#1490221) +- Fix bug where max_group_members was ignored when adding a new contact (#4733) +- Hide MDN and DSN options in compose if disabled by admin (#4735) - Fix checks based on window.ActiveXObject in IE > 10 -- Fix XSS issue in style attribute handling (#1490227) -- Fix bug where Drafts list wasn't updated on draft-save action in new window (#1490225) -- Fix so "set as default" option is hidden if identities_level > 1 (#1490226) +- Fix XSS issue in style attribute handling (#4739) +- Fix bug where Drafts list wasn't updated on draft-save action in new window (#4737) +- Fix so "set as default" option is hidden if identities_level > 1 (#4738) - Fix bug where search was reset after returning from compose visited for reply -- Fix javascript error in "IE 8.0/Tablet PC" browser (#1490210) -- Fix bug where Reply-To address was ignored on reply to messages sent by self (#1490233) -- Fix bug where empty fieldmap config entries caused empty results of ldap search (#1490229) -- Fix bug where drafts list wasn't refreshed after draft message was sent from another window (#1490238) +- Fix javascript error in "IE 8.0/Tablet PC" browser (#4730) +- Fix bug where Reply-To address was ignored on reply to messages sent by self (#4742) +- Fix bug where empty fieldmap config entries caused empty results of ldap search (#4741) +- Fix bug where drafts list wasn't refreshed after draft message was sent from another window (#4745) - Fix keyboard navigation and css in datepicker widget across many Firefox versions -- Fix false warning when opening attached text/plain files (#1490241) -- Fix bug where signature could have been inserted twice after plain-to-html switch (#1490239) -- Fix security issue in DBMail driver of password plugin (#1490261) -- Enable FollowSymLinks option in .htaccess file which is required by rewrite rules (#1490255) -- Fix so JSON.parse() errors on localStorage items are ignored (#1490249) +- Fix false warning when opening attached text/plain files (#4748) +- Fix bug where signature could have been inserted twice after plain-to-html switch (#4746) +- Fix security issue in DBMail driver of password plugin (#4757) +- Enable FollowSymLinks option in .htaccess file which is required by rewrite rules (#4754) +- Fix so JSON.parse() errors on localStorage items are ignored (#4752) RELEASE 1.1-rc -------------- @@ -162,572 +183,572 @@ - Allow to override any config option through env variables - Improve system security by using optional special URL with security token - use_secure_urls - Allow to define separate server/path for image/js/css files - assets_url/assets_dir -- Sync vendor folder if exists in source package (#1490145) -- Avoid useless reloading list when resetting search with active filter (#1490057) -- Fix invalid folder selection if clicked while busy (#1490158) -- Fix import of multiple contact email addresses from Outlook-csv format (#1490169) -- Fix drag-n-drop to folders expanded while dragging (#1490157) -- Fix import of multiple contact groups from Google-csv format (#1490159) -- Fix import of contacts with multiple email addresses from Google-csv format (#1490178) +- Sync vendor folder if exists in source package (#4700) +- Avoid useless reloading list when resetting search with active filter (#4654) +- Fix invalid folder selection if clicked while busy (#4709) +- Fix import of multiple contact email addresses from Outlook-csv format (#4714) +- Fix drag-n-drop to folders expanded while dragging (#4708) +- Fix import of multiple contact groups from Google-csv format (#4710) +- Fix import of contacts with multiple email addresses from Google-csv format (#4719) - Fix bugs where CSRF attacks were still possible on some requests -- Fix some rcube_utils::anytodatetime() corner cases with timezone mismatches (#1490163) -- Improve move-to and contact-export button in classic skin (#1490166) +- Fix some rcube_utils::anytodatetime() corner cases with timezone mismatches (#4712) +- Improve move-to and contact-export button in classic skin (#4713) - Fix wrong icon for download button in classic skin -- Fix bug where sent message was saved in Sent folder even if disabled by user (#1490208) +- Fix bug where sent message was saved in Sent folder even if disabled by user (#4729) RELEASE 1.1-beta ---------------- -- Fix skin path handling in plugin context (#1488967) -- Prevent memory exhaustion on image resizing with GD on Windows (#1489937) -- Add plugin hook for database table name lookups as requested in #1489837 +- Fix skin path handling in plugin context (#4111) +- Prevent memory exhaustion on image resizing with GD on Windows (#4580) +- Add plugin hook for database table name lookups as requested in #4538 - Added Oracle database support - Support contacts import in GMail CSV format - Added namespace filter in Folder Manager - Added folder searching in Folder Manager -- Fix restoring draft messages from localStorage if editor mode differs (#1490016) -- Added config option/user preference to disable saving messages in localStorage (#1489979) +- Fix restoring draft messages from localStorage if editor mode differs (#4631) +- Added config option/user preference to disable saving messages in localStorage (#4606) - Added config option 'imap_log_session' to enable Roundcube <-> IMAP session ID logging - Added config option 'log_session_id' to control the lengh of the session identifer in logs -- Implemented 'storage_connected' API hook after successful IMAP login (#1490025) +- Implemented 'storage_connected' API hook after successful IMAP login (#4638) - Intergrate Net_LDAP3 and rcube_ldap_generic classes -- Add option (disabled_actions) to disable UI elements/actions (#1489638) -- Support password encryption using openssl extension (#1489989) -- Create/rename groups in UI dialogs (#1489951) +- Add option (disabled_actions) to disable UI elements/actions (#4478) +- Support password encryption using openssl extension (#4614) +- Create/rename groups in UI dialogs (#4592) - Added 'contact_search_name' option to define autocompletion entry format -- Display quota information for current folder not INBOX only (#1487993) -- Support images in HTML signatures (#1488676) -- Display full quota information in popup (#1485769, #1486604) -- Mail compose: Selecting contact inserts recipient to previously focused input - to/cc/bcc accordingly (#1489684) -- Close "no subject" prompt with Enter key (#1489580) -- Password: Add option to force new users to change their password (#1486884) +- Display quota information for current folder not INBOX only (#3442) +- Support images in HTML signatures (#3917) +- Display full quota information in popup (#2103, #2746) +- Mail compose: Selecting contact inserts recipient to previously focused input - to/cc/bcc accordingly (#4487) +- Close "no subject" prompt with Enter key (#4463) +- Password: Add option to force new users to change their password (#2963) - Improve support for screen readers and assistive technology using WCAG 2.0 and WAI ARIA standards -- Enable basic keyboard navigation throughout the UI (#1487845) -- Select/scroll to previously selected message when returning from message page (#1489023) -- Display a warning if popup window was blocked (#1489618) -- Remove (was: ...) from message subject on reply (#1489375) -- Update to TinyMCE 4.1 (#1489057) -- Enable autolink plugin in TinyMCE (#1488845) -- Support image operations with Imagick extension (#1489734) -- Support upload progress with session.upload_progress and PECL uploadprogress module (#1488702) -- Make identity name field optional (#1489510) +- Enable basic keyboard navigation throughout the UI (#3333) +- Select/scroll to previously selected message when returning from message page (#4146) +- Display a warning if popup window was blocked (#4472) +- Remove (was: ...) from message subject on reply (#4359) +- Update to TinyMCE 4.1 (#4168) +- Enable autolink plugin in TinyMCE (#4029) +- Support image operations with Imagick extension (#4498) +- Support upload progress with session.upload_progress and PECL uploadprogress module (#3934) +- Make identity name field optional (#4435) - Utility script to remove user records from the local database -- Plugin API: Added message_saved hook (#1489752) +- Plugin API: Added message_saved hook (#4503) - Plugin API: Added imap_search_before hook - Support messages import from zip archives -- Zipdownload: Added mbox format support (#1486069) +- Zipdownload: Added mbox format support (#2354) - Drop support for IE6, move IE7/IE8 support to legacy_browser plugin - Update to jQuery-2.1.1 -- Search across multiple folders (#1485234) +- Search across multiple folders (#1676) - Improve UI integration of ACL settings - Drop support for PHP < 5.3.7 -- Set In-Reply-To and References for forwarded messages (#1489593) -- Removed redundant default_folders config option (#1489737) -- Implemented IMAP SPECIAL-USE extension support [RFC6154] (#1487830) -- Optimize some framed pages content for better performance (#1489792) -- Improve text messages display and conversion to HTML (#1488937) -- Don't remove links when html signature is converted to text (#1489621) -- Fix page title when using search filter (#1490023) +- Set In-Reply-To and References for forwarded messages (#4465) +- Removed redundant default_folders config option (#4500) +- Implemented IMAP SPECIAL-USE extension support [RFC6154] (#3326) +- Optimize some framed pages content for better performance (#4517) +- Improve text messages display and conversion to HTML (#4091) +- Don't remove links when html signature is converted to text (#4473) +- Fix page title when using search filter (#4636) - Fix mbox files import -- Fix some character sets detection (#1490135) -- Fix so attachment charset is set in headers of forward/draft message (#1490109) -- Fix bug where wrong charset could be used for text attachment preview page (#1490106) +- Fix some character sets detection (#4694) +- Fix so attachment charset is set in headers of forward/draft message (#4676) +- Fix bug where wrong charset could be used for text attachment preview page (#4674) RELEASE 1.0.5 ------------- - Fix wrong icon for download button in classic skin - Fix checks based on window.ActiveXObject in IE > 10 -- Fix XSS issue in style attribute handling (#1490227) -- Fix bug where Drafts list wasn't updated on draft-save action in new window (#1490225) -- Fix so "set as default" option is hidden if identities_level > 1 (#1490226) -- Fix javascript error in "IE 8.0/Tablet PC" browser (#1490210) -- Fix bug where empty fieldmap config entries caused empty results of ldap search (#1490229) -- Fix bug where sent message was saved in Sent folder even if disabled by user (#1490208) +- Fix XSS issue in style attribute handling (#4739) +- Fix bug where Drafts list wasn't updated on draft-save action in new window (#4737) +- Fix so "set as default" option is hidden if identities_level > 1 (#4738) +- Fix javascript error in "IE 8.0/Tablet PC" browser (#4730) +- Fix bug where empty fieldmap config entries caused empty results of ldap search (#4741) +- Fix bug where sent message was saved in Sent folder even if disabled by user (#4729) RELEASE 1.0.4 ------------- -- Disable TinyMCE contextmenu plugin as there are more cons than pros in using it (#1490118) -- Fix bug where show_real_foldernames setting wasn't honored on compose page (#1490153) -- Fix issue where Archive folder wasn't protected in Folder Manager (#1490154) -- Fix compatibility with PHP 5.2. in rcube_imap_generic (#1490115) -- Fix setting flags on servers with no PERMANENTFLAGS response (#1490087) -- Fix regression in SHAA password generation in ldap driver of password plugin (#1490094) -- Fix displaying of HTML messages with absolutely positioned elements in Larry skin (#1490103) -- Fix font style display issue in HTML messages with styled <span> elements (#1490101) -- Fix download of attachments that are part of TNEF message (#1490091) -- Fix handling of uuencoded messages if messages_cache is enabled (#1490108) -- Fix handling of base64-encoded attachments with extra spaces (#1490111) -- Fix handling of UNKNOWN-CTE response, try do decode content client-side (#1490046) -- Fix bug where creating subfolders in shared folders wasn't possible without ACL extension (#1490113) -- Fix reply scrolling issue with text mode and start message below the quote (#1490114) -- Fix possible issues in skin/skin_path config handling (#1490125) -- Fix lack of delimiter for recipient addresses in smtp_log (#1490150) -- Fix generation of Blowfish-based password hashes (#1490184) +- Disable TinyMCE contextmenu plugin as there are more cons than pros in using it (#4684) +- Fix bug where show_real_foldernames setting wasn't honored on compose page (#4705) +- Fix issue where Archive folder wasn't protected in Folder Manager (#4706) +- Fix compatibility with PHP 5.2. in rcube_imap_generic (#4682) +- Fix setting flags on servers with no PERMANENTFLAGS response (#4667) +- Fix regression in SHAA password generation in ldap driver of password plugin (#4670) +- Fix displaying of HTML messages with absolutely positioned elements in Larry skin (#4672) +- Fix font style display issue in HTML messages with styled <span> elements (#4671) +- Fix download of attachments that are part of TNEF message (#4668) +- Fix handling of uuencoded messages if messages_cache is enabled (#4675) +- Fix handling of base64-encoded attachments with extra spaces (#4678) +- Fix handling of UNKNOWN-CTE response, try do decode content client-side (#4650) +- Fix bug where creating subfolders in shared folders wasn't possible without ACL extension (#4680) +- Fix reply scrolling issue with text mode and start message below the quote (#4681) +- Fix possible issues in skin/skin_path config handling (#4689) +- Fix lack of delimiter for recipient addresses in smtp_log (#4703) +- Fix generation of Blowfish-based password hashes (#4721) - Fix bugs where CSRF attacks were still possible on some requests [CVE-2014-9587] RELEASE 1.0.3 ------------- -- Initialize HTML editor before restoring a message from localStorage (#1490016) -- Add 'sig_max_lines' config option to default config file (#1490071) -- Add config option to specify IMAP connection socket parameters - imap_conn_options (#1489948) -- Add option to set default message list mode - default_list_mode (#1487312) -- Enable contextmenu plugin for TinyMCE editor (#1487014) -- Fix insert-signature command in external compose window if opened from inline compose screen (#1490074) -- Fix some mime-type to extension mapping checks in Installer (#1489983) -- Fix errors when using localStorage in Safari's private browsing mode (#1489996) -- Fix bug where $Forwarded flag was being set even if server didn't support it (#1490000) -- Fix various iCloud vCard issues, added fallback for external photos (#1489993) -- Fix invalid Content-Type header when send_format_flowed=false (#1489992) -- Fix errors when adding/updating contacts in active search (#1490015) -- Fix incorrect thumbnail rotation with GD and exif orientation data (#1490029) -- Fix contacts list update after adding/deleting/moving a contact (#1490028, #1490033) -- Fix handling of email addresses with quoted domain part (#1490040) -- Fix comm_path update on task switch (#1490041) -- Fix error in MSSQL update script 2013061000.sql (#1490061) -- Fix validation of email addresses with IDNA domains (#1490067) +- Initialize HTML editor before restoring a message from localStorage (#4631) +- Add 'sig_max_lines' config option to default config file (#5162) +- Add config option to specify IMAP connection socket parameters - imap_conn_options (#4589) +- Add option to set default message list mode - default_list_mode (#3157) +- Enable contextmenu plugin for TinyMCE editor (#3062) +- Fix insert-signature command in external compose window if opened from inline compose screen (#4663) +- Fix some mime-type to extension mapping checks in Installer (#4610) +- Fix errors when using localStorage in Safari's private browsing mode (#4619) +- Fix bug where $Forwarded flag was being set even if server didn't support it (#4621) +- Fix various iCloud vCard issues, added fallback for external photos (#4617) +- Fix invalid Content-Type header when send_format_flowed=false (#4616) +- Fix errors when adding/updating contacts in active search (#4630) +- Fix incorrect thumbnail rotation with GD and exif orientation data (#4641) +- Fix contacts list update after adding/deleting/moving a contact (#4640, #4644) +- Fix handling of email addresses with quoted domain part (#4647) +- Fix comm_path update on task switch (#4648) +- Fix error in MSSQL update script 2013061000.sql (#4658) +- Fix validation of email addresses with IDNA domains (#4661) RELEASE 1.0.2 ------------- -- Fix storing unsaved drafts in localStorage (#1489818) -- Add configurable LDAP_OPT_DEREF option (#1489864) -- Fix so when switching editor mode original version of signature is used (#1488849) -- Fix unintentional draft autosave request if autosave is disabled (#1489882) -- Fix malformed References: header in send/saved mail (#1489891) -- Fix handling unicode characters in links (#1489898) -- Fix incorrect handling of HTML comments in messages sanitization code (#1489904) -- Fix so current page is reset on list-mode change (#1489907) -- Fix so responses menu hides on click in classic skin (#1489915) -- Fix unintentional line-height style modification in HTML messages (#1489917) -- Fix broken normalize_string(), add support for ISO-8859-2 (#1489918) -- Support csv contacts import in German localization (#1489920) -- Fix so message list and counters are updated when a message is opened in new window (#1489919) -- Fix malformed recipient name when composing a message by clicking on mailto link (#1489942) -- Fix list reload after sending message in another window (#1489931) -- Fix so address format errors are ignored when saving a draft (#1489954) -- Fix incorrect label translation in return receipt (#1489963) +- Fix storing unsaved drafts in localStorage (#4529) +- Add configurable LDAP_OPT_DEREF option (#4546) +- Fix so when switching editor mode original version of signature is used (#4032) +- Fix unintentional draft autosave request if autosave is disabled (#4550) +- Fix malformed References: header in send/saved mail (#4552) +- Fix handling unicode characters in links (#4555) +- Fix incorrect handling of HTML comments in messages sanitization code (#4558) +- Fix so current page is reset on list-mode change (#4561) +- Fix so responses menu hides on click in classic skin (#4566) +- Fix unintentional line-height style modification in HTML messages (#4567) +- Fix broken normalize_string(), add support for ISO-8859-2 (#4568) +- Support csv contacts import in German localization (#4570) +- Fix so message list and counters are updated when a message is opened in new window (#4569) +- Fix malformed recipient name when composing a message by clicking on mailto link (#4583) +- Fix list reload after sending message in another window (#4576) +- Fix so address format errors are ignored when saving a draft (#4594) +- Fix incorrect label translation in return receipt (#4598) - Fix security issue in delete-response action - allow only ajax request -- Fix Delete button state after deleting identity/response (#1489972) -- Fix bug where contacts with no email address were listed on compose addressbook (#1489970) -- Fix images import from various vCard formats (#1489977) -- Fix sorting messages by size on servers without SORT capability (#1489981) +- Fix Delete button state after deleting identity/response (#4603) +- Fix bug where contacts with no email address were listed on compose addressbook (#4602) +- Fix images import from various vCard formats (#4604) +- Fix sorting messages by size on servers without SORT capability (#4608) RELEASE 1.0.1 ------------- -- Support 'error' and 'body_file' return attribs in 'message_before_send' hook (#1489595) -- Apply user-specific replacements to group's base_dn property (#1489779) -- Fix missing email address when importing contacts from outlook csv (#1489830) -- Fix bug where "With attachment" option in search filter wasn't selected after return from mail view (#1489774) -- Fix "washing" of unicoded style attributes (#1489777) -- Fix unintentional redirect from compose page in Webkit browsers (#1489789) -- Fix messages index cache update under some conditions (e.g. proxy) (#1489756) -- Fix lack of translation of special folders in some configurations (#1489799) -- Fix XSS issue in plain text spellchecker (#1489806) +- Support 'error' and 'body_file' return attribs in 'message_before_send' hook (#4467) +- Apply user-specific replacements to group's base_dn property (#4512) +- Fix missing email address when importing contacts from outlook csv (#4535) +- Fix bug where "With attachment" option in search filter wasn't selected after return from mail view (#4508) +- Fix "washing" of unicoded style attributes (#4510) +- Fix unintentional redirect from compose page in Webkit browsers (#4516) +- Fix messages index cache update under some conditions (e.g. proxy) (#4505) +- Fix lack of translation of special folders in some configurations (#4520) +- Fix XSS issue in plain text spellchecker (#4524) - Fix invalid page title for some folders (1489804) -- Fix redundant alert message on over-size uploads (#1489817) -- Fix next message display after removing a message (#1489800) -- Fix missing Mail-Followup-To header in sent mail (#1489829) -- Fix error when spell-checking an empty text (#1489831) -- Avoid popupmenus being closed when scrollbar is clicked (#1489832) -- Add proxy_whitelist configuration option (#1489729) -- Fix identities_level=4 handling in new_user_dialog plugin (#1489840) -- Fix various db_prefix issues (#1489839) +- Fix redundant alert message on over-size uploads (#4528) +- Fix next message display after removing a message (#4521) +- Fix missing Mail-Followup-To header in sent mail (#4534) +- Fix error when spell-checking an empty text (#4536) +- Avoid popupmenus being closed when scrollbar is clicked (#4537) +- Add proxy_whitelist configuration option (#4496) +- Fix identities_level=4 handling in new_user_dialog plugin (#4540) +- Fix various db_prefix issues (#4539) - Fix too small length of users.preferences column data type on MySQL -- Fix redundant warning when switching from html to text in empty editor (#1489819) -- Fix invalid host validation on login (#1489841) -- Fix IMAP connection test in installer so it is aware of imap_auth_type (#1489746) +- Fix redundant warning when switching from html to text in empty editor (#4530) +- Fix invalid host validation on login (#4541) +- Fix IMAP connection test in installer so it is aware of imap_auth_type (#4502) RELEASE 1.0.0 ------------- - Added toolbar button to move message in message view -- Fix style of disabled protocol handler link on IE (#1489569) -- Fix message import dialog when no file is selected (#1489685) -- Fix opening compose screen in new window after saving as draft (#1489643) -- Fix directories check in Installer on Windows (#1489576) -- Fix issue when default_addressbook option is set to integer value (#1489407) -- Fix Opera > 15 detection (#1489562) +- Fix style of disabled protocol handler link on IE (#4460) +- Fix message import dialog when no file is selected (#4488) +- Fix opening compose screen in new window after saving as draft (#4479) +- Fix directories check in Installer on Windows (#4462) +- Fix issue when default_addressbook option is set to integer value (#4379) +- Fix Opera > 15 detection (#4455) - Fix security issue in DomainFactory driver of Password plugin -- Fix invalid X-Draft-Info on forwarded message draft (#1489587) -- Fix regression in handling of 'attachments' result in message_compose hook (#1489627) -- Fix issue where msgexport.sh printed the message to STDOUT instead of a file (#1489634) -- Fix fatal error in database_attachments plugin under some conditions (#1489726) +- Fix invalid X-Draft-Info on forwarded message draft (#4464) +- Fix regression in handling of 'attachments' result in message_compose hook (#4474) +- Fix issue where msgexport.sh printed the message to STDOUT instead of a file (#4476) +- Fix fatal error in database_attachments plugin under some conditions (#4495) RELEASE 1.0-rc -------------- -- Small CSS fix with message notice boxes in Larry skin (#1489497) -- Include groups in contacts search on mail compose (#1489082) -- Add mime-type mapping for .7z files (#1489512) -- Invoke update scripts with php to circumvent execution restrictions (#1489322) -- Fix drag & drop message/contact moving on touch device (#1489431) -- Fix canned responses in HTML mode (#1489536) -- Check/create default folders on every login not only the first (#1489423) +- Small CSS fix with message notice boxes in Larry skin (#4429) +- Include groups in contacts search on mail compose (#4186) +- Add mime-type mapping for .7z files (#4436) +- Invoke update scripts with php to circumvent execution restrictions (#4330) +- Fix drag & drop message/contact moving on touch device (#4395) +- Fix canned responses in HTML mode (#4446) +- Check/create default folders on every login not only the first (#4391) - Update to jQuery-1.11.0 and jQuery-UI-1.9.2 - Support SMTP socket context options via new config option 'smtp_conn_options' -- Fix compatibility with PHP 5.2 in html.php file (#1489514) -- Remove expand/collapse with plus/minus keys (on numeric keypad) (#1489513) -- Fix issue where filesystem path was added to all-attachments (zip) file (#1489507) -- Fix case-sensitivity of email addresses handling on compose (#1485499) -- Don't alter Message-ID of a draft when sending (#1489409) -- Fix issue where deprecated syntax for HTML lists was not handled properly (#1488768) -- Display different icons when Trash folder is empty or full (#1485775) -- Remember last position of more headers switch (#1488323) -- Fix so message flags modified by another client are applied on the list on refresh (#1485186) -- Fix broken text/* attachments when forwarding/editing a message (#1489426) -- Improved minified files handling, added css minification (#1486988) -- Fix handling of X-Forwarded-For header with multiple addresses (#1489481) -- Fix border issue on folders list in classic skin (#1489473) -- Implemented menu actions to copy/move messages, added folder-selector widget (#1484086) -- Fix security rules in .htaccess preventing access to base URL without the ending slash (#1489477) -- Fix regression where only first new folder was placed in correct place on the list (#1489472) -- Fix issue where children of selected and collapsed thread were skipped on various actions (#1489457) -- Fix issue where groups were not deleted when "Replace entire addressbook" option on contacts import was used (#1489420) -- Fix unreliable mimetype tests in Installer (#1489453) -- Fix performance of listing writeable folders (#1489451) +- Fix compatibility with PHP 5.2 in html.php file (#4438) +- Remove expand/collapse with plus/minus keys (on numeric keypad) (#4437) +- Fix issue where filesystem path was added to all-attachments (zip) file (#4433) +- Fix case-sensitivity of email addresses handling on compose (#1899) +- Don't alter Message-ID of a draft when sending (#4381) +- Fix issue where deprecated syntax for HTML lists was not handled properly (#3975) +- Display different icons when Trash folder is empty or full (#2108) +- Remember last position of more headers switch (#3660) +- Fix so message flags modified by another client are applied on the list on refresh (#1639) +- Fix broken text/* attachments when forwarding/editing a message (#4393) +- Improved minified files handling, added css minification (#3041) +- Fix handling of X-Forwarded-For header with multiple addresses (#4424) +- Fix border issue on folders list in classic skin (#4419) +- Implemented menu actions to copy/move messages, added folder-selector widget (#863) +- Fix security rules in .htaccess preventing access to base URL without the ending slash (#4422) +- Fix regression where only first new folder was placed in correct place on the list (#4418) +- Fix issue where children of selected and collapsed thread were skipped on various actions (#4410) +- Fix issue where groups were not deleted when "Replace entire addressbook" option on contacts import was used (#4388) +- Fix unreliable mimetype tests in Installer (#4408) +- Fix performance of listing writeable folders (#4406) RELEASE 1.0-beta ---------------- -- Fix handling of invalid closing tags in HTML messages (#1489446) -- Set real content-type for file downloads (#1489439) -- Update TinyMCE to version 3.5.10 (#1489442) -- Fix keyboard navigation in list widgets (#1489392) -- Allow plugins to grab the reference of opened windows (#1489413) -- Larry skin: Improved status message display for better visibility (#1488974) -- Fix Internet Explorer 11 detection (#1489434) -- Fix date column width to fit the widest possible date format (#1489368) -- Move certain user preference options to a collapsed "advanced" block (#1488829) -- Add file type icons for Powerpoint and Open Office presentations (#1489225) -- Fix operations on folders with trailing spaces in name (#1489419) -- Improve identity selection based on From: header (#1489378) -- Fix issue where mails with inline images of the same name contained only the first image multiple times (#1489406) -- Use left/right arrow keys to collapse/expand thread and spacebar to select a row, change Ctrl key behavior (#1489392) -- Fix an issue where using arrow keys to go up a list can result in selected message being under headers (#1489403) -- Fix an issue where Home/End keys don't focus list row properly, don't scrollTo properly (#1489396) -- Add an option to disable smart Reply-List behaviour - reply_all_mode (#1488734) -- Fix an issue where pressing minus key on contacts list was hiding list records (#1489393) -- Fix an issue where shift + arrow-up key wasn't selecting all messages in collapsed thread (#1489397) -- Added icon for priority column in messages list header (#1489234) +- Fix handling of invalid closing tags in HTML messages (#4403) +- Set real content-type for file downloads (#4400) +- Update TinyMCE to version 3.5.10 (#4401) +- Fix keyboard navigation in list widgets (#4367) +- Allow plugins to grab the reference of opened windows (#4383) +- Larry skin: Improved status message display for better visibility (#4115) +- Fix Internet Explorer 11 detection (#4397) +- Fix date column width to fit the widest possible date format (#4354) +- Move certain user preference options to a collapsed "advanced" block (#4015) +- Add file type icons for Powerpoint and Open Office presentations (#4269) +- Fix operations on folders with trailing spaces in name (#4387) +- Improve identity selection based on From: header (#4360) +- Fix issue where mails with inline images of the same name contained only the first image multiple times (#4378) +- Use left/right arrow keys to collapse/expand thread and spacebar to select a row, change Ctrl key behavior (#4367) +- Fix an issue where using arrow keys to go up a list can result in selected message being under headers (#4375) +- Fix an issue where Home/End keys don't focus list row properly, don't scrollTo properly (#4370) +- Add an option to disable smart Reply-List behaviour - reply_all_mode (#3953) +- Fix an issue where pressing minus key on contacts list was hiding list records (#4368) +- Fix an issue where shift + arrow-up key wasn't selecting all messages in collapsed thread (#4371) +- Added icon for priority column in messages list header (#4275) - New feature "Canned Responses" to save and recall boilerplate text snippets -- Fix HTML part detection when encapsulated inside multipart/signed (#1489372) +- Fix HTML part detection when encapsulated inside multipart/signed (#4357) - Add spellchecker backend for the After the Deadline service - Replace markdown-style [1] link indexes in plain text email bodies -- Improved mailto: link arguments handling (#1489363) -- Use DOMDocument LIBXML_PARSEHUGE and LIBXML_COMPACT options if possible (#1489302) +- Improved mailto: link arguments handling (#4351) +- Use DOMDocument LIBXML_PARSEHUGE and LIBXML_COMPACT options if possible (#4316) - Support HTTP_HOST, SERVER_NAME and SERVER_ADDR values in include_host_config feature - Make default font size for HTML messages configurable (request #118) -- Fix XSS issue in addressbook group name field [CVE-2013-5646] (#1489333) -- After message is sent refresh messages list of replied message folder (#1489249) -- Add option force specified domain in user login - username_domain_forced (#1489264) +- Fix XSS issue in addressbook group name field [CVE-2013-5646] (#4337) +- After message is sent refresh messages list of replied message folder (#4282) +- Add option force specified domain in user login - username_domain_forced (#4290) - Add option to import Vcards with group assignments -- Save groups membership in Vcard export (#1488509) -- Workaround broken PHP function timezone_name_from_abbr (#1489261) -- Make cached message size limit configurable - messages_cache_threshold (#1489317) +- Save groups membership in Vcard export (#3801) +- Workaround broken PHP function timezone_name_from_abbr (#4289) +- Make cached message size limit configurable - messages_cache_threshold (#4326) - Log also failed logins to userlogins log -- Add temp_dir_ttl configuration option (#1489304) -- Allow setting INBOX as Sent folder (#1489219) -- Fix replacement variables in user-specific base_dn in some LDAP requests (#1489279) -- Fix image scaling issues when image has only one dimension smaller than the limit (#1489274) -- Fix issue where uploaded photo was lost when contact form did not validate (#1489274) -- Move identity selection based on non-standard headers into (new) identity_select plugin (#1488553) -- Fix downloading binary files with (wrong) text/* content-type (#1489267) +- Add temp_dir_ttl configuration option (#4318) +- Allow setting INBOX as Sent folder (#4264) +- Fix replacement variables in user-specific base_dn in some LDAP requests (#4299) +- Fix image scaling issues when image has only one dimension smaller than the limit (#4296) +- Fix issue where uploaded photo was lost when contact form did not validate (#4296) +- Move identity selection based on non-standard headers into (new) identity_select