Projects
Kolab:Winterfell
roundcubemail
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 202
View file
roundcubemail.spec
Changed
@@ -48,13 +48,13 @@ %global logdir /var/log/roundcubemail %global tmpdir /var/lib/roundcubemail -%global rc_version 1.4.3.29 +%global rc_version 1.4.4.14 #%%global rc_rel_suffix rc2.12 %global dot_rel_suffix %{?rc_rel_suffix:.%{rc_rel_suffix}} %global dash_rel_suffix %{?rc_rel_suffix:-%{rc_rel_suffix}} Name: roundcubemail -Version: 1.4.3.29 +Version: %{rc_version} Release: 1%{?dot_rel_suffix}%{?dist} @@ -3450,6 +3450,9 @@ %defattr(-,root,root,-) %changelog +* Mon May 11 2020 Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> - 1.4.4.14-1 +- Check in 14 revisions ahead of upstream 1.4.4 release + * Tue Apr 14 2020 Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> - 1.4.3.29-1 - Check in 29 revisions ahead of upstream 1.4.3 release
View file
debian.changelog
Changed
@@ -1,3 +1,9 @@ +roundcubemail (1.4.4.14-0~kolab1) unstable; urgency=low + + * Check in 14 revisions ahead of upstream 1.4.4 release + + -- Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> Mon, 11 May 2020 11:11:11 +0200 + roundcubemail (1.4.3.29-0~kolab1) unstable; urgency=low * Check in 29 revisions ahead of upstream 1.4.3 release
View file
roundcubemail-1.4.3.29.tar.gz/CHANGELOG -> roundcubemail-1.4.4.14.tar.gz/CHANGELOG
Changed
@@ -1,6 +1,17 @@ CHANGELOG Roundcube Webmail =========================== +- Fix bug in extracting required plugins from composer.json that led to spurious error in log (#7364) +- Fix so the database setup description is compatible with MySQL 8 (#7340) +- Markasjunk: Fix regression in jsevent driver (#7361) +- Fix missing flag indication on collapsed thread in Larry and Elastic (#7366) +- Fix default keyservers (use keys.openpgp.org), add note about CORS (#7373, #7367) +- Password: Fix issue with Modoboa driver (#7372) +- Mailvelope: Use sender's address to find pubkeys to check signatures (#7348) +- Mailvelope: Fix Encrypt button hidden in Elastic (#7353) + +RELEASE 1.4.4 +------------- - Fix bug where attachments with Content-Id were attached to the message on reply (#7122) - Fix identity selection on reply when both sender and recipient addresses are included in identities (#7211) - Elastic: Fix text selection with Shift+PageUp and Shift+PageDown in plain text editor when using Chrome (#7230) @@ -20,6 +31,15 @@ - Fix so imap error message is displayed to the user on folder create/update (#7245) - Fix bug where a special folder couldn't be created if a special-use flag is not supported (#7147) - Mailvelope: Fix bug where recipients with name were not handled properly in mail compose (#7312) +- Fix characters encoding in group rename input after group creation/rename (#7330) +- Fix bug where some message/rfc822 parts could not be attached on forward (#7323) +- Make install-jsdeps.sh script working without the 'file' program installed (#7325) +- Fix performance issue of parsing big HTML messages by disabling HTML5 parser for these (#7331) +- Fix so Print button for PDF attachments works on Firefox >= 75 (#5125) +- Security: Fix XSS issue in handling of CDATA in HTML messages +- Security: Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings +- Security: Fix local file inclusion (and code execution) via crafted 'plugins' option +- Security: Fix CSRF bypass that could be used to log out an authenticated user (#7302) RELEASE 1.4.3 -------------
View file
roundcubemail-1.4.3.29.tar.gz/INSTALL -> roundcubemail-1.4.4.14.tar.gz/INSTALL
Changed
@@ -106,9 +106,9 @@ roundcube user. Here is an example of that procedure: # mysql -> CREATE DATABASE roundcubemail /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */; -> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost - IDENTIFIED BY 'password'; +> CREATE DATABASE roundcubemail CHARACTER SET utf8 COLLATE utf8_general_ci; +> CREATE USER roundcube@localhost IDENTIFIED BY 'password'; +> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost; > quit # mysql roundcubemail < SQL/mysql.initial.sql
View file
roundcubemail-1.4.4.14.tar.gz/autogen.sh
Added
@@ -0,0 +1,15 @@ +#!/bin/bash + +git clean -d -f -x + +bin/install-jsdeps.sh +bin/install-jsdeps.sh + +pushd .. + +rm -rf roundcubemail-$1/ +cp -a roundcubemail.git roundcubemail-$1/ +rm -rf roundcubemail-$1/.git/ + +tar czvf roundcubemail-$1.tar.gz roundcubemail-$1 +
View file
roundcubemail-1.4.3.29.tar.gz/bin/install-jsdeps.sh -> roundcubemail-1.4.4.14.tar.gz/bin/install-jsdeps.sh
Changed
@@ -36,7 +36,6 @@ $CURL = trim(`which curl`); $WGET = trim(`which wget`); $UNZIP = trim(`which unzip`); -$FILEINFO = trim(`which file`); if (($CACHEDIR = getenv("CACHEDIR")) && is_writeable($CACHEDIR)) { // use $CACHEDIR @@ -154,19 +153,17 @@ */ function extract_filetype($package, &$filetype = null) { - global $FILEINFO, $CACHEDIR; + global $CACHEDIR; $filetype = pathinfo($package['url'], PATHINFO_EXTENSION) ?: 'tmp'; $cache_file = $CACHEDIR . '/' . $package['lib'] . '-' . $package['version'] . '.' . $filetype; - if (empty($FILEINFO)) { - rcube::raise_error("Required program 'file' not found.", false, true); - } - - // detect downloaded/cached file type - exec(sprintf('%s -b %s', $FILEINFO, $cache_file), $out); - if (stripos($out[0], 'zip') === 0) { - $filetype = 'zip'; + // Make sure it is a zip file + if (file_exists($cache_file)) { + $magic = file_get_contents($cache_file, false, null, 0, 4); + if ($magic === "PK\003\004") { + $filetype = 'zip'; + } } return $cache_file;
View file
roundcubemail-1.4.3.29.tar.gz/config/config.inc.php.sample -> roundcubemail-1.4.4.14.tar.gz/config/config.inc.php.sample
Changed
@@ -70,9 +70,9 @@ // Name your service. This is displayed on the login screen and in the window title $config['product_name'] = 'Roundcube Webmail'; -// this key is used to encrypt the users imap password which is stored -// in the session record (and the client cookie if remember password is enabled). -// please provide a string of exactly 24 chars. +// This key is used to encrypt the users imap password which is stored +// in the session record. For the default cipher method it must be +// exactly 24 characters long. // YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS $config['des_key'] = 'rcmail-!24ByteDESkey*Str';
View file
roundcubemail-1.4.3.29.tar.gz/config/defaults.inc.php -> roundcubemail-1.4.4.14.tar.gz/config/defaults.inc.php
Changed
@@ -537,6 +537,7 @@ // This key is used for encrypting purposes, like storing of imap password // in the session. For historical reasons it's called DES_key, but it's used // with any configured cipher_method (see below). +// For the default cipher_method a required key length is 24 characters. $config['des_key'] = 'rcmail-!24ByteDESkey*Str'; // Encryption algorithm. You can use any method supported by OpenSSL. @@ -840,8