plugin (#3835) +- Fix downloading binary files with (wrong) text/* content-type (#4292) - Respect HTTP_X_FORWARDED_FOR and HTTP_X_REAL_IP variables for session IP check -- Simplified configuration by merging it into one file + defaults (#1487311) -- Make message list header stay on top when scrolling (#1295420) +- Simplified configuration by merging it into one file + defaults (#3156) +- Make message list header stay on top when scrolling (#353) - Add support for 'enchant' spellcheck engine -- Check filetype detection in installer and update script (#1489193) -- Fix folder names truncation in Classic skin (#1489220) -- Make possible to disable some (broken) IMAP extensions with imap_disable_caps option (#1489184) -- Contacts drag-n-drop default action is to move contacts (#1488751) -- Added possibility to choose to move or copy contacts from drag-n-drop menu (#1488751) -- Fix Close link and remove About link on error pages (#1489109) +- Check filetype detection in installer and update script (#4252) +- Fix folder names truncation in Classic skin (#4265) +- Make possible to disable some (broken) IMAP extensions with imap_disable_caps option (#4245) +- Contacts drag-n-drop default action is to move contacts (#3962) +- Added possibility to choose to move or copy contacts from drag-n-drop menu (#3962) +- Fix Close link and remove About link on error pages (#4201) - Improved/unified attachment preview screen, added print button -- Fix lack of space between searchfiler and quicksearchbar in Larry skin (#1489158) -- Cache LDAP's user_specific search and use vlv for better performance (#1489186) +- Fix lack of space between searchfiler and quicksearchbar in Larry skin (#4233) +- Cache LDAP's user_specific search and use vlv for better performance (#4247) - LDAP: auto-detect and use VLV indices for all search operations - LDAP: additional group configuration options for address books - LDAP: separated address book implementation from a generic LDAP wrapper class - Allow address books to browse a multi-level group hierarchy in the contacts list -- Fix session issues when local and database time differs (#1486132) -- Fix thread cache syncronization/validation (#1489028) +- Fix session issues when local and database time differs (#2401) +- Fix thread cache syncronization/validation (#4150) - Added feature to import messages to the currently selected folder - Add option show_real_foldernames to disable localization of special folders -- Fix database cache expunge issues (#1489149) -- Fix date format issues on MS SQL Server (#1488918) +- Fix database cache expunge issues (#4229) +- Fix date format issues on MS SQL Server (#4078) - Add imap_cache_ttl option to configure TTL of imap_cache - Make LDAP cache engine configurable via ldap_cache and ldap_cache_ttl options -- Fix "duplicate entry" errors on inserts to imap cache tables (#1489146) -- Improved handling of Reply-To/Bcc addresses of identity in compose form (#1489016) +- Fix "duplicate entry" errors on inserts to imap cache tables (#4228) +- Improved handling of Reply-To/Bcc addresses of identity in compose form (#4142) - Added user preference to open all popups as standard windows - Implemented shared cache (rcube_cache_shared) -- Change Reply-All button label/title when mailing list is detected (#1488938) -- Fix SMTP connection using IPv6 address in smtp_server option (#1489024) +- Change Reply-All button label/title when mailing list is detected (#4092) +- Fix SMTP connection using IPv6 address in smtp_server option (#4147) - Added attachment_reminder plugin - Make PHP code eval() free, use create_function() -- Add option to display email address together with a name in mail preview (#1488732) -- Support CSV import from Atmail (#1489045) +- Add option to display email address together with a name in mail preview (#3952) +- Support CSV import from Atmail (#4161) - Add db_prefix configuration option in place of db_table_*/db_sequence_* options -- Make possible to use db_prefix for schema initialization in Installer (#1489067) +- Make possible to use db_prefix for schema initialization in Installer (#4175) - Fix updatedb.sh script so it recognizes also table prefix for external DDL files -- Fix parsing invalid date string (#1489035) -- Add "with attachment" option to messages list filter (#1485382) -- Call resize handler in intervals to prevent lags and double onresize calls in Chrome (#1489005) -- Add rel="noreferrer" for links in displayed messages (#1484686) -- Add ability to toggle between HTML and text while viewing a message (#1486939) -- Remove "HTML message" from attachments list while viewing a message in text mode (#1486939) +- Fix parsing invalid date string (#4155) +- Add "with attachment" option to messages list filter (#1795) +- Call resize handler in intervals to prevent lags and double onresize calls in Chrome (#4137) +- Add rel="noreferrer" for links in displayed messages (#4976) +- Add ability to toggle between HTML and text while viewing a message (#3005) +- Remove "HTML message" from attachments list while viewing a message in text mode (#3005) - Support IMAP MOVE extension [RFC 6851] -- Add attachment menu with Open and Download options (#1488975) -- Display user-friendly message on IMAP "over quota" errors (#1484164) +- Add attachment menu with Open and Download options (#4116) +- Display user-friendly message on IMAP "over quota" errors (#914) - Extended archive plugin with user-configurable options to store messages into subfolders -- Fix export of selected contacts from search result (#1488905) +- Fix export of selected contacts from search result (#4070) - Feature to export only selected contacts from addressbook (by Phil Weir) RELEASE 0.9.5 ------------- -- Fix failing vCard import when email address field contains spaces (#1489386) +- Fix failing vCard import when email address field contains spaces (#4363) - Fix default spell-check configuration after Google suspended their spell service -- Fix vulnerability in handling _session argument of utils/save-prefs [CVE-2013-6172] (#1489382) -- Fix iframe onload for upload errors handling (#1489379) -- Fix address matching in Return-Path header on identity selection (#1489374) -- Fix text wrapping issue with long unwrappable lines (#1489371) +- Fix vulnerability in handling _session argument of utils/save-prefs [CVE-2013-6172] (#4362) +- Fix iframe onload for upload errors handling (#4361) +- Fix address matching in Return-Path header on identity selection (#4358) +- Fix text wrapping issue with long unwrappable lines (#4356) - Fixed issues where HTML comments inside style tag would hang Internet Explorer -- Hide Delivery Status Notification option when smtp_server is unset (#1489336) -- Display full attachment name using title attribute when name is too long to display (#1489320) -- Fix attachment icon issue when rare font/language is used (#1489326) -- Fix expanded thread root message styling after refreshing messages list (#1489327) -- Fix issue where From address was removed from Cc and Bcc fields when editing a draft (#1489319) -- Fix error_reporting directive check (#1489323) -- Fix de_DE localization of "About" label in Help plugin (#1489325) +- Hide Delivery Status Notification option when smtp_server is unset (#4339) +- Display full attachment name using title attribute when name is too long to display (#4328) +- Fix attachment icon issue when rare font/language is used (#4334) +- Fix expanded thread root message styling after refreshing messages list (#4335) +- Fix issue where From address was removed from Cc and Bcc fields when editing a draft (#4327) +- Fix error_reporting directive check (#4331) +- Fix de_DE localization of "About" label in Help plugin (#4333) RELEASE 0.9.4 ------------- -- Make identities matching case insensitive (#1485480) -- Fix issue where too big message data was stored in cache causing sql errors (#1489316) -- Fix iframe scrollbars on webkit desktop browsers (#1489306) -- Fix issue where legacy config was overriden by default config (#1489288) -- Fix newmail_notifier issue where favicon wasn't changed back to default (#1489313) -- Fix setting of Junk and NonJunk flags by markasjunk plugin (#1489285) -- Fix lack of Reply-To address in header of forwarded message body (#1489298) -- Fix bugs when invoking contact creation form when read-only addressbook is selected (#1489296) -- Fix identity selection on reply (#1489291) -- Fix so additional headers are added to all messages sent (#1489284) -- Fix display issue after moving folder in Folder Manager (#1489293) -- Fix handling of non-default date formats (#1489294) -- Fix unquoted path in PREG expression on Windows (#1489290) -- Fix wrong close tag in /template/mail.html (#1489295) +- Make identities matching case insensitive (#1881) +- Fix issue where too big message data was stored in cache causing sql errors (#4325) +- Fix iframe scrollbars on webkit desktop browsers (#4319) +- Fix issue where legacy config was overriden by default config (#4305) +- Fix newmail_notifier issue where favicon wasn't changed back to default (#4324) +- Fix setting of Junk and NonJunk flags by markasjunk plugin (#4303) +- Fix lack of Reply-To address in header of forwarded message body (#4314) +- Fix bugs when invoking contact creation form when read-only addressbook is selected (#4313) +- Fix identity selection on reply (#4308) +- Fix so additional headers are added to all messages sent (#4302) +- Fix display issue after moving folder in Folder Manager (#4310) +- Fix handling of non-default date formats (#4311) +- Fix unquoted path in PREG expression on Windows (#4307) +- Fix wrong close tag in /template/mail.html (#4312) RELEASE 0.9.3 ------------- -- Fix setting refresh_interval to "Never" in Preferences (#1489286) +- Fix setting refresh_interval to "Never" in Preferences (#4304) - Fixed iframe scrolling on touch devices - Optimized message list for touch devices -- Fix purge action in folder manager (#1489280) -- Fix base URL resolving on attribute values with no quotes (#1489275) -- Fix wrong handling of links with '|' character (#1489276) -- Fix colorspace issue on image conversion using ImageMagick (#1489270) -- Fix XSS vulnerability when editing a message "as new" or draft [CVE-2013-5645] (#1489251) -- Fix XSS vulnerability when saving HTML signatures [CVE-2013-5645] (#1489251) -- Fix rewrite rule in .htaccess (#1489240) -- Fix detecting Turkish language in ISO-8859-9 encoding (#1489252) -- Fix identity-selection using Return-Path headers (#1489241) -- Fix parsing of links with ... in URL (#1489192) -- Fix compose priority selector when opening in new window (#1489257) -- Fix bug where signature wasn't changed on identity selection when editing a draft (#1489229) -- Fix IMAP SETMETADATA parameters quoting (#1489231) -- Fix "could not load message" error on valid empty message body (#1489228) -- Fix handling of message/rfc822 attachments on message forward and edit (#1489214) -- Fix parsing of square bracket characters in IMAP response strings (#1489223) -- Don't clear References and in-Reply-To when a message is "edited as new" (#1489216) +- Fix purge action in folder manager (#4300) +- Fix base URL resolving on attribute values with no quotes (#4297) +- Fix wrong handling of links with '|' character (#4298) +- Fix colorspace issue on image conversion using ImageMagick (#4294) +- Fix XSS vulnerability when editing a message "as new" or draft [CVE-2013-5645] (#4283) +- Fix XSS vulnerability when saving HTML signatures [CVE-2013-5645] (#4283) +- Fix rewrite rule in .htaccess (#4278) +- Fix detecting Turkish language in ISO-8859-9 encoding (#4284) +- Fix identity-selection using Return-Path headers (#4279) +- Fix parsing of links with ... in URL (#4251) +- Fix compose priority selector when opening in new window (#4286) +- Fix bug where signature wasn't changed on identity selection when editing a draft (#4272) +- Fix IMAP SETMETADATA parameters quoting (#4274) +- Fix "could not load message" error on valid empty message body (#4271) +- Fix handling of message/rfc822 attachments on message forward and edit (#4262) +- Fix parsing of square bracket characters in IMAP response strings (#4267) +- Don't clear References and in-Reply-To when a message is "edited as new" (#4263) - Fix messages list sorting with THREAD=REFS -- Remove deprecated (in PHP 5.5) PREG /e modifier usage (#1489174) -- Fix empty messages list when register_globals is enabled (#1489157) -- Fix so valid and set date.timezone is not required by installer checks (#1489180) -- Canonize boolean ini_get() results (#1489189) -- Fix so install do not fail when one of DB driver checks fails but other drivers exist (#1489178) -- Fix so exported vCard specifies encoding in v3-compatible format (#1489183) +- Remove deprecated (in PHP 5.5) PREG /e modifier usage (#4239) +- Fix empty messages list when register_globals is enabled (#4232) +- Fix so valid and set date.timezone is not required by installer checks (#4242) +- Canonize boolean ini_get() results (#4249) +- Fix so install do not fail when one of DB driver checks fails but other drivers exist (#4240) +- Fix so exported vCard specifies encoding in v3-compatible format (#4244) RELEASE 0.9.2 ------------- -- Fix image thumbnails display in print mode (#1489134) -- Fix height of message headers block (#1489108) -- Fix timeout issue on drag&drop uploads (#1489170) +- Fix image thumbnails display in print mode (#4220) +- Fix height of message headers block (#4200) +- Fix timeout issue on drag&drop uploads (#4238) - Fix default sorting of threaded list when THREAD=REFS isn't supported -- Fix list mode switch to 'List' after saving list settings in Larry skin (#1489164) -- Fix error when there's no writeable addressbook source (#1489162) -- Fix zipdownload plugin issue with filenames charset (#1489156) -- Fix so non-inline images aren't skipped on forward (#1489150) -- Fix "null" instead of empty string on messages list in IE10 (#1489145) +- Fix list mode switch to 'List' after saving list settings in Larry skin (#4236) +- Fix error when there's no writeable addressbook source (#4235) +- Fix zipdownload plugin issue with filenames charset (#4231) +- Fix so non-inline images aren't skipped on forward (#4230) +- Fix "null" instead of empty string on messages list in IE10 (#4227) - Fix legacy options handling -- Fix so bounces addresses in Sender headers are skipped on Reply-All (#1489011) -- Fix bug where serialized strings were truncated in PDO::quote() (#1489142) -- Fix displaying messages with invalid self-closing HTML tags (#1489137) -- Fix PHP warning when responding to a message with many Return-Path headers (#1489136) -- Fix unintentional compose window resize (#1489114) -- Fix performance regression in text wrapping function (#1489133) -- Fix connection to posgtres db using unix socket (#1489132) -- Fix handling of comma when adding contact from contacts widget (#1489107) -- Fix bug where a message was opened in both preview pane and new window on double-click (#1489122) -- Fix fatal error when xdebug.max_nesting_level was exceeded in rcube_washtml (#1489110) -- Fix PHP warning in html_table::set_row_attribs() in PHP 5.4 (#1489094) -- Fix invalid option selected in default_font selector when font is unset (#1489112) -- Fix displaying contact with ID divisible by 100 in sql addressbook (#1489121) -- Fix browser warnings on PDF plugin detection (#1489118) -- Fix fatal error when parsing UUencoded messages (#1489119) +- Fix so bounces addresses in Sender headers are skipped on Reply-All (#4140) +- Fix bug where serialized strings were truncated in PDO::quote() (#4226) +- Fix displaying messages with invalid self-closing HTML tags (#4223) +- Fix PHP warning when responding to a message with many Return-Path headers (#4222) +- Fix unintentional compose window resize (#4206) +- Fix performance regression in text wrapping function (#4219) +- Fix connection to posgtres db using unix socket (#4218) +- Fix handling of comma when adding contact from contacts widget (#4199) +- Fix bug where a message was opened in both preview pane and new window on double-click (#4212) +- Fix fatal error when xdebug.max_nesting_level was exceeded in rcube_washtml (#4202) +- Fix PHP warning in html_table::set_row_attribs() in PHP 5.4 (#4194) +- Fix invalid option selected in default_font selector when font is unset (#4204) +- Fix displaying contact with ID divisible by 100 in sql addressbook (#4211) +- Fix browser warnings on PDF plugin detection (#4209) +- Fix fatal error when parsing UUencoded messages (#4210) RELEASE 0.9.1 ------------- -- Better German labels for from/to to avoid conflicts with 'sender' (#1489084) -- Fix problem where security warning was displayed for valid images with image/jpg type (#1489097) -- Fix handling of invalid email addresses in headers (#1489092) -- Fix IMAP connection issue with default_socket_timeout < 0 and imap_timeout < 0 (#1489090) -- Fix various PHP code bugs found using static analysis (#1489086) -- Fix backslash character handling on vCard import (#1489085) -- Fix csv import from Thunderbird with French localization (#1489059) -- Fix messages list focus issue in Opera and Webkit (#1489058) -- Fix Reply-To header handling in Reply-All action (#1489037) -- Fix so Sender: address is added to Cc: field on reply to all (#1489011) -- Fix so addressbook_search_mode works also for group search (#1489079) -- Fix removal of a contact from a group in LDAP addressbook (#1489081) -- Inlcude SQL query in the log on SQL error (#1489064) -- Fix handling untagged responses in IMAP FETCH - "could not load message" error (#1489074) -- Fix very small window size in Chrome (#1488931) -- Fix list page reset when viewing a message in Larry skin (#1489076) -- Fix min_refresh_interval handling on preferences save (#1489073) -- Fix PDF support detection for Firefox PDF.js (#1488972) -- Fix possible collision in generated thumbnail cache key (#1489069) -- Fix exit code on bootsrap errors in CLI mode (#1489044) -- Fix error handling in CLI mode, use STDERR and non-empty exit code (#1489043) +- Better German labels for from/to to avoid conflicts with 'sender' (#4188) +- Fix problem where security warning was displayed for valid images with image/jpg type (#4196) +- Fix handling of invalid email addresses in headers (#4193) +- Fix IMAP connection issue with default_socket_timeout < 0 and imap_timeout < 0 (#4191) +- Fix various PHP code bugs found using static analysis (#4190) +- Fix backslash character handling on vCard import (#4189) +- Fix csv import from Thunderbird with French localization (#4170) +- Fix messages list focus issue in Opera and Webkit (#4169) +- Fix Reply-To header handling in Reply-All action (#4157) +- Fix so Sender: address is added to Cc: field on reply to all (#4140) +- Fix so addressbook_search_mode works also for group search (#4183) +- Fix removal of a contact from a group in LDAP addressbook (#4185) +- Inlcude SQL query in the log on SQL error (#4172) +- Fix handling untagged responses in IMAP FETCH - "could not load message" error (#4180) +- Fix very small window size in Chrome (#4087) +- Fix list page reset when viewing a message in Larry skin (#4182) +- Fix min_refresh_interval handling on preferences save (#4179) +- Fix PDF support detection for Firefox PDF.js (#4113) +- Fix possible collision in generated thumbnail cache key (#4177) +- Fix exit code on bootsrap errors in CLI mode (#4160) +- Fix error handling in CLI mode, use STDERR and non-empty exit code (#5161) - Fix error when using check_referer=true -- Fix incorrect handling of some specific links (#1489060) +- Fix incorrect handling of some specific links (#4171) - Fix incorrect handling of leading spaces in text wrapping -- Fix unintentional messages list jumps on click in Internet Explorer (#1489056) -- Fix list of required configuration options (#1489055) -- Fix DB error when creating a new contact and a group is selected (#1489051) -- Fix handling of deprecated boolean value of reply_mode option (#1489052) +- Fix unintentional messages list jumps on click in Internet Explorer (#4167) +- Fix list of required configuration options (#4166) +- Fix DB error when creating a new contact and a group is selected (#4164) +- Fix handling of deprecated boolean value of reply_mode option (#4165) RELEASE 0.9.0 ------------- -- Fix display of HTML entities in protected folder name (#1489042) -- Set minimal permissions to temp files (#1488996) -- Improve content check for embedded images without filename (#1489029) -- Fix handling of invalid characters in message headers and output (#1489032) -- Fix selecting collapsed rows on select-all (#1489036) -- Avoid race-conditions with concurrent attachment uploads (#1488422) -- Fix possible header duplicates when using additional headers (#1489033) -- Fix session issues with use_https=true (#1488986) -- Fix blockquote width in sent mail (#1489031) -- Fix keyboard events on list widgets in Internet Explorer (#1489025) +- Fix display of HTML entities in protected folder name (#4159) +- Set minimal permissions to temp files (#4131) +- Improve content check for embedded images without filename (#4151) +- Fix handling of invalid characters in message headers and output (#4153) +- Fix selecting collapsed rows on select-all (#4156) +- Avoid race-conditions with concurrent attachment uploads (#3739) +- Fix possible header duplicates when using additional headers (#4154) +- Fix session issues with use_https=true (#4125) +- Fix blockquote width in sent mail (#4152) +- Fix keyboard events on list widgets in Internet Explorer (#4148) RELEASE 0.9-rc2 --------------- - Fix security issue in save-pref command -- Remove sig_above configuration option, use reply_mode only (#1489001) -- Refresh current folder in opener window after draft save or message sent (#1488997) -- Fix saving draft just after entering compose window (#1489012) -- Fix javascript error in IE9 when loading form with placeholders into an iframe (#1489008) -- Fix handling of some conditional comment tags in HTML message (#1489004) -- Fix so forward as attachment works if additional attachment is added by message_compose hook (#1489000) -- Better handling of session errors in ajax requests (#1488960) -- Fix HTML part detection for some specific message structures (#1488992) -- Don't show fake address - phishing prevention (#1488981) -- Fix forward as attachment bug with editormode != 1 (#1488991) -- Fix LIMIT/OFFSET queries handling on MS SQL Server (#1488984) -- Fix so task name can really contain all from a-z0-9_- characters (#1488941) +- Remove sig_above configuration option, use reply_mode only (#4135) +- Refresh current folder in opener window after draft save or message sent (#4132) +- Fix saving draft just after entering compose window (#4141) +- Fix javascript error in IE9 when loading form with placeholders into an iframe (#4138) +- Fix handling of some conditional comment tags in HTML message (#4136) +- Fix so forward as attachment works if additional attachment is added by message_compose hook (#4134) +- Better handling of session errors in ajax requests (#4105) +- Fix HTML part detection for some specific message structures (#4130) +- Don't show fake address - phishing prevention (#4120) +- Fix forward as attachment bug with editormode != 1 (#4129) +- Fix LIMIT/OFFSET queries handling on MS SQL Server (#4123) +- Fix so task name can really contain all from a-z0-9_- characters (#4095) - Fix javascript errors when working in a page opened with taget="_blank" -- Mention SQLite database format change in UPGRADING file (#1488983) -- Increase maxlength to 254 chars for email input fields in addressbook (#1488987) -- Fix thumbnail size when GD extension is used for image resize (#1488985) -- Display notice that message is encrypted also for application/pkcs7-mime messages (#1488526) +- Mention SQLite database format change in UPGRADING file (#4122) +- Increase maxlength to 254 chars for email input fields in addressbook (#4126) +- Fix thumbnail size when GD extension is used for image resize (#4124) +- Display notice that message is encrypted also for application/pkcs7-mime messages (#3815) RELEASE 0.9-rc -------------- -- Fix plain text spellchecker incorrect highlighting in non-ASCII text (#1488973) -- Add workaround for invalid message charset detection by IMAP servers (#1488968) -- Fix NUL characters in content-type of ms-tnef attachment (#1488964) -- Fix regression in handling LDAP contact identifiers (#1488959) +- Fix plain text spellchecker incorrect highlighting in non-ASCII text (#4114) +- Add workaround for invalid message charset detection by IMAP servers (#4112) +- Fix NUL characters in content-type of ms-tnef attachment (#4108) +- Fix regression in handling LDAP contact identifiers (#4104) - Updated translations from Transifex -- Fix buggy error template in a frame (#1488938) +- Fix buggy error template in a frame (#4092) - Add addressbook widget on compose page in classic skin -- Add search box to compose address book widget (#1488381) -- Fix login in case when default_host is an array with one element (#1488928) +- Add search box to compose address book widget (#3710) +- Fix login in case when default_host is an array with one element (#4085) - Use LDAP fallback hosts on connect + bind instead of ldap_connect() only. - Add config option for LDAP bind timeout (sets LDAP_OPT_NETWORK_TIMEOUT option) -- Submit Addressbook advanced search form with Enter key (#1488568) -- Also block remote images in HTML part view (#1488827) +- Submit Addressbook advanced search form with Enter key (#3843) +- Also block remote images in HTML part view (#4013) - Improved database schema upgrade procedure, added updatedb.sh script -- Force autocommit mode in mysql database driver (#1488902) +- Force autocommit mode in mysql database driver (#4068) RELEASE 0.9-beta ---------------- -- Fix searching by date in address book (#1488888) -- Improve charset detection by prioritizing charset according to user language (#1485669) -- Fix handling of escaped separator in vCard file (#1488896) -- Add option to use envelope From address for MDN responses (#1488880) -- Add possibility to search in message body only (#1488770) -- Support "multipart/relative" as an alias for "multipart/related" type (#1488886) -- Display PGP/MIME signature attachments as "Digital Signature" (#1488570) -- Workaround UW-IMAP bug where hierarchy separator is added to the shared folder name (#1488879) -- Fix version comparisons with -stable suffix (#1488876) -- Add unsupported alternative parts to attachments list (#1488870) -- Add Compose button on message view page (#1488747) +- Fix searching by date in address book (#4058) +- Improve charset detection by prioritizing charset according to user language (#2032) +- Fix handling of escaped separator in vCard file (#4064) +- Add option to use envelope From address for MDN responses (#4052) +- Add possibility to search in message body only (#3977) +- Support "multipart/relative" as an alias for "multipart/related" type (#4057) +- Display PGP/MIME signature attachments as "Digital Signature" (#3845) +- Workaround UW-IMAP bug where hierarchy separator is added to the shared folder name (#4051) +- Fix version comparisons with -stable suffix (#4050) +- Add unsupported alternative parts to attachments list (#4046) +- Add Compose button on message view page (#3959) - Display 'Sender' header in message preview - Plugin API: Added message_before_send hook -- Fix contact copy/add-to-group operations on search result (#1488862) -- Use matching identity in MDN response (#1488864) -- Fix handling of signatures on draft edit (#1488798) -- Fix so compacting of non-empty folder is possible also when messages list is empty (#1488858) -- Allow forwarding of multiple emails (#1486854) -- Fix big memory consumption of DB layer (#1488856) -- Fix broken message/part bodies when FETCH response contains more untagged lines (#1488836) -- Fix empty email on identities list after identity update (#1488834) +- Fix contact copy/add-to-group operations on search result (#4042) +- Use matching identity in MDN response (#4043) +- Fix handling of signatures on draft edit (#3996) +- Fix so compacting of non-empty folder is possible also when messages list is empty (#4039) +- Allow forwarding of multiple emails (#2941) +- Fix big memory consumption of DB layer (#4037) +- Fix broken message/part bodies when FETCH response contains more untagged lines (#4020) +- Fix empty email on identities list after identity update (#4018) - Add new identities_level: (4) one identity with possibility to edit only signature -- Use Delivered-To and Envelope-To headers for identity selection (#1488840, #1488553) -- Fix XSS vulnerability using Flash files (#1488828) -- Always save drafts with format=flowed in order to keep original line wraps (#1488799) -- Select default_addressbook on the list in Address Book (#1488280) -- Fix so mobile phone has TYPE=CELL in exported vCard (#1488812) -- Support contacts import from CSV file (#1486399) -- Improved keep-alive action. Now the interval is based on session_lifetime (#1488507) -- Added cross-task 'refresh' request for system state updates (#1488507) +- Use Delivered-To and Envelope-To headers for identity selection (#4024, #3835) +- Fix XSS vulnerability using Flash files (#4014) +- Always save drafts with format=flowed in order to keep original line wraps (#3997) +- Select default_addressbook on the list in Address Book (#3624) +- Fix so mobile phone has TYPE=CELL in exported vCard (#4004) +- Support contacts import from CSV file (#2605) +- Improved keep-alive action. Now the interval is based on session_lifetime (#3799) +- Added cross-task 'refresh' request for system state updates (#3799) - Renamed config options: keep_alive to refresh_interval, min_keep_alive to min_refresh_interval - Fix handling of text/enriched content on message reply/forward/edit - Option to display attached images as thumbnails below message body - Upgraded to jQuery 1.8.3 and jQuery UI 1.9.1 - Add config option to automatically generate LDAP attributes for new entries -- Add user settings to open message view and compose form in new windows (#1485486) -- Better client-side timezone detection using the jsTimezoneDetect library (#1488725) -- Add option to disable saving sent mail in Sent folder - no_save_sent_messages (#1488686) -- Fix handling dont_override with message_sort_col and message_sort_order settings (#1488760) -- Fix handling of URLs with asterisk characters (#1488759) -- Remove automatic to-lowercase conversion of usernames (#1488715) +- Add user settings to open message view and compose form in new windows (#1886) +- Better client-side timezone detection using the jsTimezoneDetect library (#3947) +- Add option to disable saving sent mail in Sent folder - no_save_sent_messages (#3923) +- Fix handling dont_override with message_sort_col and message_sort_order settings (#3970) +- Fix handling of URLs with asterisk characters (#3969) +- Remove automatic to-lowercase conversion of usernames (#3941) - Plugin API: Add 'email_list' argument for identities data in user_create hook -- Integrated zipdownload plugin to download all attachments (#1445509) -- Fix HTML special characters handling in message list/header display (#1488523) -- List related text/html part as attachment in plain text mode (#1488677) +- Integrated zipdownload plugin to download all attachments (#617) +- Fix HTML special characters handling in message list/header display (#3812) +- List related text/html part as attachment in plain text mode (#3918) - Use IMAP BINARY (RFC3516) extension to fetch message/part bodies -- Fix folder creation under public namespace root (#1488665) -- Fix so "Edit as new" on draft creates a new message (#1488687) -- Fix invalid error message on deleting mail from read only folder (#1488694) -- Replace data URIs of images (pasted in HTML editor) with inline attachments (#1488502) +- Fix folder creation under public namespace root (#3910) +- Fix so "Edit as new" on draft creates a new message (#3924) +- Fix invalid error message on deleting mail from read only folder (#3929) +- Replace data URIs of images (pasted in HTML editor) with inline attachments (#3795) - Remove (too big) min-width on mail screen - Added template object 'frame' -- Add option to enable HTML editor on forwarding (#1488517) -- Add option to not include original message on reply, rename option top_posting to reply_mode (#1485149) +- Add option to enable HTML editor on forwarding (#3807) +- Add option to not include original message on reply, rename option top_posting to reply_mode (#1615) - Added session_path config option and unified cookies settings in javascript - Added "Undeleted" option to messages list filter - Rewritten test scripts for PHPUnit -- Add new DB abstraction layer based on PHP PDO, supporting SQLite3 (#1488332) +- Add new DB abstraction layer based on PHP PDO, supporting SQLite3 (#3668) - Removed PEAR::MDB2 package - Removed users.alias column, added option ('user_aliases') - to use email address from identities as username (#1488581) -- Removed redundant cache.cache_id column (#1488528) -- Fix order of attachments in sent mail (#1488423) -- Fix Shift + delete button does not permanently delete messages (#1488243) -- Add Content-Length for attachments where possible (#1485478) -- Fix attachment sizes in message print page and attachment preview page (#1488515) + to use email address from identities as username (#3851) +- Removed redundant cache.cache_id column (#3817) +- Fix order of attachments in sent mail (#3740) +- Fix Shift + delete button does not permanently delete messages (#3598) +- Add Content-Length for attachments where possible (#1880) +- Fix attachment sizes in message print page and attachment preview page (#3805) - Add mail attachments using drag & drop on HTML5 enabled browsers -- Add workaround for invalid BODYSTRUCTURE response - parse message with Mail_mimeDecode package (#1485585) -- Display Tiff as Jpeg in browsers without Tiff support (#1488452) -- Don't display Pdf/Tiff/Flash attachments inline without browser support (#1488452, #1487929) -- Add is_escaped attribute for html_select and html_textarea (#1488485) +- Add workaround for invalid BODYSTRUCTURE response - parse message with Mail_mimeDecode package (#1966) +- Display Tiff as Jpeg in browsers without Tiff support (#3757) +- Don't display Pdf/Tiff/Flash attachments inline without browser support (#3757, #3394) +- Add is_escaped attribute for html_select and html_textarea (#3782) - Fix issue where draft auto-save wasn't executed after some inactivity time -- Add vCard import from multiple files at once (#1488015) +- Add vCard import from multiple files at once (#3458) - Roundcube Framework: Add possibility to replace IMAP driver with custom class Add IMAP auto-connection feature, improving performance with caching enabled @@ -739,282 +760,282 @@ RELEASE 0.8.5 ------------- -- Fix #countcontrols issue in IE<=8 when text is very long (#1488890) -- Fix unwanted horizontal scrollbar in message preview header (#1488866) -- Add workaround for IE<=8 bug where Content-Disposition:inline was ignored (#1488844) -- Fix XSS vulnerability in vbscript: and data:text links handling [CVE-2012-6121] (#1488850) -- Fix absolute positioning in HTML messages (#1488819) +- Fix #countcontrols issue in IE<=8 when text is very long (#4060) +- Fix unwanted horizontal scrollbar in message preview header (#4044) +- Add workaround for IE<=8 bug where Content-Disposition:inline was ignored (#4028) +- Fix XSS vulnerability in vbscript: and data:text links handling [CVE-2012-6121] (#4033) +- Fix absolute positioning in HTML messages (#4007) - Fix cache (in)validation after setting \Deleted flag -- Fix keybord events on messages list in opera browser (#1488823) -- Fix selection of collapsed thread rows (#1488772) -- Fix wrapping of quoted text with format=flowed (#1488177) +- Fix keybord events on messages list in opera browser (#4011) +- Fix selection of collapsed thread rows (#3978) +- Fix wrapping of quoted text with format=flowed (#3561) RELEASE 0.8.4 ------------- -- Fix regression where unintentional page reload was done after request abort (#1488802) -- Fix XSS vulnerability in handling of text/enriched messages (#1488806) -- Fix handling of 'media' attribute on linked css (#1488789) -- Fix excessive LFs at the end of composed message with top_posting=true (#1488797) -- Fix bug where leading blanks were stripped from quoted lines (#1488795) +- Fix regression where unintentional page reload was done after request abort (#3999) +- Fix XSS vulnerability in handling of text/enriched messages (#4000) +- Fix handling of 'media' attribute on linked css (#3989) +- Fix excessive LFs at the end of composed message with top_posting=true (#3995) +- Fix bug where leading blanks were stripped from quoted lines (#3994) RELEASE 0.8.3 ------------- -- Fix AREA links handling (#1488792) -- Fix possible HTTP DoS on error in keep-alive requests (#1488782) -- Fix compatybility with MDB2 2.5.0b4 (#1488779) +- Fix AREA links handling (#3992) +- Fix possible HTTP DoS on error in keep-alive requests (#3983) +- Fix compatybility with MDB2 2.5.0b4 (#3982) - Fix a bug where saving a message in INBOX wasn't possible -- Fix HTML part detection in messages with attachments (#1488769) +- Fix HTML part detection in messages with attachments (#3976) - Fix bug where wrong words were highlighted on spell-before-send check -- Fix scrolling quirk in email preview frame using Opera 12 (#1488763) -- Fix displaying of multipart/alternative messages with empty parts (#1488750) -- Fix threaded list sorting on PHP < 5.2.9 (#1488748) -- Fix Warning: htmlspecialchars(): charset `RCMAIL_CHARSET' not supported warning in Installer (#1488744) +- Fix scrolling quirk in email preview frame using Opera 12 (#3973) +- Fix displaying of multipart/alternative messages with empty parts (#3961) +- Fix threaded list sorting on PHP < 5.2.9 (#3960) +- Fix Warning: htmlspecialchars(): charset `RCMAIL_CHARSET' not supported warning in Installer (#3958) RELEASE 0.8.2 ------------- -- Fix XSS vulnerability from HTTP User-Agent header (#1488737) -- Force fonts in compose fields to be all the same (#1488690) -- Fix handling vCard entries with TEL;TYPE=CELL (#1488728) -- Fix error where session wasn't updated after folder rename/delete (#1488692) -- Fix PLAIN authentication for some IMAP servers (#1488674) -- Fix encoding vCard file when contains PHOTO;ENCODING=b (#1488683) -- Fix focus issue in IE when selecting message row (#1488620) -- Add full headers view in message preview window (#1488538) -- Fix message display page issues - unified with message preview (#1488590, #1488642) -- Fix displaying all headers when they contain malformed characters (#1488666) -- Fix decoding of HTML messages with UTF-16 charset specified (#1488654) -- Fix quota capability detection so it can be overwritten by a plugin (#1488655) -- Fix identity selection on reply (#1488101) -- Fix Larry's messages list filter in IE (#1488632) -- Fix more IE issues by disabling Compat. mode with X-UA-Compatible meta tag (#1488626) -- Fix setting locales under Solaris - use additional .UTF-8 suffix (#1488628) +- Fix XSS vulnerability from HTTP User-Agent header (#3954) +- Force fonts in compose fields to be all the same (#3926) +- Fix handling vCard entries with TEL;TYPE=CELL (#3949) +- Fix error where session wasn't updated after folder rename/delete (#3928) +- Fix PLAIN authentication for some IMAP servers (#3916) +- Fix encoding vCard file when contains PHOTO;ENCODING=b (#3922) +- Fix focus issue in IE when selecting message row (#3881) +- Add full headers view in message preview window (#3823) +- Fix message display page issues - unified with message preview (#3856, #3895) +- Fix displaying all headers when they contain malformed characters (#3911) +- Fix decoding of HTML messages with UTF-16 charset specified (#3902) +- Fix quota capability detection so it can be overwritten by a plugin (#3903) +- Fix identity selection on reply (#3516) +- Fix Larry's messages list filter in IE (#3890) +- Fix more IE issues by disabling Compat. mode with X-UA-Compatible meta tag (#3886) +- Fix setting locales under Solaris - use additional .UTF-8 suffix (#3887) - Fix email address validation for addresses with IP address in domain part -- Fix Larry skin issues in IE7 compat. mode (#1488618) +- Fix Larry skin issues in IE7 compat. mode (#3879) - Fix so subscribed non-existing/non-accessible shared folder can be unsubscribed RELEASE 0.8.1 ------------- -- Fix bug where domain name was converted to lower-case even with login_lc=false (#1488593) -- Fix lower-casing email address on replies (#1488598) -- Fix line separator in exported messages (#1488603) -- Fix XSS issue where plain signatures wasn't secured in HTML mode [CVE-2012-4668] (#1488613) -- Fix XSS issue where href="javascript:" wasn't secured [CVE-2012-3508] (#1488613) -- Fix impossible to create message with empty plain text part (#1488610) -- Fix stripped apostrophes when replying in plain text to HTML message (#1488606) -- Fix inactive Save search option after advanced search (#1488607) -- Fix Remove from group option is active for contact search result (#1488608) -- Disable autocapitalization in login form on iPad/iPhone (#1488609) -- Fix focus on the list when list row is clicked (#1488600) -- Added separate From and To columns apart from smart From/To column (#1486891) -- Fix fallback to Larry skin when configured skin isn't available (#1488591) -- Fix (workaround) delete operations with some versions of memcache (#1488592) +- Fix bug where domain name was converted to lower-case even with login_lc=false (#3859) +- Fix lower-casing email address on replies (#3863) +- Fix line separator in exported messages (#3866) +- Fix XSS issue where plain signatures wasn't secured in HTML mode [CVE-2012-4668] (#3875) +- Fix XSS issue where href="javascript:" wasn't secured [CVE-2012-3508] (#3875) +- Fix impossible to create message with empty plain text part (#3873) +- Fix stripped apostrophes when replying in plain text to HTML message (#3869) +- Fix inactive Save search option after advanced search (#3870) +- Fix Remove from group option is active for contact search result (#3871) +- Disable autocapitalization in login form on iPad/iPhone (#3872) +- Fix focus on the list when list row is clicked (#3865) +- Added separate From and To columns apart from smart From/To column (#2970) +- Fix fallback to Larry skin when configured skin isn't available (#3857) +- Fix (workaround) delete operations with some versions of memcache (#3858) - Fix (disable) request validation for spell and spell_html actions RELEASE 0.8.0 ------------- - Don't show product version on login screen (can be enabled by config) - Renamed old default skin to 'classic'. Larry is the new default skin. -- Support connections to memcached socket file (#1488577) +- Support connections to memcached socket file (#3848) - Enable TinyMCE inlinepopups plugin - Update to TinyMCE 3.5.6 -- Correctly escape localized labels in javascript variable (#1488567) -- Update Net_SMTP/Auth_SASL packages to fix Digest-MD5/Cram-MD5 authentication (#1488571) -- Don't add attachments content into reply/forward/draft message body (#1488557) -- Fix 'no connection' errors on page unloads (#1488547) -- Plugin API: Add 'unauthenticated' hook (#1488138) -- Show explicit error message when provided hostname is invalid (#1488550) -- Fix wrong compose screen elements focus in IE9 (#1488541) -- Fix fatal error when date.timezone isn't set (#1488546) +- Correctly escape localized labels in javascript variable (#3842) +- Update Net_SMTP/Auth_SASL packages to fix Digest-MD5/Cram-MD5 authentication (#3846) +- Don't add attachments content into reply/forward/draft message body (#3837) +- Fix 'no connection' errors on page unloads (#3832) +- Plugin API: Add 'unauthenticated' hook (#3545) +- Show explicit error message when provided hostname is invalid (#3834) +- Fix wrong compose screen elements focus in IE9 (#3826) +- Fix fatal error when date.timezone isn't set (#3831) - Update to TinyMCE 3.5.4.1 -- Better icons with distinct shapes for priority columns (#1488377) -- Show dedicated icon for multipart/report messages (#1488524) -- Properly hide text of icon links/buttons (#1488534) -- Fix handling of unitless CSS size values in HTML message (#1488535) -- Fix removing contact photo using LDAP addressbook (#1488420) -- Fix storing X-ANNIVERSARY date in vCard format (#1488527) -- Update to Mail_Mime-1.8.5 (#1488521) -- Fix XSS vulnerability in message subject handling using Larry skin [CVE-2012-3507] (#1488519) -- Fix handling of links with various URI schemes e.g. "skype:" (#1488106) +- Better icons with distinct shapes for priority columns (#3706) +- Show dedicated icon for multipart/report messages (#3813) +- Properly hide text of icon links/buttons (#3820) +- Fix handling of unitless CSS size values in HTML message (#3821) +- Fix removing contact photo using LDAP addressbook (#3737) +- Fix storing X-ANNIVERSARY date in vCard format (#3816) +- Update to Mail_Mime-1.8.5 (#3810) +- Fix XSS vulnerability in message subject handling using Larry skin [CVE-2012-3507] (#3809) +- Fix handling of links with various URI schemes e.g. "skype:" (#3521) - Fix handling of links inside PRE elements on html to text conversion - Fix indexing of links on html to text conversion -- Decode header value in rcube_mime::get() by default (#1488511) -- Fix errors with enabled PHP magic_quotes_sybase option (#1488506) -- Fix SQL query for contacts listing on MS SQL Server (#1488505) -- Fix window.resize handler on IE8 and Opera (#1488453) -- Don't let error message popups cover the login form (#1488500) +- Decode header value in rcube_mime::get() by default (#3803) +- Fix errors with enabled PHP magic_quotes_sybase option (#3798) +- Fix SQL query for contacts listing on MS SQL Server (#3797) +- Fix window.resize handler on IE8 and Opera (#3758) +- Don't let error message popups cover the login form (#3794) - Update to TinyMCE 3.5.2 -- Don't show errors when moving contacts into groups they are already in (#1488493) -- Make folders with unread messages in subfolders bold again (#1486793) -- Abbreviate long attachment file names with ellipsis (#1488499) +- Don't show errors when moving contacts into groups they are already in (#3788) +- Make folders with unread messages in subfolders bold again (#2892) +- Abbreviate long attachment file names with ellipsis (#3793) - Fix html2text conversion of strong|b|a|th|h tags when used in upper case -- Add listcontrols template container in Larry skin (#1488498) -- Fix host autoselection when default_host is an array (#1488495) +- Add listcontrols template container in Larry skin (#3792) +- Fix host autoselection when default_host is an array (#3790) - Move messages forwarding mode setting into Preferences -- Fix HTML entities handling in HTML editor (#1488483) -- Fix listing shared folders on Courier IMAP (#1488466) +- Fix HTML entities handling in HTML editor (#3780) +- Fix listing shared folders on Courier IMAP (#3767) RELEASE 0.8-rc -------------- - Added new translations in Belarusian, Interlingua and Malayalam -- Flipped compose options arrow (#1488474) -- Fix handling of large uuencode attachments (#1488473) -- Fix handling of "usemap" attribute (#1488472) -- Fix handling of some HTML tags e.g. IMG (#1488471) -- Use similar language as a fallback for plugin localization (#1488401) -- Fix issue where signature wasn't re-added on draft compose (#1488322) -- Update to TinyMCE 3.5 (#1488459) +- Flipped compose options arrow (#3772) +- Fix handling of large uuencode attachments (#3771) +- Fix handling of "usemap" attribute (#3770) +- Fix handling of some HTML tags e.g. IMG (#3769) +- Use similar language as a fallback for plugin localization (#3726) +- Fix issue where signature wasn't re-added on draft compose (#3659) +- Update to TinyMCE 3.5 (#3762) - Fixed multi-threaded autocompletion when number of threads > number of sources - Allow to configure the number of values allowed for each LDAP attribute - Support for serialized LDAP address values (usually delimited with a $) -- Less restrictive session auth checks, repeat keep-alive requests on failure (#1488449) -- Fix redirect to mail/compose on re-login (#1488226) -- Add IE8 hack for messages list issue (#1487821) +- Less restrictive session auth checks, repeat keep-alive requests on failure (#3755) +- Fix redirect to mail/compose on re-login (#3585) +- Add IE8 hack for messages list issue (#3317) - Fix handling errors on draft auto-save -- Fix importing vCard photo with ENCODING param specified (#1488432) -- Support mutliple name/email pairs for Bcc and Reply-To identity settings (#1488445) -- Set flexible width to login form fields (#1488418) -- Fix re-draw bug on list columns change in IE8 (#1487822) -- Allow mass-removal of addresses from a group (#1487748) +- Fix importing vCard photo with ENCODING param specified (#3746) +- Support mutliple name/email pairs for Bcc and Reply-To identity settings (#3752) +- Set flexible width to login form fields (#3735) +- Fix re-draw bug on list columns change in IE8 (#3318) +- Allow mass-removal of addresses from a group (#3259) - Fix removing all contacts on import to LDAP addressbook -- Fix so "Back" from compose/show doesn't reset search request (#1488238) -- Add option to delete messages instead of moving to Trash when in Junk folder (#1486686) -- Fix invisible cursor when replying to a html message (#1487073) -- Reset IP stored in session when destroying session data (#1488056) +- Fix so "Back" from compose/show doesn't reset search request (#3594) +- Add option to delete messages instead of moving to Trash when in Junk folder (#2805) +- Fix invisible cursor when replying to a html message (#3100) +- Reset IP stored in session when destroying session data (#3485) - Fix bug where memory_limit = -1 wasn't handled properly -- Support LDAP RFC2256's country object class read/write (#1488123) +- Support LDAP RFC2256's country object class read/write (#3535) - Upgraded to jQuery 1.7.2 -- Image resize with GD extension (#1488383) -- Fix lack of warning when switching task in compose window (#1488399) +- Image resize with GD extension (#3712) +- Fix lack of warning when switching task in compose window (#3725) - Fix bug where it wasn't possible to enter ( or & characters in autocomplete fields -- Request all needed fields from address book backends (#1488394) +- Request all needed fields from address book backends (#3721) - Unified (single) spellchecker button -- Scroll long lists on drag&drop (#1485946) -- Copy all skins in installto script (#1488376) +- Scroll long lists on drag&drop (#2249) +- Copy all skins in installto script (#3705) RELEASE 0.8-beta ---------------- -- Upgraded to jQuery 1.7.1 (#1488337) and jQuery UI 1.8.18 -- Add Russian to the spellchecker languages list (#1488135) -- Remember custom skin selection after logout (#1488355) -- Make sure About tab is always the last tab (#1488257) -- Fix issue with folder creation under INBOX. namespace (#1488349) -- Added mailto: protocol handler registration link in User Preferences (#1486580) -- Handle identity details box with an iframe (#1487020) -- Fix issue where some text from original message was missing on reply (#1488340) -- Fix autoselect_host() for login (#1488297) +- Upgraded to jQuery 1.7.1 (#3673) and jQuery UI 1.8.18 +- Add Russian to the spellchecker languages list (#3542) +- Remember custom skin selection after logout (#3688) +- Make sure About tab is always the last tab (#3609) +- Fix issue with folder creation under INBOX. namespace (#3683) +- Added mailto: protocol handler registration link in User Preferences (#2729) +- Handle identity details box with an iframe (#3066) +- Fix issue where some text from original message was missing on reply (#3675) +- Fix autoselect_host() for login (#3639) - Changed license to GNU GPLv3+ with exceptions for skins & plugins - Added address book widget on compose screen -- Use proper timezones from PHP's internal timezonedb (#1485592) -- Add separate pagesize setting for mail messages and contacts (#1488269) +- Use proper timezones from PHP's internal timezonedb (#1973) +- Add separate pagesize setting for mail messages and contacts (#3617) - Deprecate $DB, $USER, $IMAP global variables, Use $RCMAIL instead -- Add option to set default font for HTML message (#1484137) +- Add option to set default font for HTML message (#894) - Fix issues with big memory allocation of IMAP results -- Prevent from memory_limit exceeding when trying to parse big messages bodies (#1487424) -- Add possibility to add SASL mechanisms for SMTP in smtp_connect hook (#1487937) -- Mark (with different color) folders with recent messages (#1486234) +- Prevent from memory_limit exceeding when trying to parse big messages bodies (#3164) +- Add possibility to add SASL mechanisms for SMTP in smtp_connect hook (#3399) +- Mark (with different color) folders with recent messages (#2479) - Added About tab in Settings - TinyMCE updated to 3.4.6 RELEASE 0.7.2 ------------- -- Fix encoding of attachment with comma in name (#1488389) -- Fix handling of % character in IMAP protocol (#1488382) -- Fix duplicate names handling in addressbook searches (#1488375) -- Fix displaying of HTML messages from Disqus (#1488372) +- Fix encoding of attachment with comma in name (#3717) +- Fix handling of % character in IMAP protocol (#3711) +- Fix duplicate names handling in addressbook searches (#3704) +- Fix displaying of HTML messages from Disqus (#3702) - Disable E_STRICT warnings on PHP 5.4 -- Prevent from folder selection on virtual folder collapsing (#1488346) +- Prevent from folder selection on virtual folder collapsing (#3681) - Fix automatic unsubscribe of non-existent folders - Fix double-quotes handling in recipient names - User configurable setting how to display contact names in list - Make contacts list sorting configurable for the admin/user - Fix parse errors in DDL files for MS SQL Server -- Revert SORT=DISPLAY support, removed by mistake (#1488327) -- Add lost translation label in de_DE (#1488315) -- Fix drafts update issues when edited from preview pane (#1488314) -- Fix wrong variable name in rcube_ldap.php (#1488302) +- Revert SORT=DISPLAY support, removed by mistake (#3664) +- Add lost translation label in de_DE (#3654) +- Fix drafts update issues when edited from preview pane (#3653) +- Fix wrong variable name in rcube_ldap.php (#3643) - Make mime type detection based on filename extension to be case-insensitive -- Fix failure on MySQL database upgrade from 0.7 - text column can't have default value (#1488300) +- Fix failure on MySQL database upgrade from 0.7 - text column can't have default value (#3642) RELEASE 0.7.1 ------------- -- Fix bug in handling of base href and inline content (#1488290) -- Fix SQL Error when saving a contact with many email addresses (#1488286) +- Fix bug in handling of base href and inline content (#3634) +- Fix SQL Error when saving a contact with many email addresses (#3630) - Fix strict email address searching if contact has more than one address -- Remove duplicated 'organization' label (#1488287) +- Remove duplicated 'organization' label (#3631) - Fix so editor selector is hidden when 'htmleditor' is listed in 'dont_override' -- Fix wrong (long) label usage (#1488283) -- Fix handling of INBOX's subfolders in special folders config (#1488279) -- Add ifModule statement for setting Options -Indexes in .htaccess file (#1488274) -- Fix crashes with eAccelerator (#1488256) -- Fix searching on IMAP servers without CHARSET specifier support (#1488271) -- Fix expanding folders during drag&drop (#1488260) +- Fix wrong (long) label usage (#3627) +- Fix handling of INBOX's subfolders in special folders config (#3623) +- Add ifModule statement for setting Options -Indexes in .htaccess file (#3620) +- Fix crashes with eAccelerator (#3608) +- Fix searching on IMAP servers without CHARSET specifier support (#3619) +- Fix expanding folders during drag&drop (#3611) - Fix wrong postgres sequence name in upgrade from 0.6 -- Fix broken CREATE INDEX queries in SQLite DDL files (#1488255) +- Fix broken CREATE INDEX queries in SQLite DDL files (#3607) RELEASE 0.7 ----------- - Make Roundcube render the Email Standards Project Acid Test correctly -- Replace prompt() with jQuery UI dialog (#1485135) +- Replace prompt() with jQuery UI dialog (#1603) - Fix navigation in messages search results -- Improved handling of some malformed values encoded with quoted-printable (#1488232) +- Improved handling of some malformed values encoded with quoted-printable (#3590) - Add possibility to do LDAP bind before searching for bind DN -- Fix handling of empty <U> tags in HTML messages (#1488225) -- Add content filter for embedded attachments to protect from XSS on IE [CVE-2012-1253] (#1487895) -- Use strpos() instead of strstr() when possible (#1488211) -- Fix handling HTML entities when converting HTML to text (#1488212) -- Fix fit_string_to_size() renders browser and ui unresponsive (#1488207) -- Fix handling of invalid characters in request (#1488124) -- Fix merging some configuration options in update.sh script (#1485864) -- Fix so TEXT key will remove all HEADER keys in IMAP SEARCH (#1488208) -- Fix handling contact photo url with https:// prefix (#1488202) -- Fix possible infinite redirect on attachment preview (#1488199) +- Fix handling of empty <U> tags in HTML messages (#3584) +- Add content filter for embedded attachments to protect from XSS on IE [CVE-2012-1253] (#3372) +- Use strpos() instead of strstr() when possible (#3581) +- Fix handling HTML entities when converting HTML to text (#3582) +- Fix fit_string_to_size() renders browser and ui unresponsive (#3577) +- Fix handling of invalid characters in request (#3536) +- Fix merging some configuration options in update.sh script (#2181) +- Fix so TEXT key will remove all HEADER keys in IMAP SEARCH (#3578) +- Fix handling contact photo url with https:// prefix (#3575) +- Fix possible infinite redirect on attachment preview (#3572) - Improved clickjacking protection for browsers which don't support X-Frame-Options headers -- Fixed bug where similar folder names were highlighted wrong (#1487860) -- Fixed bug in handling link with '!' character in it (#1488195) -- Fixed bug where session ID's length was limited to 40 characters (#1488196) +- Fixed bug where similar folder names were highlighted wrong (#3345) +- Fixed bug in handling link with '!' character in it (#3569) +- Fixed bug where session ID's length was limited to 40 characters (#3570) - TinyMCE security issue: removed moxieplayer (embedding flv and mp4 is not supported anymore) RELEASE 0.7-beta ---------------- -- Fix handling of HTML form elements in messages (#1485137) -- Fix regression in setting recipient to self when replying to a Sent message (#1487074) -- Fix listing of folders in hidden namespaces (#1486796) -- Don't consider \Noselect flag when building folders tree (#1488004) -- Fix sorting autocomplete results (#1488084) -- Add option to set session name (#1486433) +- Fix handling of HTML form elements in messages (#1604) +- Fix regression in setting recipient to self when replying to a Sent message (#3101) +- Fix listing of folders in hidden namespaces (#2895) +- Don't consider \Noselect flag when building folders tree (#3448) +- Fix sorting autocomplete results (#3504) +- Add option to set session name (#2630) - Add option to skip alternative email addresses in autocompletion - Fix inconsistent behaviour of Compose button in Drafts folder, add Edit button for drafts -- Fix problem with parsing HTML message body with non-unicode characters (#1487813) -- Add option to define matching method for addressbook search (#1486564, #1487907) +- Fix problem with parsing HTML message body with non-unicode characters (#3312) +- Add option to define matching method for addressbook search (#2720, #3378) - Make email recipients separator configurable - Fix so folders with \Noinferiors attribute aren't listed in parent selector -- Fix handling of curly brackets in URLs (#1488168) -- Fix handling of dates (birthday/anniversary) in contact data (#1488147) -- Fix error on opening searched LDAP contact (#1488144) -- Fix redundant line break in flowed format (#1488146) -- Fix IDN address validation issue (#1488137) -- Fix JS error when dst_active checkbox doesn't exist (#1488133) -- Autocomplete LDAP records when adding contacts from mail (#1488073) -- Plugin API: added 'ready' hook (#1488063) -- Ignore DSN request when it isn't supported by SMTP server (#1487800) -- Make sure LDAP name fields aren't arrays (#1488108) -- Fixed imap test to non-default port when using ssl (#1488118) -- Force all files to be overwritten when updating (#1488117) -- Fix issue where it wasn't possible to change list view mode in folder manager for INBOX (#1488107) -- Fix namespace handling in special folders settings (#1488112) -- Disable time limit for CLI scripts (#1488109) -- Fix misleading display when chaning editor type (#1488104) +- Fix handling of curly brackets in URLs (#3555) +- Fix handling of dates (birthday/anniversary) in contact data (#3552) +- Fix error on opening searched LDAP contact (#3550) +- Fix redundant line break in flowed format (#3551) +- Fix IDN address validation issue (#3544) +- Fix JS error when dst_active checkbox doesn't exist (#3540) +- Autocomplete LDAP records when adding contacts from mail (#3498) +- Plugin API: added 'ready' hook (#3492) +- Ignore DSN request when it isn't supported by SMTP server (#3300) +- Make sure LDAP name fields aren't arrays (#3523) +- Fixed imap test to non-default port when using ssl (#3532) +- Force all files to be overwritten when updating (#3531) +- Fix issue where it wasn't possible to change list view mode in folder manager for INBOX (#3522) +- Fix namespace handling in special folders settings (#3527) +- Disable time limit for CLI scripts (#3524) +- Fix misleading display when chaning editor type (#3519) - Add loading indicator on contact delete -- Fix bug where after delete message rows can be added to the list of another folder (#1487752) +- Fix bug where after delete message rows can be added to the list of another folder (#3263) - Add notice on autocompletion that not all records were displayed - Add option 'searchonly' for LDAP address books - Add Priority filter to the messages list - Cache synchronization using QRESYNC/CONDSTORE -- Trigger 'new_messages' hook for all checked folders (#1488083) +- Trigger 'new_messages' hook for all checked folders (#3503) - Make date/time format user configurable; drop 'date_today' config option -- Fix setting title for truncated subject in IE (#1487128) -- Fix displaying multipart/alternative messages with only one part (#1487938) +- Fix setting title for truncated subject in IE (#3141) +- Fix displaying multipart/alternative messages with only one part (#3400) - Rewritten messages caching: Indexes are stored in a separate table, so there's no need to store all messages in a folder Added threads data caching @@ -1022,648 +1043,648 @@ - Improved FETCH response handling - Improvements in response tokenization method - Use 'From' and 'To' labels instead of 'Sender' and 'Recipient' -- Fix username case-insensitivity issue in MySQL (#1488021) +- Fix username case-insensitivity issue in MySQL (#3462) - Addressbook Saved Searches - Added spellchecker exceptions dictionary (shared or per-user) - Added possibility to ignore words containing caps, numbers, symbols (spellcheck_ignore_* options) -- Added 'priority' column on messages list (#1486782) -- Localize forwarded message header (#1488058) +- Added 'priority' column on messages list (#2884) +- Localize forwarded message header (#3487) RELEASE 0.6 ----------- -- Fix bug where the last identity is used on reply (#1488101) -- Fix locked folder rename option on servers supporting RFC2086 only (#1488089) +- Fix bug where the last identity is used on reply (#3516) +- Fix locked folder rename option on servers supporting RFC2086 only (#3508) - Fix session race conditions when composing new messages -- Fix encoding of LDAP contacts identifiers (#1488079) +- Fix encoding of LDAP contacts identifiers (#3501) - jQuery 1.6.4 -- Fix handling of binary attachments encoded with quoted-printable (#1488065) -- Fix text-overflow:ellipsis issues on messages list in FF7 and Webkit (#1488061) +- Fix handling of binary attachments encoded with quoted-printable (#3494) +- Fix text-overflow:ellipsis issues on messages list in FF7 and Webkit (#3490) - Fix handling of links with IP address -- Fix compacting folder resets message list filter (#1488076) +- Fix compacting folder resets message list filter (#3499) RELEASE 0.6-rc ---------------- -- Send X-Frame-Options headers to protect from clickjacking (#1487037) -- Fallback to mail_domain in LDAP variable replacements; added 'host' to 'user_create' hook arguments (#1488024) -- Fixed wrong vCard type parameter mobile (#1488067) -- Fixed vCard WORKFAX issue (#1488046) -- Add vCard's Profile URL support (#1488062) +- Send X-Frame-Options headers to protect from clickjacking (#3079) +- Fallback to mail_domain in LDAP variable replacements; added 'host' to 'user_create' hook arguments (#3464) +- Fixed wrong vCard type parameter mobile (#3496) +- Fixed vCard WORKFAX issue (#3476) +- Add vCard's Profile URL support (#3491) - jQuery 1.6.3 -- Fix imap_cache setting to values other than 'db' (#1488060) -- Fix handling of attachments inside message/rfc822 parts (#1488026) -- Make list of mimetypes that open in preview window configurable (#1487625) +- Fix imap_cache setting to values other than 'db' (#3489) +- Fix handling of attachments inside message/rfc822 parts (#3466) +- Make list of mimetypes that open in preview window configurable (#3175) - Added plugin hook 'message_part_get' for attachment downloads - Added unique connection identifier to IMAP debug messages - Fix image type check for contact photo uploads RELEASE 0.6-beta ---------------- -- Fixed selecting identity on reply/forward (#1487981) +- Fixed selecting identity on reply/forward (#3434) - Add option to hide selected LDAP addressbook on the list - Add client-side checking of uploaded files size -- Add newlines between organization, department, jobtitle (#1488028) -- Recalculate date when replying to a message and localize the cite header (#1487675) -- Fix handling of email addresses with quoted local part (#1487939) -- Fix EOL character in vCard exports (#1487873) +- Add newlines between organization, department, jobtitle (#3468) +- Recalculate date when replying to a message and localize the cite header (#3212) +- Fix handling of email addresses with quoted local part (#3401) +- Fix EOL character in vCard exports (#3357) - Added optional "multithreading" autocomplete feature - Plugin API: Added 'config_get' hook -- Fixed new_user_identity plugin to work with updated rcube_ldap class (#1487994) +- Fixed new_user_identity plugin to work with updated rcube_ldap class (#3443) - Plugin API: added folder_delete and folder_rename hooks - Added possibility to undo last contact delete operation -- Fix sorting of contact groups after group create (#1487747) -- Add optional textual upload progress indicator (#1486039) -- Fix parsing URLs containing commas (#1487970) -- Added vertical splitter for books/groups list in addressbook (#1487923) +- Fix sorting of contact groups after group create (#3258) +- Add optional textual upload progress indicator (#2330) +- Fix parsing URLs containing commas (#3425) +- Added vertical splitter for books/groups list in addressbook (#3389) - Improved namespace roots handling in folder manager - Added searching in all addressbook sources - Added addressbook source selection in contacts import - Implement LDAPv3 Virtual List View (VLV) for paged results listing -- Use 'address_template' config option when adding a new address block (#1487944) +- Use 'address_template' config option when adding a new address block (#3406) - Added addressbook advanced search - Add popup with basic fields selection for addressbook search -- Case-insensitive matching in autocompletion (#1487933) -- Added option to force spellchecking before sending a message (#1485458) -- Fix handling of "<" character in contact data, search fields and folder names (#1487864) -- Fix saving "<" character in identity name and organization fields (#1487864) +- Case-insensitive matching in autocompletion (#3398) +- Added option to force spellchecking before sending a message (#1862) +- Fix handling of "<" character in contact data, search fields and folder names (#3349) +- Fix saving "<" character in identity name and organization fields (#3349) - Added option to specify to which address book add new contacts - Added plugin hook for keep-alive requests - Store user preferences in session when write-master is not available and session is stored in memcache, write them later - Improve performence of folder manager operations -- Fix default_port option handling in Installer when config.inc.php file exists (#1487925) +- Fix default_port option handling in Installer when config.inc.php file exists (#3390) - Removed option focus_on_new_message, added newmail_notifier plugin - Added general rcube_cache class with Memcache and APC support - Improved caching performance by skipping writes of unchanged data - Option enable_caching replaced by imap_cache and messages_cache options -- Fix WORKFAX saving in address book (#1487910) +- Fix WORKFAX saving in address book (#3380) - Add forward-as-attachment feature -- jQuery-1.6.2 (#1487913, #1487144) -- Improve display name composition when saving contacts (#1487143) -- Fix problems with subfolders of INBOX folder on some IMAP servers (#1487725) -- Fix handling of folders that doesn't belong to any namespace (#1487637) -- Enable multiselection for attachments uploading in capable browsers (#1485969) +- jQuery-1.6.2 (#5158, #3154) +- Improve display name composition when saving contacts (#3153) +- Fix problems with subfolders of INBOX folder on some IMAP servers (#3247) +- Fix handling of folders that doesn't belong to any namespace (#3184) +- Enable multiselection for attachments uploading in capable browsers (#2266) - Add possibility to change HTML editor configuration by skin -- Fix a bug where selecting too many contacts would produce too large URI request (#1487892) -- Improve performance by including files with absolute path (#1487849) -- Move folder name truncation to client/skin (#1485412) +- Fix a bug where selecting too many contacts would produce too large URI request (#3369) +- Improve performance by including files with absolute path (#3337) +- Move folder name truncation to client/skin (#1822) - Added plugin hook for request token creation -- Replace LDAP vars in group queries (#1487837) -- Fix vcard folding with uncode characters (#1487868) -- Keep all submitted data if contact form validation fails (#1487865) -- Handle uncode strings in rcube_addressbook::normalize_string() (#1487866) -- Fix handling of debug_level=4 in ajax requests (#1487831) -- Enable TinyMCE's contextmenu (#1487014) +- Replace LDAP vars in group queries (#3329) +- Fix vcard folding with uncode characters (#3353) +- Keep all submitted data if contact form validation fails (#3350) +- Handle uncode strings in rcube_addressbook::normalize_string() (#3351) +- Fix handling of debug_level=4 in ajax requests (#3327) +- Enable TinyMCE's contextmenu (#3062) - Allow multiple concurrent compose sessions - New config option for custom logo - Allow skins to define/override texts with <roundcube:label /> - Add simple ACL rights/namespace handling in folder manager -- Force IE to send referers (#1487806) -- Better display of vcard import results (#1485457) +- Force IE to send referers (#3306) +- Better display of vcard import results (#1861) - Improved vcard import - Interactive update script with improved DB schema check - Fix problem with contactgroupmembers table creation on MySQL 4.x, add index on contact_id column -- Add LDAP SASL bind and proxy authentication (#1486692) -- Replying to a sent message puts the old recipient as the new recipient (#1487074) +- Add LDAP SASL bind and proxy authentication (#2810) +- Replying to a sent message puts the old recipient as the new recipient (#3101) - Fulltext search over (almost) all data for contacts - Extend address book with rich contact information RELEASE 0.5.4 ------------- -- Fix XSS vulnerability in UI messages [CVE-2011-2937] (#1488030) +- Fix XSS vulnerability in UI messages [CVE-2011-2937] (#3469) RELEASE 0.5.3 ------------- -- Fix identities "reply-to" and "bcc" fields have a bogus value when left empty (#1487943) -- Fix issue which cases IMAP disconnection when encrypt() method was used (#1487900) +- Fix identities "reply-to" and "bcc" fields have a bogus value when left empty (#3405) +- Fix issue which cases IMAP disconnection when encrypt() method was used (#3374) - Fix some CSS issues in Settings for Internet Explorer - Fixed handling of folder with name "0" in folder selector -- Fix bug where messages were deleted instead moved to trash folder after Shift key was used (#1487902) -- Fix relative URLs handling according to a <base> in HTML (#1487889) -- Fix handling of top-level domains with more than 5 chars or unicode chars (#1487883) -- Fix usage of non-standard HTTP error codes (#1487797) -- Fix PHP warning on mistaken in_array() usage (#1487901) +- Fix bug where messages were deleted instead moved to trash folder after Shift key was used (#3376) +- Fix relative URLs handling according to a <base> in HTML (#3368) +- Fix handling of top-level domains with more than 5 chars or unicode chars (#3366) +- Fix usage of non-standard HTTP error codes (#3297) +- Fix PHP warning on mistaken in_array() usage (#3375) RELEASE 0.5.2 ------------- - TinyMCE 3.4.2 now compatible with IE9 -- PEAR::Net_SMTP 1.5.2, fixed timeout issue (#1487843) +- PEAR::Net_SMTP 1.5.2, fixed timeout issue (#3332) - Fix bug where template name without plugin prefix was used in render_page hook - Support 'abort' and 'result' response in 'preferences_save' hook, add error handling -- Fix bug where some content would cause hang on html2text conversion (#1487863) -- Improve space-stuffing handling in format=flowed messages (#1487861) -- Fix bug where some dates would produce SQL error in MySQL (#1487856) -- Added workaround for some IMAP server with broken STATUS response (#1487859) -- Fix bug where default_charset was not used for text messages (#1487836) -- Stateless request tokens. No keep-alive necessary on login page (#1487829) +- Fix bug where some content would cause hang on html2text conversion (#3348) +- Improve space-stuffing handling in format=flowed messages (#3346) +- Fix bug where some dates would produce SQL error in MySQL (#3342) +- Added workaround for some IMAP server with broken STATUS response (#3344) +- Fix bug where default_charset was not used for text messages (#3328) +- Stateless request tokens. No keep-alive necessary on login page (#3325) - Force names of unique constraints in PostgreSQL DDL - Add code for prevention from IMAP connection hangs when server closes socket unexpectedly - Remove redundant DELETE query (for old session deletion) on login -- Get around unreliable rand() and mt_rand() in session ID generation (#1486281) -- Fix some emails are not shown using Cyrus IMAP (#1487820) -- Fix handling of mime-encoded words with non-integral number of octets in a word (#1487801) -- Fix parsing links with non-printable characters inside (#1487805) -- Fixed de_CH Localization bugs (#1487773) -- Add variable for 'Today' label in date_today option (#1486120) -- Fix dont_override setting does not override existing user preferences (#1487664) +- Get around unreliable rand() and mt_rand() in session ID generation (#2516) +- Fix some emails are not shown using Cyrus IMAP (#3316) +- Fix handling of mime-encoded words with non-integral number of octets in a word (#3301) +- Fix parsing links with non-printable characters inside (#3305) +- Fixed de_CH Localization bugs (#3279) +- Add variable for 'Today' label in date_today option (#2394) +- Fix dont_override setting does not override existing user preferences (#3205) - Use only one from IMAP authentication methods to prevent login delays (1487784) - Support strftime format in date_today option - Fix SQL query in rcube_user::query() so it uses index on MySQL again - Removed redundant </form> tags from contact add/edit pages -- Fix CSS error in contact details screen on IE7 (#1487775) +- Fix CSS error in contact details screen on IE7 (#3281) RELEASE 0.5.1 ------------- -- Fix handling of attachments with invalid content type (#1487767) -- Add workaround for DBMail's bug http://www.dbmail.org/mantis/view.php?id=881 (#1487766) +- Fix handling of attachments with invalid content type (#3275) +- Add workaround for DBMail's bug http://www.dbmail.org/mantis/view.php?id=881 (#3274) - Use IMAP's ID extension (RFC2971) to print more info into debug log - Security: add optional referer check to prevent CSRF in GET requests -- Fix email_dns_check setting not used for identities/contacts (#1487740) -- Fix ICANN example addresses doesn't validate (#1487742) +- Fix email_dns_check setting not used for identities/contacts (#3251) +- Fix ICANN example addresses doesn't validate (#3253) - Security: protect login form submission from CSRF [CVE-2011-1491] - Security: prevent from relaying malicious requests through modcss.inc [CVE-2011-1492] -- Fix handling of non-image attachments in multipart/related messages (#1487750) -- Fix IDNA support when IDN/INTL modules are in use (#1487742) -- Fix handling of invalid HTML comments in messages (#1487759) -- Fix parsing FETCH response for very long headers (#1487753) -- Fix add/remove columns in message list when message_sort_order isn't set (#1487751) -- Check mime headers before attempt to parse them (#1487745) -- Quote header values in show_additional_headers plugin (#1487744) -- Fix settings UI on IE 6 (#1487724) -- Remove double borders in folder listing (#1487713) -- Separate full message headers UI element from headers table (#1487715) -- Add part MIME ID to message_part_* hooks (#1487718) -- Improve parsing of MS Outlook vCards (#1487716) +- Fix handling of non-image attachments in multipart/related messages (#3261) +- Fix IDNA support when IDN/INTL modules are in use (#3253) +- Fix handling of invalid HTML comments in messages (#3269) +- Fix parsing FETCH response for very long headers (#3264) +- Fix add/remove columns in message list when message_sort_order isn't set (#3262) +- Check mime headers before attempt to parse them (#3256) +- Quote header values in show_additional_headers plugin (#3255) +- Fix settings UI on IE 6 (#3246) +- Remove double borders in folder listing (#3236) +- Separate full message headers UI element from headers table (#3238) +- Add part MIME ID to message_part_* hooks (#3241) +- Improve parsing of MS Outlook vCards (#3239) - Updated PEAR::Net_Socket to 1.0.10 - Updated PEAR::Net_IDNA2 to 0.1.1 -- Fix handling of comments inside an email address spec. (#1487673) -- Show full mail subject as title when hovering a cut subject link (#1487128) -- Fix randomly disappearing folders list in IE (#1487704) -- Fix list column add/removal in IE (#1487703) -- Fix login redirect issues (#1487686) +- Fix handling of comments inside an email address spec. (#3210) +- Show full mail subject as title when hovering a cut subject link (#3141) +- Fix randomly disappearing folders list in IE (#3231) +- Fix list column add/removal in IE (#3230) +- Fix login redirect issues (#3221) - Require PHP 5.2.1 or greater -- Fix %h/%z variables in username_domain option (#1487701) -- Workaround for setting charset in case of malformed bodystructure response (#1487700) -- Fix impossible to subscribe to protected folders (#1487656) -- Fix setting timezone in Preferences (#1487705) +- Fix %h/%z variables in username_domain option (#3228) +- Workaround for setting charset in case of malformed bodystructure response (#3227) +- Fix impossible to subscribe to protected folders (#3199) +- Fix setting timezone in Preferences (#3232) RELEASE 0.5 ----------- -- Fix double-login/session issue (#1487104) -- Wrap HTML parts with <html><body> and add Doctype declaration (#1487098) -- Make rcube_autoload silently skip unknown classes (#1487109) -- Fix charset detection in vcards with encoded values (#1485542) -- Better CSS cursors for splitters (#1486874) -- Show the same message only once (#1487641) -- Fix namespaces handling (#1487649) +- Fix double-login/session issue (#3124) +- Wrap HTML parts with <html><body> and add Doctype declaration (#3119) +- Make rcube_autoload silently skip unknown classes (#3128) +- Fix charset detection in vcards with encoded values (#1934) +- Better CSS cursors for splitters (#2954) +- Show the same message only once (#3186) +- Fix namespaces handling (#3192) - Add handling of multifolder METADATA/ANNOTATION responses -- Fix handling of INBOX when personal namespace prefix is non-empty (#1487657) -- Fix handling square brackets in links (#1487672) +- Fix handling of INBOX when personal namespace prefix is non-empty (#3200) +- Fix handling square brackets in links (#3209) - Add description of 'use_https' option in main.inc.php.dist file RELEASE 0.5-RC -------------- -- Plugin API: Add 'pass' argument in 'authenticate' hook (#1487134) +- Plugin API: Add 'pass' argument in 'authenticate' hook (#3147) - Fix attachments of type message/rfc822 are not listed on attachments list -- Add 'login_lc' config option for case-insensitive authentication (#1487113) -- Fix window is blur'ed in IE when selecting a message (#1487316) -- Fix cursor position on compose form in Webkit browsers (#1486674) -- Fix setting charset of attachment filenames (#1487122) -- Allow setting autocomplete attribute for all inputs separately (#1487313) +- Add 'login_lc' config option for case-insensitive authentication (#3131) +- Fix window is blur'ed in IE when selecting a message (#3161) +- Fix cursor position on compose form in Webkit browsers (#2796) +- Fix setting charset of attachment filenames (#3136) +- Allow setting autocomplete attribute for all inputs separately (#3158) - New Folder Manager UI -- Fix invalid Request when creating a folder (#1487443) -- Add folder size and quota indicator in folder manager (#1485780) -- Add possibility to move a subfolder into root folder (#1486791) +- Fix invalid Request when creating a folder (#3165) +- Add folder size and quota indicator in folder manager (#2112) +- Add possibility to move a subfolder into root folder (#2890) - Fix copying all messages in a folder copies only messages from current page - Improve performance of moving or copying of all messages in a folder -- Fix plaintext versions of HTML messages don't contain placeholders for emotions (#1485206) +- Fix plaintext versions of HTML messages don't contain placeholders for emotions (#1657) - Improve performance of folder rename and delete actions -- Better support for READ-ONLY and NOPERM responses handling (#1487083) +- Better support for READ-ONLY and NOPERM responses handling (#3108) - Add confirmation message on purge/expunge command response -- Fix handling of untagged responses for AUTHENTICATE command (#1487450) -- Add username and IP address to log message on unsuccessful login (#1487626) +- Fix handling of untagged responses for AUTHENTICATE command (#3171) +- Add username and IP address to log message on unsuccessful login (#3176) - Improved Mail-Followup-To and Mail-Reply-To headers handling -- Fix charset conversion for text attachments without charset specification (#1487634) +- Fix charset conversion for text attachments without charset specification (#3181) RELEASE 0.5-BETA ---------------- -- Make session data storage more robust against garbage session data (#1487136) +- Make session data storage more robust against garbage session data (#3148) - Config option for autocomplete on login screen -- Allow plugin templates to include local files (#1487133) -- List groups in address detail view and allow to subscribe/unsubscribe from there (#1486753) -- Messages caching: performance improvements, fixed syncing, fixes related with #1486748 -- Add link to identities in compose window (#1486729) -- Add Internationalized Domain Name (IDNA) support (#1483894) -- Add option to automatically send read notifications for known senders (#1485883) -- Add option to "Return receipt" will be always checked (#1486352) -- Fix HTML to plain text conversion doesn't handle citation blocks (#1486921) -- Use custom sorting when SORT is disabled by IMAP admin (#1486959) -- Allow setting some washtml options from plugin (#1486578) -- Add option do bind for an individual LDAP address book (#1486997) -- Change reply prefix to display email address only if sender name doesn't exist (#1486550) -- Plugin API: improved 'abort' flag handling, added 'result' item in some hooks (#1486914) -- Fix mailto optional params in plain text messages aren't handled (#1487026) -- Add Reply-to-List feature (#1484252) -- Add Mail-Followup-To/Mail-Reply-To support (#1485547) -- Fix confirmation message isn't displayed after sending mail on Chrome (#1486177) -- Fix keyboard doesn't work with autocomplete list with Chrome (#1487029) -- Improve tabs to fixed width and add tabs in identities info (#1486974) +- Allow plugin templates to include local files (#3146) +- List groups in address detail view and allow to subscribe/unsubscribe from there (#2862) +- Messages caching: performance improvements, fixed syncing, fixes related with #2857 +- Add link to identities in compose window (#2843) +- Add Internationalized Domain Name (IDNA) support (#729) +- Add option to automatically send read notifications for known senders (#2199) +- Add option to "Return receipt" will be always checked (#2571) +- Fix HTML to plain text conversion doesn't handle citation blocks (#2992) +- Use custom sorting when SORT is disabled by IMAP admin (#3020) +- Allow setting some washtml options from plugin (#2727) +- Add option do bind for an individual LDAP address book (#3048) +- Change reply prefix to display email address only if sender name doesn't exist (#2709) +- Plugin API: improved 'abort' flag handling, added 'result' item in some hooks (#2988) +- Fix mailto optional params in plain text messages aren't handled (#3071) +- Add Reply-to-List feature (#977) +- Add Mail-Followup-To/Mail-Reply-To support (#1937) +- Fix confirmation message isn't displayed after sending mail on Chrome (#2437) +- Fix keyboard doesn't work with autocomplete list with Chrome (#3073) +- Improve tabs to fixed width and add tabs in identities info (#3030) - Add unique index on users.username+users.mail_host -- Make htmleditor option more consistent and add option to use HTML on reply to HTML message (#1485840) +- Make htmleditor option more consistent and add option to use HTML on reply to HTML message (#2164) - Use empty envelope sender address for message disposition notifications (RFC 2298.3) -- Support SMTP Delivery Status Notifications - RFC 3461 (#1486142) +- Support SMTP Delivery Status Notifications - RFC 3461 (#2409) - Use css sprite image for messages list -- Add (different) attachment icon for messages of type multipart/report (#1486165) -- Prevent from inserting empty link when composing HTML message (#1486944) -- Add caching support in id2uid and uid2id functions (#1487019) -- Add SASL proxy authentication for SMTP (#1486693) -- Improve displaying of UI messages (#1486977) -- Fix double e-mail filed in identity form (#1487054) -- Display IMAP errors for LIST/THREAD/SEARCH commands (#1486905) +- Add (different) attachment icon for messages of type multipart/report (#2426) +- Prevent from inserting empty link when composing HTML message (#3007) +- Add caching support in id2uid and uid2id functions (#3065) +- Add SASL proxy authentication for SMTP (#2811) +- Improve displaying of UI messages (#3033) +- Fix double e-mail filed in identity form (#3088) +- Display IMAP errors for LIST/THREAD/SEARCH commands (#2981) - Add LITERAL+ (IMAP4 non-synchronizing literals) support (RFC 2088) -- Add separate column for message status icon (#1486665) +- Add separate column for message status icon (#2788) - Add ACL extension support into IMAP classes (RFC 4314) - Add ANNOTATEMORE extension support into IMAP classes (draft-daboo-imap-annotatemore) - Add METADATA extension support into IMAP classes (RFC 5464) -- Fix decoding of e-mail address strings in message headers (#1487068) -- Fix handling of attachments when Content-Disposition is not inline nor attachment (#1487051) -- Improve performance of unseen messages counting (#1487058) +- Fix decoding of e-mail address strings in message headers (#3097) +- Fix handling of attachments when Content-Disposition is not inline nor attachment (#3086) +- Improve performance of unseen messages counting (#3090) - Improve performance of messages counting using ESEARCH extension (RFC4731) - Add LIST-STATUS support in rcube_imap_generic class (RFC 5819) - Add SASL-IR support in IMAP (RFC 4959) - Add LOGINDISABLED support (RFC 2595) - Add support for AUTH=PLAIN in IMAP authentication - Re-implemented SMTP proxy authentication support -- Add support for IMAP proxy authentication (#1486690) +- Add support for IMAP proxy authentication (#2808) - Add support for AUTH=DIGEST-MD5 in IMAP (RFC 2831) -- Fix parent folder with unread subfolder not bold when message is open (#1487078) +- Fix parent folder with unread subfolder not bold when message is open (#3104) - Add basic IMAP LIST's \Noselect option support - Add support for selection options from LIST-EXTENDED extension (RFC 5258) -- Don't list subscribed but non-existent folders (#1486225) -- Fix handling of URLs with tilde (~) or semicolon (;) character (#1487087, #1487088) +- Don't list subscribed but non-existent folders (#2474) +- Fix handling of URLs with tilde (~) or semicolon (;) character (#3110, #3111) - Plugin API: added 'contact_form' hook - Add SORT=DISPLAY support (RFC 5957) - Plugin API: add possibility to disable plugin in AJAX mode, 'noajax' property - Plugin API: add possibility to disable plugin in framed mode, 'noframe' property - Improve performance of setting IMAP flags using .SILENT suffix - Improve performance of message cache status checking with skip_disabled=true -- Support contact's email addresses up to 255 characters long (#1487095) -- Add option to place replies in the folder of the message being replied to (#1485945) -- Add missing confirmation/error messages on contact/group/message actions (#1486845) +- Support contact's email addresses up to 255 characters long (#3116) +- Add option to place replies in the folder of the message being replied to (#2248) +- Add missing confirmation/error messages on contact/group/message actions (#2935) - Add 'loading' message on message move/copy/delete/mark actions -- Improve responsiveness of messages displaying (#1486986) -- Add option for minimum length of autocomplete's string (#1486428) -- Fix operations on messages in unsubscribed folder (#1487107) -- Add support for shared folders (#1403507) -- Fix handling of folders with name "0" (#1487119) +- Improve responsiveness of messages displaying (#3039) +- Add option for minimum length of autocomplete's string (#2625) +- Fix operations on messages in unsubscribed folder (#3126) +- Add support for shared folders (#525) +- Fix handling of folders with name "0" (#3133) - Fix handling of folders with "<>" characters in name - jQuery 1.4.4 - Fix handling of HTML entity strings in plain text messages -- Fix focused elements aren't unfocused when clicking on the list (#1487123) -- Fix error in MSSQL DDL scripts (#1487112) -- Lock submit button in onsubmit event on login page (#1487036) -- Don't set attachment's charset in Content-type header (#1487122) -- Fix handling of message bodies (quoted-printable encoded) with NULL characters (#1486189) +- Fix focused elements aren't unfocused when clicking on the list (#3137) +- Fix error in MSSQL DDL scripts (#3130) +- Lock submit button in onsubmit event on login page (#3078) +- Don't set attachment's charset in Content-type header (#3136) +- Fix handling of message bodies (quoted-printable encoded) with NULL characters (#2448) - Add workaround for MSOE's multipart/related messages with non-related attachments RELEASE 0.4.2 ------------- - Fix handling of backslash as IMAP delimiter -- Fix charset replacement in HTML message bodies (#1487021) +- Fix charset replacement in HTML message bodies (#3067) - Fix: contact group input is empty when using rename action more than once on the same group record -- Fix "Server Error! (Not Found)" when using utils/save-pref action (#1487023) -- Fix handling of Thunderbird's vCards (#1487024) +- Fix "Server Error! (Not Found)" when using utils/save-pref action (#3069) +- Fix handling of Thunderbird's vCards (#3070) RELEASE 0.4.1 ------------- -- Fix space-stuffing in format=flowed messages (#1487018) +- Fix space-stuffing in format=flowed messages (#3064) - Fix msgexport.sh now using the new imap wrapper -- Avoid displaying password on shell (#1486947) -- Only lower-case user name if first login attempt failed (#1486393) -- Make alias setting in squirrelmail_usercopy plugin configurable (patch by pommi, #1487007) -- Prevent from saving a non-existing skin path in user prefs (#1486936) -- Improve handling of single-part messages with bogus BODYSTRUCTURE (#1486898) -- Fix path to SQL files when using pgsql/mysqli/sqlsrv drivers (#1486902) -- Fix upgrade script for SQLite (#1486903) +- Avoid displaying password on shell (#3010) +- Only lower-case user name if first login attempt failed (#2600) +- Make alias setting in squirrelmail_usercopy plugin configurable (patch by pommi, #3056) +- Prevent from saving a non-existing skin path in user prefs (#3004) +- Improve handling of single-part messages with bogus BODYSTRUCTURE (#2976) +- Fix path to SQL files when using pgsql/mysqli/sqlsrv drivers (#2979) +- Fix upgrade script for SQLite (#2980) - Fixes in SQL init script + added update script for MSSQL database -- Remove redundant date in syslog messages (#1486945) -- Fix contacts list page controls when a group is selected (#1486946) -- Fix SMTP test in Installer (#1486952) -- Fix "Select all" causes message to be opened in folder with exactly one message (#1486913) -- Fix Tab key doesn't work in HTML editor in Google Chrome (#1486925) -- Fix TinyMCE uses zh_CN when zh_TW locale is set (#1486929) -- Fix TinyMCE buttons are hidden in Opera (#1486922) -- Fix JS error on IE when trying to send HTML message with enabled spellchecker (#1486940) -- Display inline images with known extensions and non-image content-type (#1486934) -- Fix "Threaded" checkbox after subfolder creation (#1486928) -- Fix timezone string in sent mail (#1486961) -- Show disabled checkboxes for protected folders instead of dots (#1485498) +- Remove redundant date in syslog messages (#3008) +- Fix contacts list page controls when a group is selected (#3009) +- Fix SMTP test in Installer (#3014) +- Fix "Select all" causes message to be opened in folder with exactly one message (#2987) +- Fix Tab key doesn't work in HTML editor in Google Chrome (#2995) +- Fix TinyMCE uses zh_CN when zh_TW locale is set (#2998) +- Fix TinyMCE buttons are hidden in Opera (#2993) +- Fix JS error on IE when trying to send HTML message with enabled spellchecker (#3006) +- Display inline images with known extensions and non-image content-type (#3002) +- Fix "Threaded" checkbox after subfolder creation (#2997) +- Fix timezone string in sent mail (#3021) +- Show disabled checkboxes for protected folders instead of dots (#1898) - Added fieldsets in Identity form, added 'identity_form' hook -- Re-added 'Close' button in upload form (#1486930, #1486823) +- Re-added 'Close' button in upload form (#2999, #2917) - Fix handling of charsets with LATIN-* label -- Fix messages background image handling in some cases (#1486990) -- Fix format=flowed handling (#1486989) -- Fix when IMAP connection fails in 'get' action session shouldn't be destroyed (#1486995) -- Fix list_cols is not updated after column dragging (#1486999) -- Support %z variable in host configuration options (#1487003) +- Fix messages background image handling in some cases (#3043) +- Fix format=flowed handling (#3042) +- Fix when IMAP connection fails in 'get' action session shouldn't be destroyed (#3046) +- Fix list_cols is not updated after column dragging (#3050) +- Support %z variable in host configuration options (#3054) RELEASE 0.4 ----------- -- Fix disapearing upload form disapears when user selects a file on Safari (#1486823) -- Don't replace error messages with loading info (#1486300) -- Fix JS errors on compose mode switch (#1486870) -- Fix message structure parsing when it lacks optional fields (#1486881) +- Fix disapearing upload form disapears when user selects a file on Safari (#2917) +- Don't replace error messages with loading info (#2534) +- Fix JS errors on compose mode switch (#2952) +- Fix message structure parsing when it lacks optional fields (#2960) - Include all recipients in sendmail log -- Support HTTP_X_FORWARDED_PROTO header for HTTPS detecting (#1486866) -- Fix default IMAP port configuration (#1486864) -- Create Sent folder when starting to compose a new message (#1486802) -- Fix handling of messages with Content-Type: application/* and no filename (#1484050) +- Support HTTP_X_FORWARDED_PROTO header for HTTPS detecting (#2950) +- Fix default IMAP port configuration (#2948) +- Create Sent folder when starting to compose a new message (#2900) +- Fix handling of messages with Content-Type: application/* and no filename (#840) - Improved compose screen: resizable body and attachments list, vertical splitter, options menu -- Fix RC forgets search results (#1483883) +- Fix RC forgets search results (#722) - TinyMCE 3.3.7 -- Improve parsing of styled empty tags in HTML messages (#1486812) -- Add %dc variable support in base_dn/bind_dn config (#1486779) -- Add button to hide/unhide the preview pane (#1484215) -- Fix no-cache headers on https to prevent content caching by proxies (#1486798) -- Fix attachment filenames broken with TNEF decoder using long filenames (#1486795) -- Use user's timezone in Date header, not server's timezone (#1486119) -- Add option to set separate footer for HTML messages (#1486660) -- Add real SMTP error description to displayed error messages (#1485927) -- Fix some IMAP errors handling when opening the message (#1485443) -- Fix related parts aren't displayed when got mimetype other than image/* (#1486432) -- Multiple identity and database support for squirrelmail_usercopy plugin (#1486517) -- Support dynamic hostname (%d/%n) variables in configuration options (#1485438) -- Add 'messages_list' hook (#1486266) -- Add request* event triggers in http_post/http_request (#1486054) -- Fix use RFC-compliant line-delimiter when saving messages on IMAP (#1486712) -- Add 'imap_timeout' option (#1486760) +- Improve parsing of styled empty tags in HTML messages (#2908) +- Add %dc variable support in base_dn/bind_dn config (#2881) +- Add button to hide/unhide the preview pane (#955) +- Fix no-cache headers on https to prevent content caching by proxies (#2897) +- Fix attachment filenames broken with TNEF decoder using long filenames (#2894) +- Use user's timezone in Date header, not server's timezone (#2393) +- Add option to set separate footer for HTML messages (#2784) +- Add real SMTP error description to displayed error messages (#2233) +- Fix some IMAP errors handling when opening the message (#1848) +- Fix related parts aren't displayed when got mimetype other than image/* (#2629) +- Multiple identity and database support for squirrelmail_usercopy plugin (#2686) +- Support dynamic hostname (%d/%n) variables in configuration options (#1843) +- Add 'messages_list' hook (#2504) +- Add request* event triggers in http_post/http_request (#2340) +- Fix use RFC-compliant line-delimiter when saving messages on IMAP (#2828) +- Add 'imap_timeout' option (#2869) - Fix forwarding of messages with winmail attachments -- Fix handling of uuencoded attachments in message body (#1485839) -- Added list_mailboxes hook in rcube_imap::list_unsubscribed() (#1486668) -- Fix wrong message on file upload error (#1486725) -- Add support for data URI scheme [RFC2397] (#1486740) +- Fix handling of uuencoded attachments in message body (#2163) +- Added list_mailboxes hook in rcube_imap::list_unsubscribed() (#2791) +- Fix wrong message on file upload error (#2839) +- Add support for data URI scheme [RFC2397] (#2851) - Added 'actionbefore', 'actionafter', 'responsebefore', 'responseafter' events - Fix double-addition of e-mail domain to content ID in HTML images -- Read and send messages with format=flowed (#1484370), fixes word wrapping issues (#1486543) -- Fix duplicated attachments when forwarding a message (#1486487) -- Fix message/rfc822 attachments containing only attachments are not parsed properly (#1486743) -- Fix %00 character in winmail.dat attachments names (#1486738) -- Fix handling errors of folder deletion (#1486705) -- Parse untagged CAPABILITY response for LOGIN command (#1486742) +- Read and send messages with format=flowed (#1052), fixes word wrapping issues (#2703) +- Fix duplicated attachments when forwarding a message (#2670) +- Fix message/rfc822 attachments containing only attachments are not parsed properly (#2854) +- Fix %00 character in winmail.dat attachments names (#2850) +- Fix handling errors of folder deletion (#2821) +- Parse untagged CAPABILITY response for LOGIN command (#2853) - Renamed all php-cli scripts to use .sh extension - Some files from /bin + spellchecking actions moved to the new 'utils' task - Added thread tree icons -- Extend contact groups support (#1486682) -- Fix check-recent action issues and performance (#1486526) -- Fix messages order after checking for recent (#1484664) -- Fix autocomplete shows entries without email (#1486452) -- Fix listupdate event doesn't trigger on search response (#1486708) -- Fix select_all_mode value after selecting a message (#1486720) -- Set focus to editor on reply in HTML mode (#1486632) -- Fix composing in HTML jumps cursor to body instead of recipients (#1486674) -- Allow columns order change per user - drag&drop (#1485795) -- Add References header in read receipt (#1486681) -- Fix database constraint violation when opening a message (#1486696) -- Add 'loading' message while login is in progress (#1486667) -- Fix quota_zero_as_unlimited (#1486662) -- Fix folder subscription checking (#1486684) -- Fix INBOX appears (sometimes) twice in mailbox list (#1486672) -- Fix listing of attachments of some types e.g. "x-epoc/x-sisx-app" (#1486653) -- Fix DB Schema checking when some db_table_* options are not set (#1486654) +- Extend contact groups support (#2802) +- Fix check-recent action issues and performance (#2690) +- Fix messages order after checking for recent (#1249) +- Fix autocomplete shows entries without email (#2640) +- Fix listupdate event doesn't trigger on search response (#2824) +- Fix select_all_mode value after selecting a message (#2834) +- Set focus to editor on reply in HTML mode (#2768) +- Fix composing in HTML jumps cursor to body instead of recipients (#2796) +- Allow columns order change per user - drag&drop (#2124) +- Add References header in read receipt (#2801) +- Fix database constraint violation when opening a message (#2814) +- Add 'loading' message while login is in progress (#2790) +- Fix quota_zero_as_unlimited (#2786) +- Fix folder subscription checking (#2804) +- Fix INBOX appears (sometimes) twice in mailbox list (#2794) +- Fix listing of attachments of some types e.g. "x-epoc/x-sisx-app" (#2779) +- Fix DB Schema checking when some db_table_* options are not set (#2780) RELEASE 0.4-beta ---------------- -- Add sizelimit and timelimit variables in LDAP config (#1486544) -- Hide IMAP host dropdown when single host is defined (#1486326) -- Add images pre-loading on login page (#1451160) -- Add HTTP_X_REAL_IP and HTTP_X_FORWARDED_FOR to successful logins log (#1486441) -- Fix setting spellcheck languages with extended codes (#1486605) -- Fix messages list scrolling in FF3.6 (#1486472) -- Fix quicksearch input focus (#1486637) +- Add sizelimit and timelimit variables in LDAP config (#2704) +- Hide IMAP host dropdown when single host is defined (#2553) +- Add images pre-loading on login page (#623) +- Add HTTP_X_REAL_IP and HTTP_X_FORWARDED_FOR to successful logins log (#2634) +- Fix setting spellcheck languages with extended codes (#2747) +- Fix messages list scrolling in FF3.6 (#2657) +- Fix quicksearch input focus (#2770) - Always set changed date when flagging a DB record as deleted + provide a cleanup script -- Fix address book/group selection (#1486619) -- Assign newly created contacts to the active group (#1486626) -- Added option not to mark messages as read when viewed in preview pane (#1485012) -- Allow plugins modify the Sent folder when composing (#1486548) -- Added optional (max_recipients) support to restrict total number of recipients per message (#1484542) +- Fix address book/group selection (#2760) +- Assign newly created contacts to the active group (#2764) +- Added option not to mark messages as read when viewed in preview pane (#1513) +- Allow plugins modify the Sent folder when composing (#2708) +- Added optional (max_recipients) support to restrict total number of recipients per message (#1167) - Re-organize editor buttons, add blockquote and search buttons -- Make possible to write inside or after a quoted html message (#1485476) -- Fix bugs on unexpected IMAP connection close (#1486190, #1486270) +- Make possible to write inside or after a quoted html message (#1878) +- Fix bugs on unexpected IMAP connection close (#2449, #2507) - Iloha's imap.inc rewritten into rcube_imap_generic class - Added contact groups in address book (not finished yet) -- Added PageUp/PageDown/Home/End keys support on lists (#1486430) -- Added possibility to select all messages in a folder (#1484756) -- Added 'imap_force_caps' option for after-login CAPABILITY checking (#1485750) +- Added PageUp/PageDown/Home/End keys support on lists (#2627) +- Added possibility to select all messages in a folder (#1312) +- Added 'imap_force_caps' option for after-login CAPABILITY checking (#2087) - Password: Support dovecotpw encryption - TinyMCE 3.3.1 -- Implemented messages copying using drag&drop + SHIFT (#1484086) -- Improved performance of folders operations (#1486525) -- Fix blocked.gif attachment is not attached to the message (#1486516) +- Implemented messages copying using drag&drop + SHIFT (#863) +- Improved performance of folders operations (#2689) +- Fix blocked.gif attachment is not attached to the message (#2685) - Managesieve: import from Horde-INGO -- Managesieve: support for more than one match (#1486078) -- Managesieve: support for selectively disabling rules within a single sieve script (#1485882) +- Managesieve: support for more than one match (#2362) +- Managesieve: support for selectively disabling rules within a single sieve script (#2198) - Threaded message listing now available - Added sorting by ARRIVAL and CC - Message list columns configurable by the user - Removed 'index_sort' option, now we're using empty 'message_sort_col' for this -- virtuser_query: support other identity data (#1486148) +- virtuser_query: support other identity data (#2413) - Options virtuser_* replaced with virtuser_* plugins - Plugin API: Implemented 'email2user' and 'user2email' hooks -- Fix forwarding message omits CC header (#1486305) -- Add 'default_charset' option to user preferences (#1485451) +- Fix forwarding message omits CC header (#2538) +- Add 'default_charset' option to user preferences (#1855) - Add 'delete_always' option to user preferences - Support/Require tls:// prefix in 'smtp_server' option for TLS connections -- Fix inconsistent behaviour of 'delete_always' option (#1486299) -- Fix deleting all messages from last list page (#1486293) -- Flag original messages when sending a draft (#1486203) -- Changed signature separator when top-posting (#1486330) -- Let the admin define defaults for search modifiers (#1485897) -- Fix long e-mail addresses validation (#1486453) -- Remember search modifiers in user prefs (#1486146) -- Added force_7bit option to force MIME encoding of plain/text messages (#1486510) -- Use case sensitive check when checking for default folders (#1486346) -- Fix checking for new mail: now checks unseen count of inbox (#1485794) -- Improve performance by avoiding unnecessary updates to the session table (#1486325) -- Fix invalid <font> tags which cause HTML message rendering problems (#1486521) -- Fix CVE-2010-0464: Disable DNS prefetching (#1486449) -- Fix Received headers to behave better with SpamAssassin (#1486513) -- Password: Make passwords encoding consistent with core, add 'password_charset' global option (#1486473) -- Fix adding contacts SQL error on mysql (#1486459) -- Squirrelmail_usercopy: support reply-to field (#1486506) -- Fix IE spellcheck suggestion popup issue (#1486471) -- Fix email address auto-completion shows regexp pattern (#1486258) -- Fix merging of configuration parameters: user prefs always survive (#1486368) -- Fix quota indicator value after folder purge/expunge (#1486488) -- Fix external mailto links support for use as protocol handler (#1486037) -- Fix attachment excessive memory use, support messages of any size (#1484660) +- Fix inconsistent behaviour of 'delete_always' option (#2533) +- Fix deleting all messages from last list page (#2528) +- Flag original messages when sending a draft (#2458) +- Changed signature separator when top-posting (#2555) +- Let the admin define defaults for search modifiers (#2211) +- Fix long e-mail addresses validation (#2641) +- Remember search modifiers in user prefs (#2411) +- Added force_7bit option to force MIME encoding of plain/text messages (#2679) +- Use case sensitive check when checking for default folders (#2567) +- Fix checking for new mail: now checks unseen count of inbox (#2123) +- Improve performance by avoiding unnecessary updates to the session table (#2552) +- Fix invalid <font> tags which cause HTML message rendering problems (#2687) +- Fix CVE-2010-0464: Disable DNS prefetching (#2639) +- Fix Received headers to behave better with SpamAssassin (#2682) +- Password: Make passwords encoding consistent with core, add 'password_charset' global option (#2658) +- Fix adding contacts SQL error on mysql (#2645) +- Squirrelmail_usercopy: support reply-to field (#2678) +- Fix IE spellcheck suggestion popup issue (#2656) +- Fix email address auto-completion shows regexp pattern (#2498) +- Fix merging of configuration parameters: user prefs always survive (#2584) +- Fix quota indicator value after folder purge/expunge (#2671) +- Fix external mailto links support for use as protocol handler (#2328) +- Fix attachment excessive memory use, support messages of any size (#1245) - Fix setting task name according to auth state -- Password: fix vpopmaild driver (#1486478) -- Add workaround for MySQL bug [http://bugs.mysql.com/bug.php?id=46293] (#1486474) -- Fix quoted text wrapping when replying to an HTML email in plain text (#1484141) -- Fix handling of extended mailto links (with params) (#1486354) -- Fix sorting by date of messages without date header on servers without SORT (#1486286) -- Fix inconsistency when not using default table names (#1486467) -- Fix folder rename/delete buttons do not appear on creation of first folder (#1486468) -- Fix character set conversion fails on systems where iconv doesn't accept //IGNORE (#1486375) +- Password: fix vpopmaild driver (#2662) +- Add workaround for MySQL bug [http://bugs.mysql.com/bug.php?id=46293] (#2659) +- Fix quoted text wrapping when replying to an HTML email in plain text (#897) +- Fix handling of extended mailto links (with params) (#2573) +- Fix sorting by date of messages without date header on servers without SORT (#2521) +- Fix inconsistency when not using default table names (#2652) +- Fix folder rename/delete buttons do not appear on creation of first folder (#2653) +- Fix character set conversion fails on systems where iconv doesn't accept //IGNORE (#2590) - Log in performance: Create default folders on first login only - Import contacts into the selected address book (by Phil Weir) -- Add support for MDB2's 'sqlsrv' driver (#1486395) +- Add support for MDB2's 'sqlsrv' driver (#2602) - Use jQuery-1.4 - Removed problematic browser-caching of messages -- Fix incompatybility with suhosin.executor.disable_emodifier (#1486321) -- Use PLAIN auth when CRAM fails and imap_auth_type='check' (#1486371) -- Fix removal of <title> tag from HTML messages (#1486432) -- Fix 'force_https' to specified port when URL contains a port number (#1486411) -- Fix to-text converting of HTML entities inside b/strong/th/hX tags (#1486422) -- Bug in spellchecker suggestions when server charset != UTF8 (#1486406) -- Managesieve: Fix requires generation for multiple actions (#1486397) -- Fix LDAP problem with special characters in RDN (#1486320) +- Fix incompatybility with suhosin.executor.disable_emodifier (#2549) +- Use PLAIN auth when CRAM fails and imap_auth_type='check' (#2587) +- Fix removal of <title> tag from HTML messages (#2629) +- Fix 'force_https' to specified port when URL contains a port number (#2612) +- Fix to-text converting of HTML entities inside b/strong/th/hX tags (#2621) +- Bug in spellchecker suggestions when server charset != UTF8 (#2607) +- Managesieve: Fix requires generation for multiple actions (#2603) +- Fix LDAP problem with special characters in RDN (#2548) - Improved handling of message parts of type message/rfc822 - Plugin API: added 'quota' hook -- Fix parsing conditional comments in HTML messages (#1486350) +- Fix parsing conditional comments in HTML messages (#2569) - Use built-in json_encode() for proper JSON format in AJAX replies -- Allow setting only selected params in 'message_compose' hook (#1486312) -- Plugin API: added 'message_compose_body' hook (#1486285) -- Fix counters of all folders are checked in 'getunread' action with check_all_folders disabled (#1486128) -- Fix displaying alternative parts in messages of type message/rfc822 (#1486246) -- Fix possible messages exposure when using Roundcube behind a proxy (#1486281) -- Fix unicode para and line separators in javascript response (#1486310) -- Additional_message_headers: allow unsetting headers, support plugin's config file (#1486268) -- Fix displaying of hidden directories in skins list (#1486301) -- Fix open_basedir restriction error when reading skins list (#1486304) -- Fix pasting from Office apps into html editor (#1486271) -- Fix empty <a> tags parsing (#1486272) -- Don't cut off attachment names when using non-RFC2231 encoding (#1485515) -- Allow inserting signatures above replied message body (#1484272) +- Allow setting only selected params in 'message_compose' hook (#2543) +- Plugin API: added 'message_compose_body' hook (#2520) +- Fix counters of all folders are checked in 'getunread' action with check_all_folders disabled (#2399) +- Fix displaying alternative parts in messages of type message/rfc822 (#2488) +- Fix possible messages exposure when using Roundcube behind a proxy (#2516) +- Fix unicode para and line separators in javascript response (#2542) +- Additional_message_headers: allow unsetting headers, support plugin's config file (#2505) +- Fix displaying of hidden directories in skins list (#2535) +- Fix open_basedir restriction error when reading skins list (#2537) +- Fix pasting from Office apps into html editor (#2508) +- Fix empty <a> tags parsing (#2509) +- Don't cut off attachment names when using non-RFC2231 encoding (#1912) +- Allow inserting signatures above replied message body (#991) - Managesieve 2.0: multi-script support -- Fix imap_auth_type regression (#1486263) +- Fix imap_auth_type regression (#2502) RELEASE 0.3.1 ------------------ -- Specify toolbar container in compose template (#1486247) -- Fix $_SERVER['HTTPS'] check for SSL forcing on IIS (#1486243) -- Avoid unnecessary page loads for selected tab (#1486032) -- Fix quota indicator issues by content generation on client-size (#1486197, #1486220) -- Don't display disabled sections in Settings (#1486099) -- Added server-side e-mail address validation with 'email_dns_check' option (#1485857) -- Fix login page loading into an iframe when session expires (#1485952) -- Allow setting port number in 'force_https' option (#1486091) +- Specify toolbar container in compose template (#2489) +- Fix $_SERVER['HTTPS'] check for SSL forcing on IIS (#2486) +- Avoid unnecessary page loads for selected tab (#2324) +- Fix quota indicator issues by content generation on client-size (#2454, #2470) +- Don't display disabled sections in Settings (#2380) +- Added server-side e-mail address validation with 'email_dns_check' option (#2175) +- Fix login page loading into an iframe when session expires (#2253) +- Allow setting port number in 'force_https' option (#2373) - Option 'force_https' replaced by 'force_https' plugin -- Fix IE issue with non-UTF-8 characters in AJAX response (#1486159) -- Partially fixed "empty body" issue by showing raw body of malformed message (#1486166) -- Fix importing/sending to email address with whitespace (#1486214) +- Fix IE issue with non-UTF-8 characters in AJAX response (#2422) +- Partially fixed "empty body" issue by showing raw body of malformed message (#2427) +- Fix importing/sending to email address with whitespace (#2467) - Added XIMSS (CommuniGate) driver for Password plugin -- Fix newly attached files are not saved in drafts w/o editing any text (#1486202) -- Added attachment upload indicator with parallel upload (#1486058) -- Use default_charset for bodies of messages without charset definition (#1486187) +- Fix newly attached files are not saved in drafts w/o editing any text (#2457) +- Added attachment upload indicator with parallel upload (#2344) +- Use default_charset for bodies of messages without charset definition (#2446) - Password: added cPanel driver -- Fix return to first page from e-mail screen (#1486105) -- Fix handling HTML comments in HTML messages (#1486189) -- Fix folder/messagelist controls alignment - icons used (#1486072) -- Fix LDAP addressbook shows 'Contact not found' error sometimes (#1486178) -- Fix cache status checking + improve cache operations performance (#1486104) -- Prevent from setting INBOX as any of special folders (#1486114) -- Fix regular expression for e-mail address (#1486152) +- Fix return to first page from e-mail screen (#2385) +- Fix handling HTML comments in HTML messages (#2448) +- Fix folder/messagelist controls alignment - icons used (#2356) +- Fix LDAP addressbook shows 'Contact not found' error sometimes (#2438) +- Fix cache status checking + improve cache operations performance (#2384) +- Prevent from setting INBOX as any of special folders (#2390) +- Fix regular expression for e-mail address (#2417) - Fix Received header format -- Implemented sorting by message index - added 'index_sort' option (#1485936) -- Fix dl() use in installer (#1486150) +- Implemented sorting by message index - added 'index_sort' option (#2240) +- Fix dl() use in installer (#2415) - Added 'ldap_debug' option -- Fix "Empty startup greeting" bug (#1486085) -- Fix setting user name in 'new_user_identity' plugin (#1486137) -- Fix incorrect count of new messages in folder list when using multiple IMAP clients (#1485995) -- Fix all folders checking for new messages with disabled caching (#1486128) +- Fix "Empty startup greeting" bug (#2369) +- Fix setting user name in 'new_user_identity' plugin (#2405) +- Fix incorrect count of new messages in folder list when using multiple IMAP clients (#2289) +- Fix all folders checking for new messages with disabled caching (#2399) - Support skins in 'archive' and 'markasjunk' plugins -- Added 'html_editor' hook (#1486068) -- Fix DB constraint violation when populating messages cache (#1486052) -- Password: added password strength options (#1486062) -- Fix LDAP partial result warning (#1485536) -- Fix delete in message view deletes permanently with flag_for_deletion=true (#1486101) -- Use faster/secure mt_rand() (#1486094) -- Fix roundcube hangs on empty inbox with bincimapd (#1486093) -- Fix wrong headers for IE on servers without $_SERVER['HTTPS'] (#1485926) -- Force IE style headers for attachments in non-HTTPS session, 'use_https' option (#1485655) -- Check 'post_max_size' for upload max filesize (#1486089) -- Password Plugin: Fix %d inserts username instead of domain (#1486088) -- Fix rcube_mdb2::affected_rows() (#1486082) +- Added 'html_editor' hook (#2353) +- Fix DB constraint violation when populating messages cache (#2338) +- Password: added password strength options (#2348) +- Fix LDAP partial result warning (#1928) +- Fix delete in message view deletes permanently with flag_for_deletion=true (#2382) +- Use faster/secure mt_rand() (#2376) +- Fix roundcube hangs on empty inbox with bincimapd (#2375) +- Fix wrong headers for IE on servers without $_SERVER['HTTPS'] (#2232) +- Force IE style headers for attachments in non-HTTPS session, 'use_https' option (#2023) +- Check 'post_max_size' for upload max filesize (#2372) +- Password Plugin: Fix %d inserts username instead of domain (#2371) +- Fix rcube_mdb2::affected_rows() (#2366) RELEASE 0.3-stable ------------------ -- Fix gn and givenName should be synonymous in LDAP addressbook (#1485892) -- Add mail_domain to LDAP email entries without @ sign (#1485201) -- Fix saving empty values in LDAP contact data (#1485781) -- Fix LDAP contact update when RDN field is changed (#1485788) -- Fix LDAP attributes case senitivity problems (#1485830) -- Fix LDAP addressbook browsing when only one directory is used (#1486022) -- Fix endless loop on error response for APPEND command (#1486060) -- Don't require date.timezone setting in installer (#1485989) -- Fix date sorting problem with Courier IMAP server (#1486065) -- Unselect pressed buttons on mouse up (#1485987) -- Don't set php_value error_log in .htaccess but mention in INSTALL (#1485924) -- Fix too small status/flag/attachment columns in Safari 4 (#1486063) -- Fix selection disabling while dragging splitter in webkit browsers (#1486056) -- Added 'new_messages' plugin hook (#1486005) -- Added 'logout_after' plugin hook (#1486042) +- Fix gn and givenName should be synonymous in LDAP addressbook (#2208) +- Add mail_domain to LDAP email entries without @ sign (#1652) +- Fix saving empty values in LDAP contact data (#2113) +- Fix LDAP contact update when RDN field is changed (#2119) +- Fix LDAP attributes case senitivity problems (#2155) +- Fix LDAP addressbook browsing when only one directory is used (#2314) +- Fix endless loop on error response for APPEND command (#2346) +- Don't require date.timezone setting in installer (#2284) +- Fix date sorting problem with Courier IMAP server (#2351) +- Unselect pressed buttons on mouse up (#2283) +- Don't set php_value error_log in .htaccess but mention in INSTALL (#2230) +- Fix too small status/flag/attachment columns in Safari 4 (#2349) +- Fix selection disabling while dragging splitter in webkit browsers (#2342) +- Added 'new_messages' plugin hook (#2298) +- Added 'logout_after' plugin hook (#2333) - Added 'message_compose' hook -- Added 'imap_connect' hook (#1485956) -- Fix vcard_attachments plugin (#1486035) +- Added 'imap_connect' hook (#2256) +- Fix vcard_attachments plugin (#2326) - Updated PEAR::Auth_SASL to 1.0.3 version -- Use sequence names only with PostgreSQL (#1486018) +- Use sequence names only with PostgreSQL (#2310) - Re-designed User Preferences interface -- Fix MS SQL DDL (#1486020) -- Fix rcube_mdb2.php: call to setCharset not implemented in mssql driver (#1486019) +- Fix MS SQL DDL (#2312) +- Fix rcube_mdb2.php: call to setCharset not implemented in mssql driver (#2311) - Added 'display_next' option -- Fix rcube_mdb2::unixtimestamp for MS SQL (#1486015) +- Fix rcube_mdb2::unixtimestamp for MS SQL (#2308) - Fix HTML washing to respect character encoding -- Fix endless loop in iil_C_Login() with Courier IMAP (#1486010) -- Fix #messagemenu display on IE (#1486006) +- Fix endless loop in iil_C_Login() with Courier IMAP (#2303) +- Fix #messagemenu display on IE (#2299) - Speedup UI by using sprites for (toolbar) buttons - Fix charset names with X- prefix handling -- Fix displaying of HTML messages with unknown/malformed tags (#1486003) +- Fix displaying of HTML messages with unknown/malformed tags (#2296) RELEASE 0.3-RC1 --------------- -- Fix import of vCard entries with params (#1485453) -- Fix HTML messages output with empty block elements (#1485974) +- Fix import of vCard entries with params (#1857) +- Fix HTML messages output with empty block elements (#2271) - Use request tokens to protect POST requests from CSRF [CVE-2009-4076, CVE-2009-4077] - Added hook when killing a session -- Added hook to write_log function (#1485971) -- Performance improvements by use UID commands (#1485690) -- Fix HTML editor tabIndex setting (#1485972) +- Added hook to write_log function (#2268) +- Performance improvements by use UID commands (#2046) +- Fix HTML editor tabIndex setting (#2269) - Added 'imap_debug' and 'smtp_debug' options -- Support strftime's format modifiers in date_* options (#1484806) -- Support %h variable in 'smtp_server' option (#1485766) -- Show SMTP errors in browser (#1485927) -- Allow WBR tag in HTML message (#1485960) -- Use spl_autoload_register() instead of __autoload (#1485947) -- Add hook for identities listing (#1485958) -- Trigger hook 'smtp_connect' when opening an SMTP connection (#1485954) +- Support strftime's format modifiers in date_* options (#1354) +- Support %h variable in 'smtp_server' option (#2101) +- Show SMTP errors in browser (#2233) +- Allow WBR tag in HTML message (#2259) +- Use spl_autoload_register() instead of __autoload (#2250) +- Add hook for identities listing (#2257) +- Trigger hook 'smtp_connect' when opening an SMTP connection (#2255) - Added config option to enforce HTTPS connections -- Fix non-unicode characters caching in unicode database (#1484608) +- Fix non-unicode characters caching in unicode database (#1209) - Performance improvements of messages caching -- Fix empty Date header issue (#1485923) -- Open collapsed folders during drag & drop (#1485914) -- Fixed link text replacements (#1485789) -- Also trigger 'insertrow' events on page load (#1485826) -- No link on subject in IE browsers (#1484913) -- Fixed filename encoding according to RFC2231 (#1485875) -- Added message Edit feature (#1483891, #1484440) -- Fix message Etag generation for counter issues (#1485623) -- Fix messages searching on MailEnable IMAP (#1485762) -- Fixed many 'skip_deleted' issues (#1485634) +- Fix empty Date header issue (#2229) +- Open collapsed folders during drag & drop (#2221) +- Fixed link text replacements (#2120) +- Also trigger 'insertrow' events on page load (#2151) +- No link on subject in IE browsers (#1438) +- Fixed filename encoding according to RFC2231 (#2192) +- Added message Edit feature (#727, #1101) +- Fix message Etag generation for counter issues (#1996) +- Fix messages searching on MailEnable IMAP (#2097) +- Fixed many 'skip_deleted' issues (#2006) - Fixed messages list sorting on servers without SORT capability - Colorized signatures in plain text messages - Reviewed/fixed skip_deleted/read_when_deleted/flag_for_deletion options handling in UI -- Fix displaying of big maximum upload filesize (#1485889) +- Fix displaying of big maximum upload filesize (#2205) - Added possibility to invert messages selection -- After move/delete from 'show' action display next message instead of messages list (#1485887) -- Fixed problem with double quote at the end of folder name (#1485884) -- Speedup UI by using CSS sprites and etags/expires/deflate in Apache config (#1484858,#1485800) +- After move/delete from 'show' action display next message instead of messages list (#2203) +- Fixed problem with double quote at the end of folder name (#2200) +- Speedup UI by using CSS sprites and etags/expires/deflate in Apache config (#1397,#2128) - Support UID EXPUNGE: remove only moved/deleted messages -- Add drag cancelling with ESC key (#1484344) -- Support initial identity name from virtuser_query (#1484003) +- Add drag cancelling with ESC key (#1036) +- Support initial identity name from virtuser_query (#807) - Added message menu, removed Print and Source buttons -- Added possibility to save message as .eml file (#1485861) -- Added 1 minute interval in autosave options (#1485854) -- Support UTF-7 encoding in messages (#1485832) -- Better support for malformed character names (#1485758) +- Added possibility to save message as .eml file (#2178) +- Added 1 minute interval in autosave options (#2173) +- Support UTF-7 encoding in messages (#2156) +- Better support for malformed character names (#2093) RELEASE 0.3-BETA ---------------- @@ -1671,505 +1692,505 @@ - Added possibility to encrypt received header, option 'http_received_header_encrypt', added some more logic in encrypt/decrypt functions for security - Fix Answered/Forwarded flag setting for messages in subfolders -- Fix autocomplete problem with capital letters (#1485792) -- Support UUencode content encoding (#1485839) -- Minimize chance of race condition in session handling (#1485659, #1484678) -- Fix session handling on non-session SQL query error (#1485734) -- Fix html editor mode setting when reopening draft message (#1485834) -- Added quick search box menu (#1484304) -- Fix wrong column sort order icons (#1485823) +- Fix autocomplete problem with capital letters (#2122) +- Support UUencode content encoding (#2163) +- Minimize chance of race condition in session handling (#1485659, #1260) +- Fix session handling on non-session SQL query error (#2078) +- Fix html editor mode setting when reopening draft message (#2158) +- Added quick search box menu (#1010) +- Fix wrong column sort order icons (#2149) - Updated TinyMCE to 3.2.3 version -- Fix attachment names encoding when charset isn't specified in attachment part (#1484969) -- Fix message normal priority problem (#1485820) -- Fix autocomplete spinning wheel does not disappear (#1485804) -- Added log_date_format option (#1485709) -- Fix text wrapping in HTML editor after switching from plain text to HTML (#1485521) -- Fix auto-complete function hangs with plus sign (#1485815) -- Fix AJAX requests errors handler (#1485000) +- Fix attachment names encoding when charset isn't specified in attachment part (#1483) +- Fix message normal priority problem (#2146) +- Fix autocomplete spinning wheel does not disappear (#2132) +- Added log_date_format option (#2060) +- Fix text wrapping in HTML editor after switching from plain text to HTML (#1917) +- Fix auto-complete function hangs with plus sign (#2141) +- Fix AJAX requests errors handler (#1503) - Speed up message list displaying on IE -- Fix read/write database recognition (#1485811) +- Fix read/write database recognition (#2137) RELEASE 0.2.2 ------------- -- Fix quicksearchbox look in Chrome and Konqueror (#1484841) -- Fix UTF-8 byte-order mark removing (#1485514) -- Fix folders subscribtions on Konqueror (#1484841) +- Fix quicksearchbox look in Chrome and Konqueror (#1380) +- Fix UTF-8 byte-order mark removing (#1911) +- Fix folders subscribtions on Konqueror (#1380) - Fix debug console on Konqueror and Safari -- Fix messagelist focus issue when modifying status of selected messages (#1485807) -- Support STARTTLS in IMAP connection (#1485284) -- Fix DEL key problem in search boxes (#1485528) -- Support several e-mail addresses per user from virtuser_file (#1485678) -- Fix drag&drop with scrolling on IE (#1485786) -- Fix adding signature separator in html mode (#1485350) -- Fix opening attachment marks message as read (#1485803) -- Fix 'temp_dir' does not support relative path under Windows (#1484529) -- Fix "Initialize Database" button missing from installer (#1485802) -- Fix compose window doesn't fit 1024x768 window (#1485396) -- Fix service not available error when pressing back from compose dialog (#1485552) -- Fix using mail() on Windows (#1485779) -- Fix word wrapping in message-part's <PRE>s for printing (#1485787) -- Fix incorrect word wrapping in outgoing plaintext multibyte messages (#1485714) +- Fix messagelist focus issue when modifying status of selected messages (#2134) +- Support STARTTLS in IMAP connection (#1714) +- Fix DEL key problem in search boxes (#1923) +- Support several e-mail addresses per user from virtuser_file (#2036) +- Fix drag&drop with scrolling on IE (#2117) +- Fix adding signature separator in html mode (#1768) +- Fix opening attachment marks message as read (#2131) +- Fix 'temp_dir' does not support relative path under Windows (#1157) +- Fix "Initialize Database" button missing from installer (#2130) +- Fix compose window doesn't fit 1024x768 window (#1807) +- Fix service not available error when pressing back from compose dialog (#1942) +- Fix using mail() on Windows (#2111) +- Fix word wrapping in message-part's <PRE>s for printing (#2118) +- Fix incorrect word wrapping in outgoing plaintext multibyte messages (#2062) - Fix double footer in HTML message with embedded images -- Fix TNEF implementation bug (#1485773) -- Fix incorrect row id parsing for LDAP contacts list (#1485784) -- Fix 'mode' parameter in sqlite DSN (#1485772) +- Fix TNEF implementation bug (#2107) +- Fix incorrect row id parsing for LDAP contacts list (#2116) +- Fix 'mode' parameter in sqlite DSN (#2106) RELEASE 0.2.1 ------------------ -- Use US-ASCII as failover when Unicode searching fails (#1485762) -- Fix errors handling in IMAP command continuations (#1485762) -- Fix FETCH result parsing for servers returning flags at the end of result (#1485763) -- Fix datetime columns defaults in mysql's DDL (#1485641) -- Fix attaching more than nine inline images (#1485759) -- Support 'UNICODE-1-1-UTF-7' alias for UTF-7 encoding (#1485758) -- Fix mime-type detection using a hard-coded map (#1485311) -- Don't return empty string if charset conversion failed (#1485757) -- Disable concurrent autocomplete query results display (#1485743) -- Fix new lines stripped from message footer (#1485751) -- Fix IE problem with mouse click autocomplete (#1485739) -- Fix html body washing on reply/forward + fix attachments handling (#1485676) -- Fix multiple recipients input parsing (#1485733) -- Fix replying to message with html attachment (#1485676) -- Use default_charset for messages without specified charset (#1485661, #1484961) -- Support non-standard "GMT-XXXX" literal in date header (#1485729) +- Use US-ASCII as failover when Unicode searching fails (#2097) +- Fix errors handling in IMAP command continuations (#2097) +- Fix FETCH result parsing for servers returning flags at the end of result (#2098) +- Fix datetime columns defaults in mysql's DDL (#2012) +- Fix attaching more than nine inline images (#2094) +- Support 'UNICODE-1-1-UTF-7' alias for UTF-7 encoding (#2093) +- Fix mime-type detection using a hard-coded map (#1735) +- Don't return empty string if charset conversion failed (#2092) +- Disable concurrent autocomplete query results display (#2082) +- Fix new lines stripped from message footer (#2088) +- Fix IE problem with mouse click autocomplete (#2080) +- Fix html body washing on reply/forward + fix attachments handling (#2034) +- Fix multiple recipients input parsing (#2077) +- Fix replying to message with html attachment (#2034) +- Use default_charset for messages without specified charset (#2027, #1484961) +- Support non-standard "GMT-XXXX" literal in date header (#2074) - Added TNEF support to decode MS Outlook attachments (winmail.dat) -- Fix "value continuation" MIME headers by adding required semicolon (#1485727) -- Fix pressing select all/unread multiple times (#1485723) -- Fix selecting all unread does not honor new messages (#1485724) -- Fix some base64 encoded attachments handling (#1485725) -- Support NGINX as IMAP backend: better BAD response handling (#1485720) +- Fix "value continuation" MIME headers by adding required semicolon (#2073) +- Fix pressing select all/unread multiple times (#2069) +- Fix selecting all unread does not honor new messages (#2070) +- Fix some base64 encoded attachments handling (#2071) +- Support NGINX as IMAP backend: better BAD response handling (#2066) - Performance fix: don't fetch attachment parts headers twice to parse filename -- Fix checking for recent messages on various IMAP servers (#1485702) +- Fix checking for recent messages on various IMAP servers (#2055) - Performance fix: Don't fetch quota and recent messages in "message view" mode -- Fix displaying of alternative-inside-alternative messages (#1485713) -- Fix MDNSent flag checking, use arbitrary keywords (asterisk) flag (#1485706) +- Fix displaying of alternative-inside-alternative messages (#2061) +- Fix MDNSent flag checking, use arbitrary keywords (asterisk) flag (#2059) - Fix creation of folders with '&' sign in name -- Fix parsing of email addresses without angle brackets (#1485693) +- Fix parsing of email addresses without angle brackets (#2048) - Save spellcheck corrections when switching from plain to html editor (and spellchecking is on) -- Fix large search results on server without SORT capability (#1485668) -- Get rid of preg_replace() with eval modifier and create_function usage (#1485686) +- Fix large search results on server without SORT capability (#2031) +- Get rid of preg_replace() with eval modifier and create_function usage (#2042) - Bring back <base> and <link> tags in HTML messages - Fix XSS vulnerability through background attributes [CVE-2009-0413] -- Fix problems with backslash as IMAP hierarchy delimiter (#1484467) -- Secure vcard export by getting rid of preg's 'e' modifier use (#1485689) -- Fix authentication when submitting form with existing session (#1485679) -- Allow absolute URLs to images in HTML messages/sigs (#1485666) +- Fix problems with backslash as IMAP hierarchy delimiter (#1116) +- Secure vcard export by getting rid of preg's 'e' modifier use (#2045) +- Fix authentication when submitting form with existing session (#2037) +- Allow absolute URLs to images in HTML messages/sigs (#2029) - Fix message body which contains both inline attachments and emotions -- Fix SQL query execution errors handling in rcube_mdb2 class (#1485509) -- Fix address names with '@' sign handling (#1485654) +- Fix SQL query execution errors handling in rcube_mdb2 class (#1907) +- Fix address names with '@' sign handling (#2022) - Improve messages display performance - Fix messages searching with 'to:' modifier RELEASE 0.2-STABLE ------------------ -- Fix mark popup in IE 7 (#1485369) -- Fix line-break issue when copy & paste in Firefox (#1485425) -- Fix autocomplete "unknown server error" (#1485637) -- Fix STARTTLS before AUTH in SMTP connection (#1484883) -- Support multiple quota values in QUOTAROOT resonse (#1485626) -- Only abbreviate file name for IE < 7 browsers (#1485063) -- Performance: allow setting imap rootdir and delimiter before connect (#1485172) -- Fix sorting of folders with more than 2 levels (#1485569) -- Fix search results page jumps in LDAP addressbook (#1485253) -- Fix empty line before the signature in IE (#1485351) -- Fix horizontal scrollbar in preview pane on IE (#1484633) -- Add Robots meta tag in login page and installer (#1484846) -- Added 'show_images' option, removed 'addrbook_show_images' (#1485597) -- Option to check for new mails in all folders (#1484374) -- Don't set client busy when checking for new messages (#1485276) -- Allow UTF-8 folder names in config (#1485579) -- Add junk_mbox option configuration in installer (#1485579) -- Do serverside addressbook queries for autocompletion (#1485531) +- Fix mark popup in IE 7 (#1785) +- Fix line-break issue when copy & paste in Firefox (#1832) +- Fix autocomplete "unknown server error" (#2008) +- Fix STARTTLS before AUTH in SMTP connection (#1415) +- Support multiple quota values in QUOTAROOT resonse (#1999) +- Only abbreviate file name for IE < 7 browsers (#1548) +- Performance: allow setting imap rootdir and delimiter before connect (#1628) +- Fix sorting of folders with more than 2 levels (#1953) +- Fix search results page jumps in LDAP addressbook (#1689) +- Fix empty line before the signature in IE (#1769) +- Fix horizontal scrollbar in preview pane on IE (#1228) +- Add Robots meta tag in login page and installer (#1385) +- Added 'show_images' option, removed 'addrbook_show_images' (#1977) +- Option to check for new mails in all folders (#1053) +- Don't set client busy when checking for new messages (#1706) +- Allow UTF-8 folder names in config (#1960) +- Add junk_mbox option configuration in installer (#1960) +- Do serverside addressbook queries for autocompletion (#1925) - Allow setting attachment col position in 'list_cols' option -- Allow override 'list_cols' via skin (#1485577) -- Fix 'cache' table cleanup on session destroy (#1485516) +- Allow override 'list_cols' via skin (#1958) +- Fix 'cache' table cleanup on session destroy (#1913) - Increase speed of session destroy and garbage clean up -- Fix session timeout when DB server got clock skew (#1485490) -- Fix handling of some malformed messages (#1484438) +- Fix session timeout when DB server got clock skew (#1890) +- Fix handling of some malformed messages (#1099) - Speed up raw message body handling -- Better HTML entities conversion in html2text (#1485519) +- Better HTML entities conversion in html2text (#1916) - Fix big memory consumption and speed up searching on servers without SORT capability -- Fix setting locale to tr_TR, ku and az_AZ (#1485470) +- Fix setting locale to tr_TR, ku and az_AZ (#1872) - Use SORT for searching on servers with SORT capability - Added message status filter -- Fix empty file sending (#1485389) +- Fix empty file sending (#1801) - Improved searching with many criterias (calling one SEARCH command) -- Fix HTML editor initialization on IE (#1485304) -- Add warning when switching editor mode from html to plain (#1485488) -- Make identities list scrollable (#1485538) -- Fix problem with numeric folder names (#1485527) -- Added BYE response simple support to prevent from endless loops in imap.inc (#1483956) -- Fix unread message unintentionally marked as read if read_when_deleted=true (#1485409) -- Remove port number from SERVER_NAME in smtp_helo_host (#1485518) -- Don't send disposition notification receipts for messages marked as 'read' (#1485523) -- Added 'keep_alive' and 'min_keep_alive' options (#1485360) +- Fix HTML editor initialization on IE (#1731) +- Add warning when switching editor mode from html to plain (#1888) +- Make identities list scrollable (#1930) +- Fix problem with numeric folder names (#1922) +- Added BYE response simple support to prevent from endless loops in imap.inc (#777) +- Fix unread message unintentionally marked as read if read_when_deleted=true (#1819) +- Remove port number from SERVER_NAME in smtp_helo_host (#1915) +- Don't send disposition notification receipts for messages marked as 'read' (#1918) +- Added 'keep_alive' and 'min_keep_alive' options (#1777) - Added option 'identities_level', removed 'multiple_identities' -- Allow deleting identities when multiple_identities=false (#1485435) -- Added option focus_on_new_message (#1485374) -- Fix html2text class autoloading on Windows (#1485505) -- Fix html signature formatting when identity save error occurred (#1485426) -- Add feedback and set busy when moving folder (#1485497) -- Fix 'Empty' link visibility for some languages e.g. Slovak (#1485489) -- Fix messages count bar overlapping (#1485270) -- Fix adding signature in drafts compose mode (#1485484) -- Fix iil_C_Sort() to support very long and/or divided responses (#1485283) -- Fix matching case sensitivity when setting identity on reply (#1485480) +- Allow deleting identities when multiple_identities=false (#1840) +- Added option focus_on_new_message (#1789) +- Fix html2text class autoloading on Windows (#1904) +- Fix html signature formatting when identity save error occurred (#1833) +- Add feedback and set busy when moving folder (#1897) +- Fix 'Empty' link visibility for some languages e.g. Slovak (#1889) +- Fix messages count bar overlapping (#1703) +- Fix adding signature in drafts compose mode (#1884) +- Fix iil_C_Sort() to support very long and/or divided responses (#1713) +- Fix matching case sensitivity when setting identity on reply (#1881) - Prefer default identity on reply -- Fix imap searching on ISMail server (#1485466) -- Add css class for flagged messages (#1485464) -- Write username instead of id in sendmail log (#1485477) -- Fix htmlspecialchars() use for PHP version < 5.2.3 (#1485475) -- Fix js keywords escaping in json_serialize() for IE/Opera (#1485472) -- Added bin/killcache.php script (#1485434) +- Fix imap searching on ISMail server (#1870) +- Add css class for flagged messages (#1868) +- Write username instead of id in sendmail log (#1879) +- Fix htmlspecialchars() use for PHP version < 5.2.3 (#1877) +- Fix js keywords escaping in json_serialize() for IE/Opera (#1874) +- Added bin/killcache.php script (#1839) - Add support for SJIS, GB2312, BIG5 in rc_detect_encoding() -- Fix vCard file encoding detection for non-UTF-8 strings (#1485410) -- Add 'skip_deleted' option in User Preferences (#1485445) -- Minimize "inline" javascript scripts use (#1485433) -- Fix css class setting for folders with names matching defined classes names (#1485355) +- Fix vCard file encoding detection for non-UTF-8 strings (#1820) +- Add 'skip_deleted' option in User Preferences (#1850) +- Minimize "inline" javascript scripts use (#1838) +- Fix css class setting for folders with names matching defined classes names (#1772) - Fix race conditions when changing mailbox -- Fix spellchecking when switching to html editor (#1485362) -- Fix compose window width/height (#1485396) -- Allow calling msgimport.sh/msgexport.sh from any directory (#1485431) -- Localized filesize units (#1485340) -- Better handling of "no identity" and "no email in identity" situations (#1485117) -- Added 'mime_param_folding' option with possibility to choose long/non-ascii attachment names encoding eg. to be readable in MS Outlook/OE (#1485320) +- Fix spellchecking when switching to html editor (#1779) +- Fix compose window width/height (#1807) +- Allow calling msgimport.sh/msgexport.sh from any directory (#1837) +- Localized filesize units (#1760) +- Better handling of "no identity" and "no email in identity" situations (#1592) +- Added 'mime_param_folding' option with possibility to choose long/non-ascii attachment names encoding eg. to be readable in MS Outlook/OE (#1743) - Added "advanced options" feature in User Preferences -- Fix unread counter when displaying cached massage in preview panel (#1485290) -- Fix htmleditor spellchecking on MS Windows (#1485397) -- Fix problem with non-ascii attachment names in Mail_mime (#1485267, #1485096) -- Fix language autodetection (#1485401) -- Fix button label in folders management (#1485405) -- Fix collapsed folder not indicating unread msgs count of all subfolders (#1485403) +- Fix unread counter when displaying cached massage in preview panel (#1720) +- Fix htmleditor spellchecking on MS Windows (#1808) +- Fix problem with non-ascii attachment names in Mail_mime (#1700, #1576) +- Fix language autodetection (#1812) +- Fix button label in folders management (#1816) +- Fix collapsed folder not indicating unread msgs count of all subfolders (#1814) - Fix handling of apostrophes in filenames decoded according to rfc2231 RELEASE 0.2-BETA ---------------- -- Made config files location configurable (#1485215) -- Reduced memory footprint when forwarding attachments (#1485345) -- Allow and use spellcheck attribute for input/textarea fields (#1485060) -- Added icons for forwarded/forwarded+replied messages (#1485257) -- Added Reply-To to forwarded emails (#1485315) -- Display progress message for folders create/delete/rename (#1485357) -- Smart Tags and NOBR tag support in html messages (#1485363, #1485327) -- Redesign of the identities settings (#1484042) -- Add config option to disable creation/deletion of identities (#1484498) -- Added 'sendmail_delay' option to restrict messages sending interval (#1484491) +- Made config files location configurable (#1664) +- Reduced memory footprint when forwarding attachments (#1764) +- Allow and use spellcheck attribute for input/textarea fields (#1545) +- Added icons for forwarded/forwarded+replied messages (#1691) +- Added Reply-To to forwarded emails (#1739) +- Display progress message for folders create/delete/rename (#1774) +- Smart Tags and NOBR tag support in html messages (#1780, #1748) +- Redesign of the identities settings (#836) +- Add config option to disable creation/deletion of identities (#1139) +- Added 'sendmail_delay' option to restrict messages sending interval (#1135) - Added vertical splitter for folders list resizing - Added possibility to view all headers in message view -- Fixed splitter drag/resize on Opera (#1485170) -- Fixed quota img height/width setting from template (#1484857) -- Refactor drag & drop functionality. Don't rely on browser events anymore (#1484453) -- Insert "virtual" folders in subscription list (#1484779) +- Fixed splitter drag/resize on Opera (#1626) +- Fixed quota img height/width setting from template (#1396) +- Refactor drag & drop functionality. Don't rely on browser events anymore (#1108) +- Insert "virtual" folders in subscription list (#1333) - Added link to open message in new window - Enable export of address book contacts as vCard -- Add feature to import contacts from vcard files (#1326103) -- Respect Content-Location headers in multipart/related messages according to RFC2110 (#1484946) -- Allowed max. attachment size now indicated in compose screen (#1485030) -- Also capture backspace key in list mode (#1484566) -- Allow application/pgp parts to be displayed (#1484753) -- Correctly handle options in mailto-links (#1485228) -- Immediately save sort_col/sort_order in user prefs (#1485265) +- Add feature to import contacts from vcard files (#395) +- Respect Content-Location headers in multipart/related messages according to RFC2110 (#1464) +- Allowed max. attachment size now indicated in compose screen (#1523) +- Also capture backspace key in list mode (#1186) +- Allow application/pgp parts to be displayed (#1309) +- Correctly handle options in mailto-links (#1671) +- Immediately save sort_col/sort_order in user prefs (#1698) - Truncate very long (above 50 characters) attachment filenames when displaying -- Allow to auto-detect client language if none set (#1484434) +- Allow to auto-detect client language if none set (#1095) - Auto-detect the client timezone (user configurable) - Add RFC2231 header value continuations support for attachment filenames + hack for servers that not support that feature -- Fix Reply-To header displaying (#1485314) +- Fix Reply-To header displaying (#1738) - Mark form buttons that provide the most obvious operation (mainaction) -- Added option 'quota_zero_as_unlimited' (#1484604) -- Added PRE handling in html2text class (#1484740) +- Added option 'quota_zero_as_unlimited' (#1206) +- Added PRE handling in html2text class (#1301) - Added folder hierarchy collapsing -- Added options to use syslog instead of log file (#1484850) +- Added options to use syslog instead of log file (#1389) - Added Logging & Debugging section in Installer -- Fix In-Reply-To and References headers when composing saved draft message (#1485288) -- Fix html message charset conversion for charsets with underline (#1485287) -- Fix buttons status after contacts deletion (#1485233) -- Fix escaping of To: and From: fields when building message body for reply or forward in the HTML editor (#1484904) -- Use current mailbox name in template (#1485256) -- Better fix for skipping untagged responses (#1485261) -- Added pspell support patch by Kris Steinhoff (#1483960) -- Enable spellchecker for HTML editor (#1485114) -- Respect spellcheck_uri in tinyMCE spellchecker (#1484196) -- Case insensitive contacts searching using PostgreSQL (#1485259) -- Make default imap folders configurable for each user (#1485075) +- Fix In-Reply-To and References headers when composing saved draft message (#1718) +- Fix html message charset conversion for charsets with underline (#1717) +- Fix buttons status after contacts deletion (#1675) +- Fix escaping of To: and From: fields when building message body for reply or forward in the HTML editor (#1432) +- Use current mailbox name in template (#1690) +- Better fix for skipping untagged responses (#1694) +- Added pspell support patch by Kris Steinhoff (#781) +- Enable spellchecker for HTML editor (#1589) +- Respect spellcheck_uri in tinyMCE spellchecker (#941) +- Case insensitive contacts searching using PostgreSQL (#1692) +- Make default imap folders configurable for each user (#1558) - Save outgoing mail to selectable folder (#1324581) -- Fix hiding of mark menu when clicking th button again (#1484944) -- Use long date format in print mode (#1485191) +- Fix hiding of mark menu when clicking th button again (#1463) +- Use long date format in print mode (#1643) - Updated TinyMCE to version 3.1.0.1 -- Re-enable autocomplete attribute for login form (#1485211) -- Check PERMANENTFLAGS before saving $MDNSent flag (#1484963, #1485163) -- Added flag column on messages list (#1484623) +- Re-enable autocomplete attribute for login form (#1661) +- Check PERMANENTFLAGS before saving $MDNSent flag (#1478, #1485163) +- Added flag column on messages list (#1220) - Patched Mail/MimePart.php (http://pear.php.net/bugs/bug.php?id=14232) -- Allow trash/junk subfolders to be purged (#1485085) +- Allow trash/junk subfolders to be purged (#1568) - Store compose parameters in session and redirect to a unique URL -- Fixed CRAM-MD5 authentication (#1484819) -- Fixed forwarding messages with one HTML attachment (#1484442) -- Fixed encoding of message/rfc822 attachments and image/pjpeg handling (#1484914) +- Fixed CRAM-MD5 authentication (#1364) +- Fixed forwarding messages with one HTML attachment (#1103) +- Fixed encoding of message/rfc822 attachments and image/pjpeg handling (#1439) - Added option to select skin in user preferences - Added option to configure displaying of attached images below the message body -- Added option to display images in messages from known senders (#1484601) +- Added option to display images in messages from known senders (#1204) - User preferences grouped in more fieldsets -- Fix corrupted MIME headers of messages in Sent folder (#1485111) +- Fix corrupted MIME headers of messages in Sent folder (#1587) - Fixed bug in MDB2 package: http://pear.php.net/bugs/bug.php?id=14124 -- Use keypress instead of keydown to select list's row (#1484816) -- Don't call expunge and don't remove message row after message move if flag_for_deletion is set to true (#1485002) +- Use keypress instead of keydown to select list's row (#1362) +- Don't call expunge and don't remove message row after message move if flag_for_deletion is set to true (#1505) RELEASE 0.2-ALPHA ----------------- -- Added option to disable autocompletion from selected LDAP address books (#1484922) -- TLS support in LDAP connections: 'use_tls' property (#1485104) -- Fixed removing messages from search set after deleting them (#1485106) +- Added option to disable autocompletion from selected LDAP address books (#1445) +- TLS support in LDAP connections: 'use_tls' property (#1581) +- Fixed removing messages from search set after deleting them (#1583) - imap.inc: Fixed iil_C_FetchStructureString() to handle many - literal strings in response (#1484969) -- Support for subfolders in default/protected folders (#1484665) -- Disallowed delimiter in folder name (#1484803) + literal strings in response (#1483) +- Support for subfolders in default/protected folders (#1250) +- Disallowed delimiter in folder name (#1351) - Support " and \ in folder names -- Escape \ in login (#1484614) -- Better HTML sanitization with the DOM-based washtml script (#1484701) +- Escape \ in login (#1214) +- Better HTML sanitization with the DOM-based washtml script (#1276) - Fixed sorting of folders with non-ascii characters -- Fixed Mysql DDL for default identities creation (#1485070) +- Fixed Mysql DDL for default identities creation (#1554) - In Preferences added possibility to configure 'read_when_deleted', 'mdn_requests', 'flag_for_deletion' options -- Made IMAP auth type configurable (#1483825) -- Fixed empty values with FROM_UNIXTIME() in rcube_mdb2 (#1485055) -- Fixed attachment list on IE 6/7 (#1484807) +- Made IMAP auth type configurable (#683) +- Fixed empty values with FROM_UNIXTIME() in rcube_mdb2 (#1540) +- Fixed attachment list on IE 6/7 (#1355) - Fixed JavaScript in compose.html that shows cc/bcc fields if populated -- Make password input fields of type password in installer (#1484886) -- Don't attempt to delete cache entries if enable_caching is FALSE (#1485051) -- Optimized messages sorting on servers without sort capability (#1485049) +- Make password input fields of type password in installer (#1417) +- Don't attempt to delete cache entries if enable_caching is FALSE (#1537) +- Optimized messages sorting on servers without sort capability (#1535) - Corrected message headers decoding when charset isn't specified and improved - support for native languages (#1485050, #1485048) + support for native languages (#1536, #1534) - Expanded LDAP configuration options to support LDAP server writes. -- Installer: encode special characters in DB username/password (#1485042) -- Fixed management of folders with national characters in names (#1485036, #1485001) -- Fixed identities saving when using MDB2 pgsql driver (#1485032) -- Fixed BCC header reset (#1484997) +- Installer: encode special characters in DB username/password (#1529) +- Fixed management of folders with national characters in names (#1526, #1504) +- Fixed identities saving when using MDB2 pgsql driver (#1525) +- Fixed BCC header reset (#1501) - Improved messages list performance - patch from Justin Heesemann -- Append skin_path to images location only when it starts with '/' sign (#1484859) -- Fix IMAP response in message body when message has no body (#1484964) -- Fixed non-RFC dates formatting (#1484901) -- Fixed typo in set_charset() (#1484991) -- Decode entities when inserting HTML signature to plain text message (#1484990) +- Append skin_path to images location only when it starts with '/' sign (#1398) +- Fix IMAP response in message body when message has no body (#1479) +- Fixed non-RFC dates formatting (#1429) +- Fixed typo in set_charset() (#1498) +- Decode entities when inserting HTML signature to plain text message (#1497) - HTML editing is now working with PHP5 updates and TinyMCE v3.0.6 -- Fixed signature loading on Windows (#1484545) -- Added language support to HTML editing (#1484862) -- Fixed remove signature when replying (#1333167) -- Fixed problem with line with a space at the end (#1484916) -- Fixed <!DOCTYPE> tag filtering (#1484391) -- Fixed <?xml> tag filtering (#1484403) +- Fixed signature loading on Windows (#1169) +- Added language support to HTML editing (#1401) +- Fixed remove signature when replying (#446) +- Fixed problem with line with a space at the end (#1440) +- Fixed <!DOCTYPE> tag filtering (#1066) +- Fixed <?xml> tag filtering (#1075) - Added sections (fieldset+label) in Settings interface -- Mark as read in one action with message preview (#1484972) -- Deleted redundant quota reads (#1484972) -- Added options for empty trash and expunge inbox on logout (#1483863) +- Mark as read in one action with message preview (#1486) +- Deleted redundant quota reads (#1486) +- Added options for empty trash and expunge inbox on logout (#707) - Removed lines wrapping when displaying message - Fixed month localization - Changed codebase to PHP5 with autoloader RELEASE 0.1.1 ------------- -- Clear selection when selecting single item (#1484942) -- Remove hard-coded image size in skin templates (#1484893) +- Clear selection when selecting single item (#1461) +- Remove hard-coded image size in skin templates (#1423) - Database schema improvements (dropped unnecessary indexes) -- Fixed creating a new folder with a comma in its name (#1484681) -- Fixed sorting of messages when default mailbox is empty (#1484317) -- Improve message previewpane - less loading (#1484316) -- Fixed login form autoompletion (#1484839) -- Fixed virtuser_query option for mdb2 backend (#1484874) -- Fixed attachment resoting from Drafts when message body was empty (#1484506) -- Fixed usage of ob_gzhandler (#1484851) -- Fixed message part window in IE6 (#1484610) -- Fixed decoding of mime-encoded strings (#1484191) -- Fixed some iconv/mb_string problems (#1484598) -- Correctly quote mailbox name when using in URL (#1484313) -- Fixed "headers already sent" errors (#1484860) +- Fixed creating a new folder with a comma in its name (#1263) +- Fixed sorting of messages when default mailbox is empty (#1020) +- Improve message previewpane - less loading (#1019) +- Fixed login form autoompletion (#1378) +- Fixed virtuser_query option for mdb2 backend (#1409) +- Fixed attachment resoting from Drafts when message body was empty (#1144) +- Fixed usage of ob_gzhandler (#1390) +- Fixed message part window in IE6 (#1211) +- Fixed decoding of mime-encoded strings (#938) +- Fixed some iconv/mb_string problems (#1202) +- Correctly quote mailbox name when using in URL (#1016) +- Fixed "headers already sent" errors (#1399) RELEASE 0.1-STABLE ------------------ - Added interactive installer script -- Fix folder adding/renaming inspired by #1484800 -- Localize folder name in page title (#1484785) -- Fix code using wrong variable name (#1484018) +- Fix folder adding/renaming inspired by #1349 +- Localize folder name in page title (#1338) +- Fix code using wrong variable name (#818) - Allow to send mail with BCC recipients only -- condense TinyMCE toolbar down to one line, removing table buttons (#1484747) -- Add function to mark the selected messages as read/unread (#1457360) -- Also do charset decoding as suggested in RFC 2231 (fix #1484321) +- condense TinyMCE toolbar down to one line, removing table buttons (#1306) +- Add function to mark the selected messages as read/unread (#641) +- Also do charset decoding as suggested in RFC 2231 (fix #1022) - Show message count in folder list and hint when creating a subfolder -- Distinguish ssl and tls for imap connections (#1484667) -- Added some charset aliases to fix typical mis-labelling (#1484565) -- Remember decision to display images for a certain message during session (#1484754) -- Truncate attachment filenames to 55 characters due to an IE bug (#1484757) +- Distinguish ssl and tls for imap connections (#1252) +- Added some charset aliases to fix typical mis-labelling (#1185) +- Remember decision to display images for a certain message during session (#1310) +- Truncate attachment filenames to 55 characters due to an IE bug (#1313) - Make sending of read receipts configurable -- Respect config when localize folder names (#1484707) +- Respect config when localize folder names (#1280) - Also respect receipt and priority settings when re-opening a draft message -- Remember search results (closes #1483883), patch by the_glu +- Remember search results (closes #722), patch by the_glu - Add Received header on outgoing mail - Upgrade to TinyMCE 2.1.3 -- Allow inserting image attachments into HTML messages while composing (#1484557) +- Allow inserting image attachments into HTML messages while composing (#1179) - Implement Message-Disposition-Notification (Receipts) -- Fix overriding of session vars when register_globals is on (#1484670) -- Fix bug with case-sensitive folder names (#1484245) +- Fix overriding of session vars when register_globals is on (#1255) +- Fix bug with case-sensitive folder names (#973) - Don't create default folders by default - Fixed some potential security risks (audited by Andris) -- Only show new messages if they match the current search (#1484176) -- Switch to/from when searcing in Sent folder (#1484555) -- Correctly read the References header (#1484646) -- Unset old cookie before sending a new value (#1484639) -- Correctly decode attachments when downloading them (#1484645 and #1484642) -- Suppress IE errors when clearing attachments form (#1484356) +- Only show new messages if they match the current search (#925) +- Switch to/from when searcing in Sent folder (#1177) +- Correctly read the References header (#1236) +- Unset old cookie before sending a new value (#1232) +- Correctly decode attachments when downloading them (#1235 and #1484642) +- Suppress IE errors when clearing attachments form (#1043) - Log error when login fails due to auto_create_user turned off -- Filter linked/imported CSS files (closes #1484056) -- Improve message compose screen (closes #1484383) -- Select next row after removing one from list (#1484387) +- Filter linked/imported CSS files (closes #844) +- Improve message compose screen (closes #1060) +- Select next row after removing one from list (#1063) RELEASE 0.1-RC2 --------------- -- Enable drag-&-dropping of folders to a new parent and allow to create subfolders (#1457344) -- Suppress IE errors when clearing attachments form (#1484356) -- Set preferences field in user table to NULL (#1484386) +- Enable drag-&-dropping of folders to a new parent and allow to create subfolders (#637) +- Suppress IE errors when clearing attachments form (#1043) +- Set preferences field in user table to NULL (#1062) - Log error when login fails due to auto_create_user turned off -- Filter linked/imported CSS files (closes #1484056) -- Improve message compose screen (closes #1484383) -- Select next row after removing one from list (#1484387) -- Make smtp HELO/EHLO hostname configurable (#1484067) -- IPv6 Compatability (#1484322), Patch #1484373 -- Unlock interface when message sending fails (#1484570) +- Filter linked/imported CSS files (closes #844) +- Improve message compose screen (closes #1060) +- Select next row after removing one from list (#1063) +- Make smtp HELO/EHLO hostname configurable (#851) +- IPv6 Compatability (#1023), Patch #1484373 +- Unlock interface when message sending fails (#1188) - Eval PHP code in template includes (if configured) -- Show message when folder is empty. Mo more static text in table (#1484395) +- Show message when folder is empty. Mo more static text in table (#1068) - Only display unread count in page title when new messages arrived -- Fixed wrong delete button tooltip (#1483965) -- Fixed charset encoding bug (#1484429) -- Applied patch for LDAP version (#1484552) +- Fixed wrong delete button tooltip (#785) +- Fixed charset encoding bug (#1091) +- Applied patch for LDAP version (#1175) - Improved XHTML validation -- Fix message list selection (#1484550) -- Better fix lowercased usernames (#1484473) -- Update pngbehavior Script as suggested in #1484490 +- Fix message list selection (#1174) +- Better fix lowercased usernames (#1120) +- Update pngbehavior Script as suggested in #1134 - Fixed moving/deleting messages when more than 1 is selected - Applied patch for LDAP contacts listing by Glen Ogilvie -- Applied patch for more address fields in LDAP contacts (#1484402) -- Add alternative for getallheaders() (fix #1484508) +- Applied patch for more address fields in LDAP contacts (#1074) +- Add alternative for getallheaders() (fix #1146) - Identify mailboxes case-sensitive -- Sort mailbox list case-insensitive (closes #1484338) -- Fix display of multipart messages from Apple Mail (closes #1484027) +- Sort mailbox list case-insensitive (closes #1032) +- Fix display of multipart messages from Apple Mail (closes #823) - Protect AJAX request from being fetched by a foreign site (XSS) - Make autocomplete for loginform configurable by the skin template -- Fix compose function from address book (closes #1484426) -- Added //IGNORE to iconv call (patch #1484420, closes #1484023) -- Check if mbstring supports charset (#1484290 and #1484292) -- Prefer iconv over mbstring (as suggested in #1484292) -- Check filesize of template includes (#1484409) +- Fix compose function from address book (closes #1089) +- Added //IGNORE to iconv call (patch #1086, closes #821) +- Check if mbstring supports charset (#1003 and #1004) +- Prefer iconv over mbstring (as suggested in #1004) +- Check filesize of template includes (#1079) - Fixed bug with buttons not dimming/enabling properly after switching folders -- Fixed compose window becoming unresponsive after saving a draft (#1484487) -- Re-enabled "Back" button in compose window now that bug #1484487 is fixed -- Fixed unresponsive interface issue when downloading attachments (#1484496) +- Fixed compose window becoming unresponsive after saving a draft (#1132) +- Re-enabled "Back" button in compose window now that bug #1132 is fixed +- Fixed unresponsive interface issue when downloading attachments (#1138) - Lowered status message time from 5 to 3 seconds to improve responsiveness - Raised .htaccess upload_max_filesize from 2M to 5M to differ from default php.ini -- Increased "mailboxcontrols" mail.css width from 160 to 170px to fix non-english languages (#1484499) -- Fix status message bug #1484464 with regard to #1484353 +- Increased "mailboxcontrols" mail.css width from 160 to 170px to fix non-english languages (#1140) +- Fix status message bug #1114 with regard to #1041 - Fix address adding bug reported by David Koblas - Applied socket error patch by Thomas Mangin - Pass-by-reference workarround for PHP5 in sendmail.inc -- Fixed buggy imap_root settings (closes #1484379) -- Prevent default events on subject links (#1484399) +- Fixed buggy imap_root settings (closes #1056) +- Prevent default events on subject links (#1071) - Use HTTP-POST requests for actions that change state RELEASE 0.1-RC1 --------------- -- Use global filters and bind username/ for Ldap searches (#1484159) +- Use global filters and bind username/ for Ldap searches (#909) - Hide quota display if imap server does not support it - Hide address groups if no LDAP servers configured -- Add link to message subjects (closes #1484257) -- Better SQL query for contact listing/search (closes #1484369) -- Fixed marking as read in preview pane (closes #1484364) +- Add link to message subjects (closes #982) +- Better SQL query for contact listing/search (closes #1051) +- Fixed marking as read in preview pane (closes #1048) - CSS hack to display attachments correctly in IE6 -- Wrap message body text (closes #1484148) -- LDAP access is back in address book (closes #1484087) +- Wrap message body text (closes #901) +- LDAP access is back in address book (closes #864) - Added search function for contacts - New Template parsing and output encoding -- Fixed bugs #1484119 and #1483978 -- Fixed message moving procedure (closes #1484308) -- Fixed display of multiple attachments (closes #1466563) -- Fixed check for new messages (closes #1484310) +- Fixed bugs #884 and #793 +- Fixed message moving procedure (closes #1013) +- Fixed display of multiple attachments (closes #647) +- Fixed check for new messages (closes #1015) - List attachments without filename - New session authentication: Change sessid cookie when login, authentication with sessauth cookie is now configurable. - Should close bugs #1483951 and #1484299 -- Correctly translate mailbox names (closes #1484276) -- Quote e-mail address links (closes #1484300) + Should close bugs #774 and #1484299 +- Correctly translate mailbox names (closes #993) +- Quote e-mail address links (closes #1007) - Updated PEAR::Mail_mime package - Accept single quotes for HTML attributes when modifying message body (thanks Jason) - Sanitize input for new users/identities (thanks Colin Alston) - Don't download HTML message parts - Convert HTML parts to plaintext if 'prefer_html' is off -- Correctly parse message/rfc822 parts (closes #1484045) -- Also use user_id for unique key in messages table (closes #1484074) -- Hide contacts drop down on blur (closes #1484203) +- Correctly parse message/rfc822 parts (closes #838) +- Also use user_id for unique key in messages table (closes #857) +- Hide contacts drop down on blur (closes #946) - Make entries in contacts drop down clickable - Turn off browser autocompletion on login page - Quote <? in text/html message parts - Hide border around radio buttons -- Applied patch for attachment download by crichardson (closes #1484198) -- Fixed bug in Postgres DB handling (closes #1484068) -- Fixed bug of invalid calls to fetchRow() in rcube_db.inc (closes #1484280) -- Fixed array_merge bug (closes #1484281) -- Fixed flag for deletion in list view (closes #1484264) -- Finally support semicolons as recipient separator (closes ##1484251) +- Applied patch for attachment download by crichardson (closes #943) +- Fixed bug in Postgres DB handling (closes #852) +- Fixed bug of invalid calls to fetchRow() in rcube_db.inc (closes #996) +- Fixed array_merge bug (closes #997) +- Fixed flag for deletion in list view (closes #987) +- Finally support semicolons as recipient separator (closes ##976) - Fixed message headers (subject) encoding -- check if safe mode is on or not (closes #1484269) -- Show "no subject" in message list if subject is missing (closes #1484243) -- Solved page caching of message preview (closes #1484153) -- Only use gzip compression if configured (closes #1484236) -- Fixed priority selector issue (#1484150) -- Fixed some CSS issues in default skin (closes #1484210 and #1484161) -- Prevent from double quoting of numeric HTML character references (closes #1484253) -- Fixed display of HTML message attachments (closes #1484178) -- Applied patch for preview caching (closes #1484186) +- check if safe mode is on or not (closes #990) +- Show "no subject" in message list if subject is missing (closes #971) +- Solved page caching of message preview (closes #905) +- Only use gzip compression if configured (closes #967) +- Fixed priority selector issue (#903) +- Fixed some CSS issues in default skin (closes #951 and #911) +- Prevent from double quoting of numeric HTML character references (closes #978) +- Fixed display of HTML message attachments (closes #927) +- Applied patch for preview caching (closes #933) - Added error handling for attachment uploads -- Use multibyte safe string functions where necessary (closes #1483988) +- Use multibyte safe string functions where necessary (closes #798) - Applied security patch to validate the submitted host value (by Kees Cook) - Applied security patch to validate input values when deleting contacts (by Kees Cook) - Applied security patch that sanitizes emoticon paths when attaching them (by Kees Cook) - Applied a patch to more aggressively sanitize a HTML message - Visualize blocked images in HTML messages -- Fixed wrong message listing when showing search results (closes #1484131) +- Fixed wrong message listing when showing search results (closes #890) - Show remote images when opening HTML message part as attachment -- Improve memory usage when sending mail (closes #1484098) +- Improve memory usage when sending mail (closes #871) - Mark messages as read once the preview is loaded (closes #1484132) -- Include smtp final response in log (closes #1484081) -- Corrected date string in sent message header (closes #1484125) -- Correclty choose "To" column in sent and draft mailboxes (closes #1483943) -- Changed srong tooltips for message browse buttons (closes #1483930) -- Fixed signature delimeter character to be standard (Bug #1484035) -- Fixed XSS vulnerability (Bug #1484109) -- Remove newlines from mail headers (Bug #1484031) -- Selection issues when moving/deleting (Bug #1484044) +- Include smtp final response in log (closes #862) +- Corrected date string in sent message header (closes #887) +- Correclty choose "To" column in sent and draft mailboxes (closes #769) +- Changed srong tooltips for message browse buttons (closes #757) +- Fixed signature delimeter character to be standard (Bug #830) +- Fixed XSS vulnerability (Bug #877) +- Remove newlines from mail headers (Bug #827) +- Selection issues when moving/deleting (Bug #837) - Applied patch of Clement Moulin for imap host auto-selection -- ISO-encode IMAP password for plaintext login (Bugs #1483977 & #1483886) -- Fixed folder name encoding in subscription list (Bug #1484113) -- Fixed JS errors in identity list (Bug #1484120) -- Translate foldernames in folder form (closes #1484113) +- ISO-encode IMAP password for plaintext login (Bugs #792 & #723) +- Fixed folder name encoding in subscription list (Bug #879) +- Fixed JS errors in identity list (Bug #885) +- Translate foldernames in folder form (closes #879) - Added first and last buttons to message list, address book and message detail - Pressing Shift-Del bypasses Trash folder - Enable purge command for Junk folder - Fetch all aliases if virtuser_query is used instead -- Re-enabled multi select of contacts (Bug #1484017) -- Enable contact editing right after creation (Bug #1459641) +- Re-enabled multi select of contacts (Bug #817) +- Enable contact editing right after creation (Bug #644) - Correct UTF-7 to UTF-8 conversion if mbstring is not available -- Fixed IMAP fetch of message body (Bug #1484019) -- Fixed safe_mode problems (Bug #1418381) +- Fixed IMAP fetch of message body (Bug #819) +- Fixed safe_mode problems (Bug #539) - Fixed wrong header encoding (Bug #1483976) - Made automatic draft saving configurable -- Fixed JS bug when renaming folders (Bug #1483989) +- Fixed JS bug when renaming folders (Bug #799) - Added quota display as image (by Brett Patterson) - Corrected creation of a message-id - New indentation for quoted message text - Improved HTML validity -- Fixed URL character set (Ticket #1445501) -- Fixed saving of contact into MySQL from LDAP query results (Ticket #1483820) -- Fixed folder renaming: unsubscribe before rename (Bug #1483920) +- Fixed URL character set (Ticket #616) +- Fixed saving of contact into MySQL from LDAP query results (Ticket #681) +- Fixed folder renaming: unsubscribe before rename (Bug #750) - Finalized new message parsing (+ chaching) -- Fixed wrong usage of mbstring (Bug #1462439) -- Set default spelling language (Ticket #1483938) +- Fixed wrong usage of mbstring (Bug #645) +- Set default spelling language (Ticket #764) - Added support for Nox Spell Server -- Re-built message parsing (Bug #1327068) +- Re-built message parsing (Bug #422) Now based on the message structure delivered by the IMAP server. - Fixed some XSS and SQL injection issues - Fixed charset problems with folder renaming
View file
roundcubemail-1.1.4.tar.gz/INSTALL -> roundcubemail-1.1.5.tar.gz/INSTALL
Changed
@@ -18,7 +18,8 @@ - OpenSSL, Fileinfo, Mcrypt, mbstring (optional) * PEAR packages distributed with Roundcube or external: - Mail_Mime 1.9.0 or newer - - Net_SMTP (latest from https://github.com/pear/Net_SMTP/) + - Net_SMTP 1.7.1 or newer + - Net_Socket 1.0.12 or newer - Net_IDNA2 0.1.1 or newer - Auth_SASL 1.0.6 or newer - Net_Sieve 1.3.2 or newer (for managesieve plugin)
View file
roundcubemail-1.1.4.tar.gz/README.md -> roundcubemail-1.1.5.tar.gz/README.md
Changed
@@ -80,8 +80,8 @@ CONTACT ------- -For any bug reports or feature requests please refer to the tracking system -at [trac.roundcube.net][tracreport] or subscribe to our mailing list. +For bug reports or feature requests please refer to the tracking system +at [Github][githubissues] or subscribe to our mailing list. See [roundcube.net/support][support] for details. You're always welcome to send a message to the project admin: @@ -98,4 +98,4 @@ [license]: http://roundcube.net/license [contrib]: http://roundcube.net/contribute [support]: http://roundcube.net/support -[tracreport]: http://trac.roundcube.net/wiki/Howto_ReportIssues \ No newline at end of file +[githubissues]: https://github.com/roundcube/roundcubemail/issues \ No newline at end of file
View file
roundcubemail-1.1.4.tar.gz/composer.json-dist -> roundcubemail-1.1.5.tar.gz/composer.json-dist
Changed
@@ -5,7 +5,7 @@ "repositories": [ { "type": "pear", - "url": "http://pear.php.net/" + "url": "https://pear.php.net/" }, { "type": "composer", @@ -19,6 +19,7 @@ "require": { "php": ">=5.3.7", "roundcube/plugin-installer": "~0.1.6", + "pear-pear.php.net/net_socket": "~1.0.12", "pear-pear.php.net/auth_sasl": "~1.0.6", "pear-pear.php.net/net_idna2": "~0.1.1", "pear-pear.php.net/net_sieve": "~1.3.4",
View file
roundcubemail-1.1.4.tar.gz/config/defaults.inc.php -> roundcubemail-1.1.5.tar.gz/config/defaults.inc.php
Changed
@@ -936,6 +936,10 @@ // Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode $config['addressbook_search_mode'] = 0; +// List of fields used on contacts list and for autocompletion searches +// Warning: These are field names not LDAP attributes (see 'fieldmap' setting)! +$config['contactlist_fields'] = array('name', 'firstname', 'surname', 'email'); + // Template of contact entry on the autocompletion list. // You can use contact fields as: name, email, organization, department, etc. // See program/steps/addressbook/func.inc for a list
View file
roundcubemail-1.1.4.tar.gz/index.php -> roundcubemail-1.1.5.tar.gz/index.php
Changed
@@ -2,7 +2,7 @@ /* +-------------------------------------------------------------------------+ | Roundcube Webmail IMAP Client | - | Version 1.1.4 | + | Version 1.1.5 | | | | Copyright (C) 2005-2015, The Roundcube Dev Team | | |
View file
roundcubemail-1.1.4.tar.gz/installer/index.php -> roundcubemail-1.1.5.tar.gz/installer/index.php
Changed
@@ -3,7 +3,7 @@ /* +-------------------------------------------------------------------------+ | Roundcube Webmail setup tool | - | Version 1.1.4 | + | Version 1.1.5 | | | | Copyright (C) 2009-2015, The Roundcube Dev Team | | |
View file
roundcubemail-1.1.4.tar.gz/plugins/additional_message_headers/additional_message_headers.php -> roundcubemail-1.1.5.tar.gz/plugins/additional_message_headers/additional_message_headers.php
Changed
@@ -24,23 +24,33 @@ { $this->load_config(); - $headers = $args['message']->headers(); - $rcube = rcube::get_instance(); + $rcube = rcube::get_instance(); // additional email headers $additional_headers = $rcube->config->get('additional_message_headers', array()); - foreach ((array)$additional_headers as $header => $value) { - if (null === $value) { - unset($headers[$header]); + + if (!empty($additional_headers)) { + // Mail_mime >= 1.9.0 + if (method_exists($message, 'isMultipart')) { + $args['message']->headers($additional_headers, true); } else { - $headers[$header] = $value; + $headers = $args['message']->headers(); + + foreach ((array) $additional_headers as $header => $value) { + if ($value === null) { + unset($headers[$header]); + } + else { + $headers[$header] = $value; + } + } + + $args['message']->_headers = array(); + $args['message']->headers($headers); } } - $args['message']->_headers = array(); - $args['message']->headers($headers); - return $args; } }
View file
roundcubemail-1.1.4.tar.gz/plugins/additional_message_headers/composer.json -> roundcubemail-1.1.5.tar.gz/plugins/additional_message_headers/composer.json
Changed
@@ -3,7 +3,7 @@ "type": "roundcube-plugin", "description": "Very simple plugin which will add additional headers to or remove them from outgoing messages.", "license": "GPLv2", - "version": "1.2.0", + "version": "1.2.1", "authors": [ { "name": "Ziba Scott",
View file
roundcubemail-1.1.4.tar.gz/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php -> roundcubemail-1.1.5.tar.gz/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php
Changed
@@ -397,6 +397,8 @@ } } else if ($action == 'setget') { + $this->rc->request_security_check(rcube_utils::INPUT_GET); + $script_name = rcube_utils::get_input_value('_set', rcube_utils::INPUT_GPC, true); $script = $this->sieve->get_script($script_name);
View file
roundcubemail-1.1.4.tar.gz/plugins/managesieve/managesieve.js -> roundcubemail-1.1.5.tar.gz/plugins/managesieve/managesieve.js
Changed
@@ -181,7 +181,7 @@ var id = this.filtersets_list.get_single_selection(), script = this.env.filtersets[id]; - location.href = this.env.comm_path+'&_action=plugin.managesieve-action&_act=setget&_set='+urlencode(script); + this.goto_url('plugin.managesieve-action', {_act: 'setget', _set: script}, false, true); }; // Set activate/deactivate request
View file
roundcubemail-1.1.4.tar.gz/plugins/newmail_notifier/composer.json -> roundcubemail-1.1.5.tar.gz/plugins/newmail_notifier/composer.json
Changed
@@ -1,9 +1,9 @@ { "name": "roundcube/newmail_notifier", "type": "roundcube-plugin", - "description": "Supports three methods of notification: 1. Basic - focus browser window and change favicon 2. Sound - play wav file 3. Desktop - display desktop notification (using webkitNotifications feature, supported by Chrome and Firefox with 'HTML5 Notifications' plugin).", + "description": "Supports three methods of notification: 1. Basic - focus browser window and change favicon 2. Sound - play wav file 3. Desktop - display desktop notification (using HTML5 Notification API feature).", "license": "GPLv3+", - "version": "0.7", + "version": "0.8", "authors": [ { "name": "Aleksander Machniak",
View file
roundcubemail-1.1.4.tar.gz/plugins/newmail_notifier/newmail_notifier.js -> roundcubemail-1.1.5.tar.gz/plugins/newmail_notifier/newmail_notifier.js
Changed
@@ -6,7 +6,7 @@ * @licstart The following is the entire license notice for the * JavaScript code in this file. * - * Copyright (c) 2013, The Roundcube Dev Team + * Copyright (c) 2013-2016, The Roundcube Dev Team * * The JavaScript code in this page is free software: you can redistribute it * and/or modify it under the terms of the GNU General Public License @@ -18,13 +18,13 @@ */ if (window.rcmail && rcmail.env.task == 'mail') { - rcmail.addEventListener('plugin.newmail_notifier', newmail_notifier_run); - rcmail.addEventListener('actionbefore', newmail_notifier_stop); - rcmail.addEventListener('init', function() { - // bind to messages list select event, so favicon will be reverted on message preview too - if (rcmail.message_list) - rcmail.message_list.addEventListener('select', newmail_notifier_stop); - }); + rcmail.addEventListener('plugin.newmail_notifier', newmail_notifier_run) + .addEventListener('actionbefore', newmail_notifier_stop) + .addEventListener('init', function() { + // bind to messages list select event, so favicon will be reverted on message preview too + if (rcmail.message_list) + rcmail.message_list.addEventListener('select', newmail_notifier_stop); + }); } // Executes notification methods @@ -35,7 +35,7 @@ if (prop.sound) newmail_notifier_sound(); if (prop.desktop) - newmail_notifier_desktop(rcmail.gettext('body', 'newmail_notifier')); + newmail_notifier_desktop(rcmail.get_label('body', 'newmail_notifier')); } // Stops notification @@ -76,7 +76,7 @@ // Add IE icon overlay if we're pinned to Taskbar try { if (window.external.msIsSiteMode()) { - window.external.msSiteModeSetIconOverlay(path + '/overlay.ico', rcmail.gettext('title', 'newmail_notifier')); + window.external.msSiteModeSetIconOverlay(path + '/overlay.ico', rcmail.get_label('title', 'newmail_notifier')); } } catch(e) {} } @@ -106,77 +106,46 @@ } // Desktop notification -// - Require Chrome or Firefox latest version (22+) / 21.0 or older with a plugin -function newmail_notifier_desktop(body) +// - Require window.Notification API support (Chrome 22+ or Firefox 22+) +function newmail_notifier_desktop(body, disabled_callback) { var timeout = rcmail.env.newmail_notifier_timeout || 10, - icon = rcmail.assets_path('plugins/newmail_notifier/mail.png'); - - - // As of 17 June 2013, Chrome/Chromium does not implement Notification.permission correctly that - // it gives 'undefined' until an object has been created: - // https://code.google.com/p/chromium/issues/detail?id=163226 - try { - if (Notification.permission == 'granted' || Notification.permission == undefined) { - var popup = new Notification(rcmail.gettext('title', 'newmail_notifier'), { + icon = rcmail.assets_path('plugins/newmail_notifier/mail.png'), + success_callback = function() { + var popup = new window.Notification(rcmail.get_label('title', 'newmail_notifier'), { dir: "auto", lang: "", body: body, tag: "newmail_notifier", icon: icon }); - popup.onclick = function() { - this.close(); - } + popup.onclick = function() { this.close(); }; setTimeout(function() { popup.close(); }, timeout * 1000); - if (popup.permission == 'granted') return true; - } + }; + + try { + window.Notification.requestPermission(function(perm) { + if (perm == 'granted') + success_callback(); + else if (perm == 'denied' && disabled_callback) + disabled_callback(); + }); + + return true; } catch (e) { - var dn = window.webkitNotifications; - - if (dn && !dn.checkPermission()) { - if (rcmail.newmail_popup) - rcmail.newmail_popup.cancel(); - var popup = window.webkitNotifications.createNotification(icon, - rcmail.gettext('title', 'newmail_notifier'), body); - popup.onclick = function() { - this.cancel(); - } - popup.show(); - setTimeout(function() { popup.cancel(); }, timeout * 1000); - rcmail.newmail_popup = popup; - return true; - } + return false; } - return false; } function newmail_notifier_test_desktop() { - var txt = rcmail.gettext('testbody', 'newmail_notifier'); + var status = newmail_notifier_desktop(rcmail.get_label('testbody', 'newmail_notifier'), function() { + rcmail.display_message(rcmail.get_label('desktopdisabled', 'newmail_notifier'), 'error'); + }); - // W3C draft implementation (with fix for Chrome/Chromium) - try { - var testNotification = new window.Notification(txt, {tag: "newmail_notifier"}); // Try to show a test message - if (Notification.permission !== 'granted' || (testNotification.permission && testNotification.permission !== 'granted')) - newmail_notifier_desktop_authorize(); - } - // webkit implementation - catch (e) { - var dn = window.webkitNotifications; - if (dn) { - if (!dn.checkPermission()) - newmail_notifier_desktop(txt); - else - dn.requestPermission(function() { - if (!newmail_notifier_desktop(txt)) - rcmail.display_message(rcmail.gettext('desktopdisabled', 'newmail_notifier'), 'error'); - }); - } - else - // Everything fails, means the browser has no support - rcmail.display_message(rcmail.gettext('desktopunsupported', 'newmail_notifier'), 'error'); + if (!status) { + rcmail.display_message(rcmail.get_label('desktopunsupported', 'newmail_notifier'), 'error'); } } @@ -189,12 +158,3 @@ { newmail_notifier_sound(); } - -function newmail_notifier_desktop_authorize() { - Notification.requestPermission(function(perm) { - if (perm == 'denied') - rcmail.display_message(rcmail.gettext('desktopdisabled', 'newmail_notifier'), 'error'); - if (perm == 'granted') - newmail_notifier_test_desktop(); // Test again, which should show test message - }); -}
View file
roundcubemail-1.1.4.tar.gz/plugins/newmail_notifier/newmail_notifier.php -> roundcubemail-1.1.5.tar.gz/plugins/newmail_notifier/newmail_notifier.php
Changed
@@ -4,16 +4,14 @@ * New Mail Notifier plugin * * Supports three methods of notification: - * 1. Basic - focus browser window and change favicon - * 2. Sound - play wav file - * 3. Desktop - display desktop notification (using webkitNotifications feature, - * supported by Chrome and Firefox with 'HTML5 Notifications' plugin) + * 1. Basic - focus browser window and change favicon + * 2. Sound - play wav file + * 3. Desktop - display desktop notification (using window.Notification API) * * @version @package_version@ * @author Aleksander Machniak <alec@alec.pl> * - * - * Copyright (C) 2011, Kolab Systems AG + * Copyright (C) 2011-2016, Kolab Systems AG * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by
View file
roundcubemail-1.1.4.tar.gz/plugins/password/drivers/dbmail.php -> roundcubemail-1.1.5.tar.gz/plugins/password/drivers/dbmail.php
Changed
@@ -40,20 +40,9 @@ $args = rcmail::get_instance()->config->get('password_dbmail_args', ''); $command = "$curdir/chgdbmailusers -c $username -w $password $args"; - if (strlen($command) > 1024) { - rcube::raise_error(array( - 'code' => 600, - 'type' => 'php', - 'file' => __FILE__, 'line' => __LINE__, - 'message' => "Password plugin: The command is too long." - ), true, false); - - return PASSWORD_ERROR; - } - - exec($command, $output, $returnvalue); + exec($command, $output, $return_value); - if ($returnvalue == 0) { + if ($return_value == 0) { return PASSWORD_SUCCESS; } else {
View file
roundcubemail-1.1.4.tar.gz/plugins/password/helpers/chgdbmailusers.c -> roundcubemail-1.1.5.tar.gz/plugins/password/helpers/chgdbmailusers.c
Changed
@@ -1,5 +1,4 @@ #include <stdio.h> -#include <string.h> #include <unistd.h> // set the UID this script will run as (root user) @@ -15,27 +14,10 @@ main(int argc, char *argv[]) { - int cnt,rc,cc; - char cmnd[1024]; - - strcpy(cmnd, CMD); - - if (argc > 1) - { - for (cnt = 1; cnt < argc; cnt++) - { - strcat(cmnd, " "); - strcat(cmnd, argv[cnt]); - } - } - else - { - fprintf(stderr, "__ %s: failed %d %d\n", argv[0], rc, cc); - return 255; - } + int rc, cc; cc = setuid(UID); - rc = system(cmnd); + rc = execvp(CMD, argv); if ((rc != 0) || (cc != 0)) {
View file
roundcubemail-1.1.4.tar.gz/plugins/zipdownload/zipdownload.js -> roundcubemail-1.1.5.tar.gz/plugins/zipdownload/zipdownload.js
Changed
@@ -54,7 +54,7 @@ // default .eml download of single message if (mode == 'eml') { var uid = rcmail.get_single_uid(); - rcmail.goto_url('viewsource', rcmail.params_from_uid(uid, {_save: 1})); + rcmail.goto_url('viewsource', rcmail.params_from_uid(uid, {_save: 1}), false, true); return; }
View file
roundcubemail-1.1.4.tar.gz/plugins/zipdownload/zipdownload.php -> roundcubemail-1.1.5.tar.gz/plugins/zipdownload/zipdownload.php
Changed
@@ -63,7 +63,7 @@ '_action' => 'plugin.zipdownload.attachments', '_mbox' => $rcmail->output->env['mailbox'], '_uid' => $rcmail->output->env['uid'], - )); + ), false, false, true); $link = html::a(array('href' => $href, 'class' => 'button zipdownload'), rcube::Q($this->gettext('downloadall')) @@ -120,6 +120,10 @@ public function download_attachments() { $rcmail = rcmail::get_instance(); + + // require CSRF protected request + $rcmail->request_security_check(rcube_utils::INPUT_GET); + $imap = $rcmail->get_storage(); $temp_dir = $rcmail->config->get('temp_dir'); $tmpfname = tempnam($temp_dir, 'zipdownload');
View file
roundcubemail-1.1.4.tar.gz/program/include/iniset.php -> roundcubemail-1.1.5.tar.gz/program/include/iniset.php
Changed
@@ -21,7 +21,7 @@ */ // application constants -define('RCMAIL_VERSION', '1.1.4'); +define('RCMAIL_VERSION', '1.1.5'); define('RCMAIL_START', microtime(true)); if (!defined('INSTALL_PATH')) {
View file
roundcubemail-1.1.4.tar.gz/program/include/rcmail.php -> roundcubemail-1.1.5.tar.gz/program/include/rcmail.php
Changed
@@ -813,6 +813,8 @@ // this need to be full url to make redirects work $absolute = true; } + else if ($secure && ($token = $this->get_request_token())) + $url .= $delm . '_token=' . urlencode($token); if ($absolute || $full) { // add base path to this Roundcube installation @@ -1926,7 +1928,8 @@ foreach ($emoticons as $idx => $file) { // <img title="Cry" src="http://.../program/js/tinymce/plugins/emoticons/img/smiley-cry.gif" border="0" alt="Cry" /> - $search[] = '/<img title="[a-z ]+" src="https?:\/\/[a-z0-9_.\/-]+\/tinymce\/plugins\/emoticons\/img\/'.$file.'.gif"[^>]+\/>/i'; + $file = preg_quote('program/js/tinymce/plugins/emoticons/img/' . $file . '.gif', '/'); + $search[] = '/<img (title="[a-z ]+" )?src="[^"]+' . $file . '"[^>]+\/>/i'; $replace[] = $idx; } @@ -2319,6 +2322,39 @@ return file_get_contents($name, false); } + /** + * Converts HTML content into plain text + * + * @param string $html HTML content + * @param array $options Conversion parameters (width, links, charset) + * + * @return string Plain text + */ + public function html2text($html, $options = array()) + { + $default_options = array( + 'links' => true, + 'width' => 75, + 'body' => $html, + 'charset' => RCUBE_CHARSET, + ); + + $options = array_merge($default_options, (array) $options); + + // Plugins may want to modify HTML in another/additional way + $options = $this->plugins->exec_hook('html2text', $options); + + // Convert to text + if (!$options['abort']) { + $converter = new rcube_html2text($options['body'], + false, $options['links'], $options['width'], $options['charset']); + + $options['body'] = rtrim($converter->get_text()); + } + + return $options['body']; + } + /************************************************************************ ********* Deprecated methods (to be removed) *********
View file
roundcubemail-1.1.4.tar.gz/program/include/rcmail_install.php -> roundcubemail-1.1.5.tar.gz/program/include/rcmail_install.php
Changed
@@ -569,26 +569,30 @@ * Return a list with available subfolders of the plugins directory * (with their associated description in composer.json) */ - function list_plugins() + function list_plugins() { $plugins = array(); $plugin_dir = INSTALL_PATH . 'plugins/'; - foreach (glob($plugin_dir . '*') as $path) - { + foreach (glob($plugin_dir . '*') as $path) { + if (!is_dir($path)) { + continue; + } - if (is_dir($path) && is_readable($path.'/composer.json')) - { - $file_json = json_decode(file_get_contents($path.'/composer.json')); + if (is_readable($path.'/composer.json')) { + $file_json = json_decode(file_get_contents($path.'/composer.json')); $plugin_desc = $file_json->description ?: 'N/A'; } - else - { + else { $plugin_desc = 'N/A'; } - $name = substr($path, strlen($plugin_dir)); - $plugins[] = array('name' => $name, 'desc' => $plugin_desc, 'enabled' => in_array($name, $this->config['plugins'])); + $name = substr($path, strlen($plugin_dir)); + $plugins[] = array( + 'name' => $name, + 'desc' => $plugin_desc, + 'enabled' => in_array($name, (array) $this->config['plugins']) + ); } return $plugins;
View file
roundcubemail-1.1.4.tar.gz/program/include/rcmail_output_html.php -> roundcubemail-1.1.5.tar.gz/program/include/rcmail_output_html.php
Changed
@@ -514,10 +514,10 @@ // write all javascript commands $this->add_script($commands, 'head_top'); - // send clickjacking protection headers + // allow (legal) iframe content to be loaded $iframe = $this->framed || $this->env['framed']; - if (!headers_sent() && ($xframe = $this->app->config->get('x_frame_options', 'sameorigin'))) { - header('X-Frame-Options: ' . ($iframe && $xframe == 'deny' ? 'sameorigin' : $xframe)); + if (!headers_sent() && $iframe && $this->app->config->get('x_frame_options', 'sameorigin') === 'deny') { + header('X-Frame-Options: sameorigin', true); } // call super method
View file
roundcubemail-1.1.4.tar.gz/program/include/rcmail_string_replacer.php -> roundcubemail-1.1.5.tar.gz/program/include/rcmail_string_replacer.php
Changed
@@ -41,6 +41,16 @@ { $href = $matches[1]; $suffix = $this->parse_url_brackets($href); + $email = $href; + + if (strpos($email, '?')) { + list($email,) = explode('?', $email); + } + + // skip invalid emails + if (!rcube_utils::check_email($email, false)) { + return $matches[1]; + } $i = $this->add(html::a(array( 'href' => 'mailto:' . $href,
View file
roundcubemail-1.1.4.tar.gz/program/js/app.js -> roundcubemail-1.1.5.tar.gz/program/js/app.js
Changed
@@ -999,7 +999,7 @@ break; } - this.goto_url('get', qstring+'&_download=1', false); + this.goto_url('get', qstring+'&_download=1', false, true); break; case 'select-all': @@ -1205,10 +1205,10 @@ case 'download': if (this.env.action == 'get') { - location.href = location.href.replace(/_frame=/, '_download='); + location.href = this.secure_url(location.href.replace(/_frame=/, '_download=')); } else if (uid = this.get_single_uid()) { - this.goto_url('viewsource', this.params_from_uid(uid, {_save: 1})); + this.goto_url('viewsource', this.params_from_uid(uid, {_save: 1}), false, true); } break; @@ -1296,13 +1296,13 @@ case 'export': if (this.contact_list.rowcount > 0) { - this.goto_url('export', { _source: this.env.source, _gid: this.env.group, _search: this.env.search_request }); + this.goto_url('export', { _source: this.env.source, _gid: this.env.group, _search: this.env.search_request }, false, true); } break; case 'export-selected': if (this.contact_list.rowcount > 0) { - this.goto_url('export', { _source: this.env.source, _gid: this.env.group, _cid: this.contact_list.get_selection().join(',') }); + this.goto_url('export', { _source: this.env.source, _gid: this.env.group, _cid: this.contact_list.get_selection().join(',') }, false, true); } break; @@ -1417,7 +1417,7 @@ if (task == 'mail') url += '&_mbox=INBOX'; else if (task == 'logout' && !this.env.server_error) { - url += '&_token=' + this.env.request_token; + url = this.secure_url(url); this.clear_compose_data(); } @@ -1466,6 +1466,12 @@ return url + '?' + name + '=' + value; }; + // append CSRF protection token to the given url + this.secure_url = function(url) + { + return this.add_url(url, '_token', this.env.request_token); + }, + this.is_framed = function() { return this.env.framed && parent.rcmail && parent.rcmail != this && typeof parent.rcmail.command == 'function'; @@ -7282,9 +7288,11 @@ } }; - this.goto_url = function(action, query, lock) + this.goto_url = function(action, query, lock, secure) { - this.redirect(this.url(action, query), lock); + var url = this.url(action, query) + if (secure) url = this.secure_url(url); + this.redirect(url, lock); }; this.location_href = function(url, target, frame) @@ -7529,7 +7537,10 @@ this.enable_command('set-listmode', this.env.threads && !is_multifolder); if (list.rowcount > 0 && !$(document.activeElement).is('input,textarea')) list.focus(); - this.msglist_select(list); + + // trigger 'select' so all dependent actions update its state + // e.g. plugins use this event to activate buttons (#1490647) + list.triggerEvent('select'); } if (response.action != 'getunread')
View file
roundcubemail-1.1.4.tar.gz/program/js/common.js -> roundcubemail-1.1.5.tar.gz/program/js/common.js
Changed
@@ -744,16 +744,16 @@ * @param {String} input The string to encode in base64. */ encode: function (input) { + // encode UTF8 as btoa() may fail on some characters + input = utf8_encode(input); + if (typeof(window.btoa) === 'function') { - // it may fail on unicode characters, the fallback can handle them try { return btoa(input); } catch (e) {}; } - input = utf8_encode(input); - var chr1, chr2, chr3, enc1, enc2, enc3, enc4, i = 0, output = '', len = input.length; while (i < len) { @@ -785,7 +785,6 @@ */ decode: function (input) { if (typeof(window.atob) === 'function') { - // it may fail on unicode characters, the fallback can handle them try { return utf8_decode(atob(input)); }
View file
roundcubemail-1.1.4.tar.gz/program/js/editor.js -> roundcubemail-1.1.5.tar.gz/program/js/editor.js
Changed
@@ -71,6 +71,9 @@ tinymce.registered_request_token = true; tinymce.util.XHR.on('beforeSend', function(e) { e.xhr.setRequestHeader('X-Roundcube-Request', rcmail.env.request_token); + // Fix missing lang parameter on addToDictionary request (#1490634) + if (e.settings && e.settings.data && /^method=addToDictionary/.test(e.settings.data) && !/&lang=/.test(e.settings.data)) + e.settings.data += '&lang=' + ref.editor.plugins.spellchecker.getLanguage(); }); }
View file
roundcubemail-1.1.4.tar.gz/program/js/list.js -> roundcubemail-1.1.5.tar.gz/program/js/list.js
Changed
@@ -1104,11 +1104,11 @@ /** * Check if given id is part of the current selection */ -in_selection: function(id) +in_selection: function(id, index) { for (var n in this.selection) if (this.selection[n] == id) - return true; + return index ? n : true; return false; }, @@ -1256,18 +1256,19 @@ } } else { - if (!this.in_selection(id)) { // select row + var pre, post, p = this.in_selection(id, true); + + if (p === false) { // select row this.selection.push(id); $(this.rows[id].obj).addClass('selected').attr('aria-selected', 'true'); if (!norecur && !this.rows[id].expanded) this.highlight_children(id, true); } else { // unselect row - var p = $.inArray(id, this.selection), - a_pre = this.selection.slice(0, p), - a_post = this.selection.slice(p+1, this.selection.length); + pre = this.selection.slice(0, p); + post = this.selection.slice(p+1, this.selection.length); - this.selection = a_pre.concat(a_post); + this.selection = pre.concat(post); $(this.rows[id].obj).removeClass('selected').removeAttr('aria-selected'); if (!norecur && !this.rows[id].expanded) this.highlight_children(id, false);
View file
roundcubemail-1.1.4.tar.gz/program/lib/Roundcube/README.md -> roundcubemail-1.1.5.tar.gz/program/lib/Roundcube/README.md
Changed
@@ -23,7 +23,8 @@ one or multiple of the following [PEAR][pear] libraries: - Mail_Mime 1.8.1 or newer -- Net_SMTP (latest from https://github.com/pear/Net_SMTP/) +- Net_SMTP 1.7.1 or newer +- Net_Socket 1.0.12 or newer - Net_IDNA2 0.1.1 or newer - Auth_SASL 1.0.6 or newer @@ -86,8 +87,8 @@ CONTACT ------- -For any bug reports or feature requests please refer to the tracking system -at [trac.roundcube.net][tracreport] or subscribe to our mailing list. +For bug reports or feature requests please refer to the tracking system +at [Github][githubissues] or subscribe to our mailing list. See [roundcube.net/support][support] for details. You're always welcome to send a message to the project admins: @@ -98,4 +99,4 @@ [gpl]: http://www.gnu.org/licenses/ [license]: http://roundcube.net/license [support]: http://roundcube.net/support -[tracreport]: http://trac.roundcube.net/wiki/Howto_ReportIssues \ No newline at end of file +[githubissues]: https://github.com/roundcube/roundcubemail/issues
View file
roundcubemail-1.1.4.tar.gz/program/lib/Roundcube/bootstrap.php -> roundcubemail-1.1.5.tar.gz/program/lib/Roundcube/bootstrap.php
Changed
@@ -54,7 +54,7 @@ } // framework constants -define('RCUBE_VERSION', '1.1.4'); +define('RCUBE_VERSION', '1.1.5'); define('RCUBE_CHARSET', 'UTF-8'); if (!defined('RCUBE_LIB_DIR')) {
View file
roundcubemail-1.1.4.tar.gz/program/lib/Roundcube/rcube_config.php -> roundcubemail-1.1.5.tar.gz/program/lib/Roundcube/rcube_config.php
Changed
@@ -87,9 +87,10 @@ $this->load(); // Defaults, that we do not require you to configure, - // but contain information that is used in various - // locations in the code: - $this->set('contactlist_fields', array('name', 'firstname', 'surname', 'email')); + // but contain information that is used in various locations in the code: + if (empty($this->prop['contactlist_fields'])) { + $this->set('contactlist_fields', array('name', 'firstname', 'surname', 'email')); + } } /**
View file
roundcubemail-1.1.4.tar.gz/program/lib/Roundcube/rcube_imap.php -> roundcubemail-1.1.5.tar.gz/program/lib/Roundcube/rcube_imap.php
Changed
@@ -3295,6 +3295,12 @@ public function get_special_folders($forced = false) { $result = parent::get_special_folders(); + $rcube = rcube::get_instance(); + + // Lock SPECIAL-USE after user preferences change (#4782) + if ($rcube->config->get('lock_special_folders')) { + return $result; + } if (isset($this->icache['special-use'])) { return array_merge($result, $this->icache['special-use']);
View file
roundcubemail-1.1.4.tar.gz/program/lib/Roundcube/rcube_imap_generic.php -> roundcubemail-1.1.5.tar.gz/program/lib/Roundcube/rcube_imap_generic.php
Changed
@@ -910,7 +910,18 @@ return false; } - if (!stream_socket_enable_crypto($this->fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) { + if (isset($this->prefs['socket_options']['ssl']['crypto_method'])) { + $crypto_method = $this->prefs['socket_options']['ssl']['crypto_method']; + } + else { + // There is no flag to enable all TLS methods. Net_SMTP + // handles enabling TLS similarly. + $crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT + | @STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT + | @STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT; + } + + if (!stream_socket_enable_crypto($this->fp, true, $crypto_method)) { $this->setError(self::ERROR_BAD, "Unable to negotiate TLS"); $this->closeConnection(); return false;
View file
roundcubemail-1.1.4.tar.gz/program/lib/Roundcube/rcube_message.php -> roundcubemail-1.1.5.tar.gz/program/lib/Roundcube/rcube_message.php
Changed
@@ -105,10 +105,11 @@ $this->opt = array( 'safe' => $this->is_safe, 'prefer_html' => $this->app->config->get('prefer_html'), - 'get_url' => $this->app->url(array( - 'action' => 'get', - 'mbox' => $this->storage->get_folder(), - 'uid' => $uid)) + 'get_url' => $this->app->url(array( + 'action' => 'get', + 'mbox' => $this->storage->get_folder(), + 'uid' => $uid), + false, false, true) ); if (!empty($this->headers->structure)) {
View file
roundcubemail-1.1.4.tar.gz/program/lib/Roundcube/rcube_output.php -> roundcubemail-1.1.5.tar.gz/program/lib/Roundcube/rcube_output.php
Changed
@@ -190,6 +190,11 @@ // Request browser to disable DNS prefetching (CVE-2010-0464) header("X-DNS-Prefetch-Control: off"); + + // send CSRF and clickjacking protection headers + if ($xframe = $this->app->config->get('x_frame_options', 'sameorigin')) { + header('X-Frame-Options: ' . $xframe); + } } /**
View file
roundcubemail-1.1.4.tar.gz/program/lib/Roundcube/rcube_result_index.php -> roundcubemail-1.1.5.tar.gz/program/lib/Roundcube/rcube_result_index.php
Changed
@@ -259,7 +259,6 @@ return; } - // @TODO: maybe do this in chunks $data = $this->get(); $data = array_reverse($data); $this->raw_data = implode(self::SEPARATOR_ELEMENT, $data);
View file
roundcubemail-1.1.4.tar.gz/program/lib/Roundcube/rcube_result_thread.php -> roundcubemail-1.1.5.tar.gz/program/lib/Roundcube/rcube_result_thread.php
Changed
@@ -252,22 +252,11 @@ return; } - $this->meta['pos'] = array(); - $datalen = strlen($this->raw_data); - $result = ''; - $start = 0; - - while (($pos = @strpos($this->raw_data, self::SEPARATOR_ELEMENT, $start)) - || ($start < $datalen && ($pos = $datalen)) - ) { - $len = $pos - $start; - $elem = substr($this->raw_data, $start, $len); - $start = $pos + 1; - - $result = $elem . self::SEPARATOR_ELEMENT . $result; - } + $data = explode(self::SEPARATOR_ELEMENT, $this->raw_data); + $data = array_reverse($data); + $this->raw_data = implode(self::SEPARATOR_ELEMENT, $data); - $this->raw_data = rtrim($result, self::SEPARATOR_ELEMENT); + $this->meta['pos'] = array(); }
View file
roundcubemail-1.1.4.tar.gz/program/lib/Roundcube/rcube_smtp.php -> roundcubemail-1.1.5.tar.gz/program/lib/Roundcube/rcube_smtp.php
Changed
@@ -460,15 +460,19 @@ } $addresses = array(); + $recipients = preg_replace('/[\s\t]*\r?\n/', '', $recipients); $recipients = rcube_utils::explode_quoted_string(',', $recipients); reset($recipients); foreach ($recipients as $recipient) { $a = rcube_utils::explode_quoted_string(' ', $recipient); foreach ($a as $word) { - if (strpos($word, "@") > 0 && $word[strlen($word)-1] != '"') { - $word = preg_replace('/^<|>$/', '', trim($word)); - if (in_array($word, $addresses) === false) { + $word = trim($word); + $len = strlen($word); + + if ($len && strpos($word, "@") > 0 && $word[$len-1] != '"') { + $word = preg_replace('/^<|>$/', '', $word); + if (!in_array($word, $addresses)) { array_push($addresses, $word); } }
View file
roundcubemail-1.1.4.tar.gz/program/lib/Roundcube/rcube_string_replacer.php -> roundcubemail-1.1.5.tar.gz/program/lib/Roundcube/rcube_string_replacer.php
Changed
@@ -30,10 +30,11 @@ public $linkref_index; public $linkref_pattern; - private $values = array(); - private $options = array(); - private $linkrefs = array(); - private $urls = array(); + protected $values = array(); + protected $options = array(); + protected $linkrefs = array(); + protected $urls = array(); + protected $noword = '[^\w@.#-]'; function __construct($options = array()) @@ -44,16 +45,18 @@ $url1 = '.:;,'; $url2 = 'a-zA-Z0-9%=#$@+?|!&\\/_~\\[\\]\\(\\){}\*\x80-\xFE-'; - $this->link_pattern = "/([\w]+:\/\/|\W[Ww][Ww][Ww]\.|^[Ww][Ww][Ww]\.)($utf_domain([$url1]*[$url2]+)*)/"; - $this->mailto_pattern = "/(" + // Supported link prefixes + $link_prefix = "([\w]+:\/\/|{$this->noword}[Ww][Ww][Ww]\.|^[Ww][Ww][Ww]\.)"; + + $this->options = $options; + $this->linkref_index = '/\[([^\]#]+)\](:?\s*##str_replacement_(\d+)##)/'; + $this->linkref_pattern = '/\[([^\]#]+)\]/'; + $this->link_pattern = "/$link_prefix($utf_domain([$url1]*[$url2]+)*)/"; + $this->mailto_pattern = "/(" ."[-\w!\#\$%&\'*+~\/^`|{}=]+(?:\.[-\w!\#\$%&\'*+~\/^`|{}=]+)*" // local-part ."@$utf_domain" // domain-part ."(\?[$url1$url2]+)?" // e.g. ?subject=test... .")/"; - $this->linkref_index = '/\[([^\]#]+)\](:?\s*##str_replacement_(\d+)##)/'; - $this->linkref_pattern = '/\[([^\]#]+)\]/'; - - $this->options = $options; } /** @@ -91,7 +94,7 @@ if (preg_match('!^(http|ftp|file)s?://!i', $scheme)) { $url = $matches[1] . $matches[2]; } - else if (preg_match('/^(\W*)(www\.)$/i', $matches[1], $m)) { + else if (preg_match("/^({$this->noword}*)(www\.)$/i", $matches[1], $m)) { $url = $m[2] . $matches[2]; $url_prefix = 'http://'; $prefix = $m[1];
View file
roundcubemail-1.1.4.tar.gz/program/lib/Roundcube/rcube_utils.php -> roundcubemail-1.1.5.tar.gz/program/lib/Roundcube/rcube_utils.php
Changed
@@ -1164,7 +1164,7 @@ } } else { - $alpha = 'ABCDEFGHIJKLMNOPQERSTUVXYZabcdefghijklmnopqrtsuvwxyz0123456789+*%&?!$-_='; + $alpha = 'ABCDEFGHIJKLMNOPQERSTUVXYZabcdefghijklmnopqrtsuvwxyz0123456789,*.:?!$-_='; $random = ''; for ($i = 0; $i < $length; $i++) {
View file
roundcubemail-1.1.4.tar.gz/program/lib/Roundcube/rcube_washtml.php -> roundcubemail-1.1.5.tar.gz/program/lib/Roundcube/rcube_washtml.php
Changed
@@ -97,7 +97,20 @@ 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'u', 'ul', 'var', 'wbr', 'img', 'video', 'source', // form elements - 'button', 'input', 'textarea', 'select', 'option', 'optgroup' + 'button', 'input', 'textarea', 'select', 'option', 'optgroup', + // SVG + 'svg', 'altglyph', 'altglyphdef', 'altglyphitem', 'animate', + 'animatecolor', 'animatetransform', 'circle', 'clippath', 'defs', 'desc', + 'ellipse', 'font', 'g', 'glyph', 'glyphref', 'hkern', 'image', 'line', + 'lineargradient', 'marker', 'mask', 'mpath', 'path', 'pattern', + 'polygon', 'polyline', 'radialgradient', 'rect', 'set', 'stop', 'switch', 'symbol', + 'text', 'textpath', 'tref', 'tspan', 'use', 'view', 'vkern', 'filter', + // SVG Filters + 'feblend', 'fecolormatrix', 'fecomponenttransfer', 'fecomposite', + 'feconvolvematrix', 'fediffuselighting', 'fedisplacementmap', + 'feflood', 'fefunca', 'fefuncb', 'fefuncg', 'fefuncr', 'fegaussianblur', + 'feimage', 'femerge', 'femergenode', 'femorphology', 'feoffset', + 'fespecularlighting', 'fetile', 'feturbulence', ); /* Ignore these HTML tags and their content */ @@ -110,13 +123,41 @@ 'bordercolordark', 'face', 'marginwidth', 'marginheight', 'axis', 'border', 'abbr', 'char', 'charoff', 'clear', 'compact', 'coords', 'vspace', 'hspace', 'cellborder', 'size', 'lang', 'dir', 'usemap', 'shape', 'media', + 'background', 'src', 'poster', 'href', // attributes of form elements - 'type', 'rows', 'cols', 'disabled', 'readonly', 'checked', 'multiple', 'value' + 'type', 'rows', 'cols', 'disabled', 'readonly', 'checked', 'multiple', 'value', + // SVG + 'accent-height', 'accumulate', 'additive', 'alignment-baseline', 'alphabetic', + 'ascent', 'attributename', 'attributetype', 'azimuth', 'basefrequency', 'baseprofile', + 'baseline-shift', 'begin', 'bias', 'by', 'clip', 'clip-path', 'clip-rule', + 'color', 'color-interpolation', 'color-interpolation-filters', 'color-profile', + 'color-rendering', 'cx', 'cy', 'd', 'dx', 'dy', 'diffuseconstant', 'direction', + 'display', 'divisor', 'dur', 'edgemode', 'elevation', 'end', 'fill', 'fill-opacity', + 'fill-rule', 'filter', 'flood-color', 'flood-opacity', 'font-family', 'font-size', + 'font-size-adjust', 'font-stretch', 'font-style', 'font-variant', 'font-weight', 'from', + 'fx', 'fy', 'g1', 'g2', 'glyph-name', 'glyphref', 'gradientunits', 'gradienttransform', + 'image-rendering', 'in', 'in2', 'k', 'k1', 'k2', 'k3', 'k4', 'kerning', 'keypoints', + 'keysplines', 'keytimes', 'lengthadjust', 'letter-spacing', 'kernelmatrix', + 'kernelunitlength', 'lighting-color', 'local', 'marker-end', 'marker-mid', + 'marker-start', 'markerheight', 'markerunits', 'markerwidth', 'maskcontentunits', + 'maskunits', 'max', 'mask', 'mode', 'min', 'numoctaves', 'offset', 'operator', + 'opacity', 'order', 'orient', 'orientation', 'origin', 'overflow', 'paint-order', + 'path', 'pathlength', 'patterncontentunits', 'patterntransform', 'patternunits', + 'points', 'preservealpha', 'r', 'rx', 'ry', 'radius', 'refx', 'refy', 'repeatcount', + 'repeatdur', 'restart', 'rotate', 'scale', 'seed', 'shape-rendering', 'show', 'specularconstant', + 'specularexponent', 'spreadmethod', 'stddeviation', 'stitchtiles', 'stop-color', + 'stop-opacity', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', + 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke', 'stroke-width', + 'surfacescale', 'targetx', 'targety', 'transform', 'text-anchor', 'text-decoration', + 'text-rendering', 'textlength', 'to', 'u1', 'u2', 'unicode', 'values', 'viewbox', + 'visibility', 'vert-adv-y', 'version', 'vert-origin-x', 'vert-origin-y', 'word-spacing', + 'wrap', 'writing-mode', 'xchannelselector', 'ychannelselector', 'x', 'x1', 'x2', + 'xmlns', 'y', 'y1', 'y2', 'z', 'zoomandpan', ); /* Elements which could be empty and be returned in short form (<tag />) */ static $void_elements = array('area', 'base', 'br', 'col', 'command', 'embed', 'hr', - 'img', 'input', 'keygen', 'link', 'meta', 'param', 'source', 'track', 'wbr' + 'img', 'input', 'keygen', 'link', 'meta', 'param', 'source', 'track', 'wbr', ); /* State for linked objects in HTML */ @@ -143,13 +184,15 @@ /* Max nesting level */ private $max_nesting_level; + private $is_xml = false; + /** * Class constructor */ public function __construct($p = array()) { - $this->_html_elements = array_flip((array)$p['html_elements']) + array_flip(self::$html_elements) ; + $this->_html_elements = array_flip((array)$p['html_elements']) + array_flip(self::$html_elements); $this->_html_attribs = array_flip((array)$p['html_attribs']) + array_flip(self::$html_attribs); $this->_ignore_elements = array_flip((array)$p['ignore_elements']) + array_flip(self::$ignore_elements); $this->_void_elements = array_flip((array)$p['void_elements']) + array_flip(self::$void_elements); @@ -186,22 +229,8 @@ foreach ($this->explode_style($str) as $val) { if (preg_match('/^url\(/i', $val)) { if (preg_match('/^url\(\s*[\'"]?([^\'"\)]*)[\'"]?\s*\)/iu', $val, $match)) { - $url = $match[1]; - if (($src = $this->config['cid_map'][$url]) - || ($src = $this->config['cid_map'][$this->config['base_url'].$url]) - ) { - $value .= ' url('.htmlspecialchars($src, ENT_QUOTES) . ')'; - } - else if (preg_match('!^(https?:)?//[a-z0-9/._+-]+$!i', $url, $m)) { - if ($this->config['allow_remote']) { - $value .= ' url('.htmlspecialchars($m[0], ENT_QUOTES).')'; - } - else { - $this->extlinks = true; - } - } - else if (preg_match('/^data:.+/i', $url)) { // RFC2397 - $value .= ' url('.htmlspecialchars($url, ENT_QUOTES).')'; + if ($url = $this->wash_uri($match[1])) { + $value .= ' url(' . htmlspecialchars($url, ENT_QUOTES) . ')'; } } } @@ -232,54 +261,137 @@ */ private function wash_attribs($node) { - $t = ''; - $washed = ''; - - foreach ($node->attributes as $key => $plop) { - $key = strtolower($key); - $value = $node->getAttribute($key); - - if (isset($this->_html_attribs[$key]) || - ($key == 'href' && ($value = trim($value)) - && !preg_match('!^(javascript|vbscript|data:text)!i', $value) - && preg_match('!^([a-z][a-z0-9.+-]+:|//|#).+!i', $value)) - ) { - $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"'; - } - else if ($key == 'style' && ($style = $this->wash_style($value))) { + $result = ''; + $washed = array(); + + foreach ($node->attributes as $name => $attr) { + $key = strtolower($name); + $value = $attr->nodeValue; + + if ($key == 'style' && ($style = $this->wash_style($value))) { // replace double quotes to prevent syntax error and XSS issues (#1490227) - $t .= ' style="' . str_replace('"', '"', $style) . '"'; + $result .= ' style="' . str_replace('"', '"', $style) . '"'; } - else if ($key == 'background' - || ($key == 'src' && preg_match('/^(img|source)$/i', $node->tagName)) - || ($key == 'poster' && strtolower($node->tagName) == 'video') - ) { - if (($src = $this->config['cid_map'][$value]) - || ($src = $this->config['cid_map'][$this->config['base_url'].$value]) - ) { - $t .= ' ' . $key . '="' . htmlspecialchars($src, ENT_QUOTES) . '"'; + else if (isset($this->_html_attribs[$key])) { + $value = trim($value); + $out = null; + + // in SVG to/from attribs may contain anything, including URIs + if ($key == 'to' || $key == 'from') { + $key = strtolower($node->getAttribute('attributeName')); + if ($key && !isset($this->_html_attribs[$key])) { + $key = null; + } + } + + if ($this->is_image_attribute($node->tagName, $key)) { + $out = $this->wash_uri($value, true); } - else if (preg_match('/^(http|https|ftp):.+/i', $value)) { - if ($this->config['allow_remote']) { - $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"'; + else if ($this->is_link_attribute($node->tagName, $key)) { + if (!preg_match('!^(javascript|vbscript|data:text)!i', $value) + && preg_match('!^([a-z][a-z0-9.+-]+:|//|#).+!i', $value) + ) { + $out = $value; } - else { - $this->extlinks = true; - if ($this->config['blocked_src']) { - $t .= ' ' . $key . '="' . htmlspecialchars($this->config['blocked_src'], ENT_QUOTES) . '"'; + } + else if ($this->is_funciri_attribute($node->tagName, $key)) { + if (preg_match('/^[a-z:]*url\(/i', $val)) { + if (preg_match('/^([a-z:]*url)\(\s*[\'"]?([^\'"\)]*)[\'"]?\s*\)/iu', $value, $match)) { + if ($url = $this->wash_uri($match[2])) { + $result .= ' ' . $attr->nodeName . '="' . $match[1] . '(' . htmlspecialchars($url, ENT_QUOTES) . ')' + . substr($val, strlen($match[0])) . '"'; + continue; + } } + else { + $out = $value; + } + } + else { + $out = $value; } } - else if (preg_match('/^data:.+/i', $value)) { // RFC2397 - $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"'; + else if ($key) { + $out = $value; + } + + if ($out !== null && $out !== '') { + $result .= ' ' . $attr->nodeName . '="' . htmlspecialchars($out, ENT_QUOTES) . '"'; + } + else if ($value) { + $washed[] = htmlspecialchars($attr->nodeName, ENT_QUOTES); } } else { - $washed .= ($washed ? ' ' : '') . $key; + $washed[] = htmlspecialchars($attr->nodeName, ENT_QUOTES); + } + } + + if (!empty($washed) && $this->config['show_washed']) { + $result .= ' x-washed="' . implode(' ', $washed) . '"'; + } + + return $result; + } + + /** + * Wash URI value + */ + private function wash_uri($uri, $blocked_source = false) + { + if (($src = $this->config['cid_map'][$uri]) + || ($src = $this->config['cid_map'][$this->config['base_url'].$uri]) + ) { + return $src; + } + + // allow url(#id) used in SVG + if ($uri[0] == '#') { + return $uri; + } + + if (preg_match('/^(http|https|ftp):.+/i', $uri)) { + if ($this->config['allow_remote']) { + return $uri; + } + + $this->extlinks = true; + if ($blocked_source && $this->config['blocked_src']) { + return $this->config['blocked_src']; } } + else if (preg_match('/^data:image.+/i', $uri)) { // RFC2397 + return $uri; + } + } + + /** + * Check it the tag/attribute may contain an URI + */ + private function is_link_attribute($tag, $attr) + { + return $tag == 'a' && $attr == 'href'; + } + + /** + * Check it the tag/attribute may contain an image URI + */ + private function is_image_attribute($tag, $attr) + { + return $attr == 'background' + || $attr == 'color-profile' // SVG + || ($attr == 'poster' && $tag == 'video') + || ($attr == 'src' && preg_match('/^(img|source)$/i', $tag)) + || ($tag == 'image' && $attr == 'href'); // SVG + } - return $t . ($washed && $this->config['show_washed'] ? ' x-washed="'.$washed.'"' : ''); + /** + * Check it the tag/attribute may contain a FUNCIRI value + */ + private function is_funciri_attribute($tag, $attr) + { + return in_array($attr, array('fill', 'filter', 'stroke', 'marker-start', + 'marker-end', 'marker-mid', 'clip-path', 'mask', 'cursor')); } /** @@ -322,14 +434,31 @@ } else if (isset($this->_html_elements[$tagName])) { $content = $this->dumpHtml($node, $level); - $dump .= '<' . $tagName . $this->wash_attribs($node) . - ($content === '' && isset($this->_void_elements[$tagName]) ? ' />' : ">$content</$tagName>"); + $dump .= '<' . $node->tagName; + + if ($tagName == 'svg') { + $xpath = new DOMXPath($node->ownerDocument); + foreach ($xpath->query('namespace::*') as $ns) { + if ($ns->nodeName != 'xmlns:xml') { + $dump .= ' ' . $ns->nodeName . '="' . $ns->nodeValue . '"'; + } + } + } + + $dump .= $this->wash_attribs($node); + + if ($content === '' && ($this->is_xml || isset($this->_void_elements[$tagName]))) { + $dump .= ' />'; + } + else { + $dump .= '>' . $content . '</' . $node->tagName . '>'; + } } else if (isset($this->_ignore_elements[$tagName])) { - $dump .= '<!-- ' . htmlspecialchars($tagName, ENT_QUOTES) . ' not allowed -->'; + $dump .= '<!-- ' . htmlspecialchars($node->tagName, ENT_QUOTES) . ' not allowed -->'; } else { - $dump .= '<!-- ' . htmlspecialchars($tagName, ENT_QUOTES) . ' ignored -->'; + $dump .= '<!-- ' . htmlspecialchars($node->tagName, ENT_QUOTES) . ' ignored -->'; $dump .= $this->dumpHtml($node, $level); // ignore tags not its content } break; @@ -375,12 +504,18 @@ // Detect max nesting level (for dumpHTML) (#1489110) $this->max_nesting_level = (int) @ini_get('xdebug.max_nesting_level'); + // SVG need to be parsed as XML + $this->is_xml = stripos($html, '<html') === false && stripos($html, '<svg') !== false; + $method = $this->is_xml ? 'loadXML' : 'loadHTML'; + $options = 0; + // Use optimizations if supported if (PHP_VERSION_ID >= 50400) { - @$node->loadHTML($html, LIBXML_PARSEHUGE | LIBXML_COMPACT); + $options = LIBXML_PARSEHUGE | LIBXML_COMPACT | LIBXML_NONET; + @$node->{$method}($html, $options); } else { - @$node->loadHTML($html); + @$node->{$method}($html); } return $this->dumpHtml($node); @@ -399,6 +534,8 @@ */ private function cleanup($html) { + $html = trim($html); + // special replacements (not properly handled by washtml class) $html_search = array( // space(s) between <NOBR> @@ -420,17 +557,19 @@ '', '<html>', ); + $html = preg_replace($html_search, $html_replace, trim($html)); - //-> Replace all of those weird MS Word quotes and other high characters + // Replace all of those weird MS Word quotes and other high characters $badwordchars = array( "\xe2\x80\x98", // left single quote "\xe2\x80\x99", // right single quote "\xe2\x80\x9c", // left double quote "\xe2\x80\x9d", // right double quote "\xe2\x80\x94", // em dash - "\xe2\x80\xa6" // elipses + "\xe2\x80\xa6" // elipses ); + $fixedwordchars = array( "'", "'", @@ -439,6 +578,7 @@ '—', '...' ); + $html = str_replace($badwordchars, $fixedwordchars, $html); // PCRE errors handling (#1486856), should we use something like for every preg_* use? @@ -484,7 +624,7 @@ $tagname = $matches[2]; $tagname = preg_replace(array( '/:.*$/', // Microsoft's Smart Tags <st1:xxxx> - '/[^a-z0-9_\[\]\!-]/i', // forbidden characters + '/[^a-z0-9_\[\]\!?-]/i', // forbidden characters ), '', $tagname); // fix invalid closing tags - remove any attributes (#1489446)
View file
roundcubemail-1.1.4.tar.gz/program/steps/addressbook/export.inc -> roundcubemail-1.1.5.tar.gz/program/steps/addressbook/export.inc
Changed
@@ -21,6 +21,8 @@ +-----------------------------------------------------------------------+ */ +$RCMAIL->request_security_check(rcube_utils::INPUT_GET); + // Use search result if (!empty($_REQUEST['_search']) && isset($_SESSION['search'][$_REQUEST['_search']])) { $sort_col = $RCMAIL->config->get('addressbook_sort_col', 'name'); @@ -98,6 +100,14 @@ $result = $CONTACTS->list_records(null, 0, true); } +// Give plugins a possibility to implement other output formats or modify the result +$plugin = $RCMAIL->plugins->exec_hook('addressbook_export', array('result' => $result)); +$result = $plugin['result']; + +if ($plugin['abort']) { + exit; +} + // send downlaod headers header('Content-Type: text/x-vcard; charset='.RCUBE_CHARSET); header('Content-Disposition: attachment; filename="contacts.vcf"');
View file
roundcubemail-1.1.4.tar.gz/program/steps/mail/compose.inc -> roundcubemail-1.1.5.tar.gz/program/steps/mail/compose.inc
Changed
@@ -643,8 +643,8 @@ $text = $html = $sql_arr['signature']; if ($sql_arr['html_signature']) { - $h2t = new rcube_html2text($html, false, true); - $text = trim($h2t->get_text()); + $text = $RCMAIL->html2text($html, array('links' => false)); + $text = trim($text); } else { $t2h = new rcube_text2html($text, false); @@ -858,9 +858,8 @@ if ($part->ctype_secondary == 'html') { // use html part if it has been used for message (pre)viewing // decrease line length for quoting - $len = $compose_mode == RCUBE_COMPOSE_REPLY ? $LINE_LENGTH-2 : $LINE_LENGTH; - $txt = new rcube_html2text($body, false, true, $len); - $body = $txt->get_text(); + $len = $compose_mode == RCUBE_COMPOSE_REPLY ? $LINE_LENGTH-2 : $LINE_LENGTH; + $body = $RCMAIL->html2text($body, array('width' => $len)); } else { if ($part->ctype_secondary == 'plain' && $part->ctype_parameters['format'] == 'flowed') { @@ -1043,7 +1042,7 @@ $suffix = '</blockquote>'; } else { - $suffix = '</blockquote><p></p>'; + $suffix = '</blockquote><p><br/></p>'; } }
View file
roundcubemail-1.1.4.tar.gz/program/steps/mail/func.inc -> roundcubemail-1.1.5.tar.gz/program/steps/mail/func.inc
Changed
@@ -884,8 +884,7 @@ $data['body'] = rcube_enriched::to_html($data['body']); } - $txt = new rcube_html2text($data['body'], false, true); - $body = $txt->get_text(); + $body = $RCMAIL->html2text($data['body']); $part->ctype_secondary = 'plain'; } // text/html
View file
roundcubemail-1.1.4.tar.gz/program/steps/mail/get.inc -> roundcubemail-1.1.5.tar.gz/program/steps/mail/get.inc
Changed
@@ -94,6 +94,11 @@ $mimetype = 'image/' . $imgtype; unlink($orig_name); } + else if (stripos($mimetype, 'image/svg') === 0) { + $content = rcmail_svg_filter(file_get_contents($orig_name)); + file_put_contents($cache_file, $content); + unlink($orig_name); + } else { rename($orig_name, $cache_file); } @@ -126,6 +131,10 @@ exit; } + // require CSRF protected url for downloads + if ($plugin['download']) + $RCMAIL->request_security_check(rcube_utils::INPUT_GET); + // overwrite modified vars from plugin $mimetype = $plugin['mimetype']; $extensions = rcube_mime::get_mime_extensions($mimetype); @@ -331,7 +340,7 @@ } // convert image to jpeg and send it to the browser - if ($saved) { + if ($sent = $saved) { $image = new rcube_image($file_path); if ($image->convert(rcube_image::TYPE_JPG, $file_path)) { header("Content-Length: " . filesize($file_path)); @@ -340,32 +349,8 @@ unlink($file_path); } } - // do content filtering to avoid XSS through fake images - else if (!empty($_REQUEST['_embed']) && $browser->ie && $browser->ver <= 8) { - if ($body) { - echo preg_match('/<(script|iframe|object)/i', $body) ? '' : $body; - $sent = true; - } - else if ($part->size) { - $stdout = fopen('php://output', 'w'); - stream_filter_register('rcube_content', 'rcube_content_filter') or die('Failed to register content filter'); - stream_filter_append($stdout, 'rcube_content'); - $sent = $MESSAGE->get_part_body($part->mime_id, true, 0, $stdout); - } - } - // send part as-it-is else { - if ($body && empty($plugin['download'])) { - header("Content-Length: " . strlen($body)); - echo $body; - $sent = true; - } - else if ($part->size) { - // Don't be tempted to set Content-Length to $part->d_parameters['size'] (#1490482) - // RFC2183 says "The size parameter indicates an approximate size" - - $sent = $MESSAGE->get_part_body($part->mime_id, false, 0, -1); - } + $sent = rcmail_message_part_output($body, $part, $mimetype, $plugin['download']); } // check connection status @@ -477,3 +462,79 @@ return html::iframe($attrib); } + +/** + * Output attachment body with content filtering + */ +function rcmail_message_part_output($body, $part, $mimetype, $download) +{ + global $MESSAGE, $RCMAIL; + + if (!$part->size && !$body) { + return false; + } + + $browser = $RCMAIL->output->browser; + $secure = stripos($mimetype, 'image/') === false || $download; + + // Remove <script> in SVG images + if (!$secure && stripos($mimetype, 'image/svg') === 0) { + if (!$body) { + $body = $MESSAGE->get_part_body($part->mime_id, false); + if (empty($body)) { + return false; + } + } + + echo rcmail_svg_filter($body); + return true; + } + + // Remove dangerous content in images for older IE (to be removed) + if (!$secure && $browser->ie && $browser->ver <= 8) { + if ($body) { + echo preg_match('/<(script|iframe|object)/i', $body) ? '' : $body; + return true; + } + else { + $stdout = fopen('php://output', 'w'); + stream_filter_register('rcube_content', 'rcube_content_filter') or die('Failed to register content filter'); + stream_filter_append($stdout, 'rcube_content'); + return $MESSAGE->get_part_body($part->mime_id, true, 0, $stdout); + } + } + + if ($body && !$download) { + header("Content-Length: " . strlen($body)); + echo $body; + return true; + } + + // Don't be tempted to set Content-Length to $part->d_parameters['size'] (#1490482) + // RFC2183 says "The size parameter indicates an approximate size" + + return $MESSAGE->get_part_body($part->mime_id, false, 0, -1); +} + +/** + * Remove <script> in SVG images + */ +function rcmail_svg_filter($body) +{ + // clean SVG with washhtml + $wash_opts = array( + 'show_washed' => false, + 'allow_remote' => false, + 'charset' => RCUBE_CHARSET, + 'html_elements' => array('title'), +// 'blocked_src' => 'program/resources/blocked.gif', + ); + + // initialize HTML washer + $washer = new rcube_washtml($wash_opts); + + // allow CSS styles, will be sanitized by rcmail_washtml_callback() + $washer->add_callback('style', 'rcmail_washtml_callback'); + + return $washer->wash($body); +}
View file
roundcubemail-1.1.4.tar.gz/program/steps/mail/sendmail.inc -> roundcubemail-1.1.5.tar.gz/program/steps/mail/sendmail.inc
Changed
@@ -359,12 +359,8 @@ $MAIL_MIME->setHTMLBody($plugin['body']); - // replace emoticons - $plugin['body'] = $RCMAIL->replace_emoticons($plugin['body']); - - // add a plain text version of the e-mail as an alternative part. - $h2t = new rcube_html2text($plugin['body'], false, true, 0, $message_charset); - $plainTextPart = rcube_mime::wordwrap($h2t->get_text(), $LINE_LENGTH, "\r\n", false, $message_charset); + $plainTextPart = $RCMAIL->html2text($plugin['body'], array('width' => 0, 'charset' => $message_charset)); + $plainTextPart = rcube_mime::wordwrap($plainTextPart, $LINE_LENGTH, "\r\n", false, $message_charset); $plainTextPart = wordwrap($plainTextPart, 998, "\r\n", true); // make sure all line endings are CRLF (#1486712)
View file
roundcubemail-1.1.4.tar.gz/program/steps/mail/viewsource.inc -> roundcubemail-1.1.5.tar.gz/program/steps/mail/viewsource.inc
Changed
@@ -19,6 +19,10 @@ +-----------------------------------------------------------------------+ */ +if (!empty($_GET['_save'])) { + $RCMAIL->request_security_check(rcube_utils::INPUT_GET); +} + ob_end_clean(); // similar code as in program/steps/mail/get.inc
View file
roundcubemail-1.1.4.tar.gz/program/steps/settings/func.inc -> roundcubemail-1.1.5.tar.gz/program/steps/settings/func.inc
Changed
@@ -748,7 +748,7 @@ ); } - if (!isset($no_override['dsn_default'])) { + if (!isset($no_override['dsn_default']) && $RCMAIL->config->get('smtp_server')) { if (!$current) { continue 2; }
View file
roundcubemail-1.1.4.tar.gz/program/steps/settings/save_prefs.inc -> roundcubemail-1.1.5.tar.gz/program/steps/settings/save_prefs.inc
Changed
@@ -123,6 +123,8 @@ case 'folders': $a_user_prefs = array( 'show_real_foldernames' => isset($_POST['_show_real_foldernames']) ? true : false, + // stop using SPECIAL-USE (#4782) + 'lock_special_folders' => !in_array('lock_special_folders', (array) $CONFIG['dont_override']), ); foreach (rcube_storage::$folder_types as $type) {
View file
roundcubemail-1.1.4.tar.gz/program/steps/utils/html2text.inc -> roundcubemail-1.1.5.tar.gz/program/steps/utils/html2text.inc
Changed
@@ -29,12 +29,11 @@ // Replace emoticon images with its text representation $html = $RCMAIL->replace_emoticons($html); -$do_links = (bool) rcube_utils::get_input_value('_do_links', rcube_utils::INPUT_GET); -$width = (int) rcube_utils::get_input_value('_width', rcube_utils::INPUT_GET); +$params['links'] = (bool) rcube_utils::get_input_value('_do_links', rcube_utils::INPUT_GET); +$params['width'] = (int) rcube_utils::get_input_value('_width', rcube_utils::INPUT_GET); -// Convert to text -$converter = new rcube_html2text($html, false, $do_links, $width); +$text = $RCMAIL->html2text($html, $params); -header('Content-Type: text/plain; charset=UTF-8'); -print rtrim($converter->get_text()); +header('Content-Type: text/plain; charset=' . RCUBE_CHARSET); +print $text; exit;
View file
roundcubemail-1.1.4.tar.gz/tests/Framework/StringReplacer.php -> roundcubemail-1.1.5.tar.gz/tests/Framework/StringReplacer.php
Changed
@@ -39,6 +39,7 @@ array('https://github.com/a/b/compare/3a0f82...1f4b2a after', '<a href="https://github.com/a/b/compare/3a0f82...1f4b2a">https://github.com/a/b/compare/3a0f82...1f4b2a</a> after'), array('http://<test>', 'http://<test>'), array('http://', 'http://'), + array('test@www.test', '<a href="mailto:test@www.test">test@www.test</a>'), array('1@1.com www.domain.tld', '<a href="mailto:1@1.com">1@1.com</a> <a href="http://www.domain.tld">www.domain.tld</a>'), array(' www.domain.tld ', ' <a href="http://www.domain.tld">www.domain.tld</a> '), array(' www.domain.tld/#!download|856p1|2 ', ' <a href="http://www.domain.tld/#!download|856p1|2">www.domain.tld/#!download|856p1|2</a> '),
View file
roundcubemail-1.1.4.tar.gz/tests/Framework/Washtml.php -> roundcubemail-1.1.5.tar.gz/tests/Framework/Washtml.php
Changed
@@ -213,4 +213,43 @@ $this->assertTrue(strpos($washed, $exp) !== false, "Style quotes XSS issue (#1490227)"); } + + /** + * Test SVG cleanup + */ + function test_style_wash_svg() + { + $svg = '<?xml version="1.0" standalone="no"?> +<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> +<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cc="http://creativecommons.org/ns#" viewBox="0 0 100 100"> + <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400" onmouseover="alert(1)" /> + <text x="50" y="68" font-size="48" fill="#FFF" text-anchor="middle"><![CDATA[410]]></text> + <script type="text/javascript"> + alert(document.cookie); + </script> + <text x="10" y="25" >An example text</text> + <a xlink:href="http://www.w.pl"><rect width="100%" height="100%" /></a> + <foreignObject xlink:href="data:text/xml,%3Cscript xmlns=\'http://www.w3.org/1999/xhtml\'%3Ealert(1)%3C/script%3E"/> + <set attributeName="onmouseover" to="alert(1)"/> + <animate attributeName="onunload" to="alert(1)"/> + <animate attributeName="xlink:href" begin="0" from="javascript:alert(1)" /> +</svg>'; + + $exp = '<svg xmlns:cc="http://creativecommons.org/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://www.w3.org/2000/svg" version="1.1" baseProfile="full" viewBox="0 0 100 100"> + <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400" x-washed="onmouseover" /> + <text x="50" y="68" font-size="48" fill="#FFF" text-anchor="middle">410</text> + <!-- script not allowed --> + <text x="10" y="25">An example text</text> + <a xlink:href="http://www.w.pl"><rect width="100%" height="100%" /></a> + <!-- foreignObject ignored --> + <set attributeName="onmouseover" x-washed="to" /> + <animate attributeName="onunload" x-washed="to" /> + <animate attributeName="xlink:href" begin="0" x-washed="from" /> +</svg>'; + + $washer = new rcube_washtml; + $washed = $washer->wash($svg); + + $this->assertSame($washed, $exp, "SVG content"); + } }
View file
roundcubemail.dsc
Changed
@@ -2,7 +2,7 @@ Source: roundcubemail Binary: roundcubemail Architecture: all -Version: 1:1.1.4-0~kolab1 +Version: 1:1.1.5-0~kolab1 Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org> Uploaders: Vincent Bernat <bernat@debian.org>, Romain Beauxis <toots@rastageeks.org>, Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>, Paul Klos <kolab@klos2day.nl> Homepage: http://www.roundcube.net/ @@ -13,5 +13,5 @@ Package-List: roundcubemail deb web extra Files: - 00000000000000000000000000000000 0 roundcubemail-1.1.4.tar.gz + 00000000000000000000000000000000 0 roundcubemail-1.1.5.tar.gz 00000000000000000000000000000000 0 debian.tar.gz
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.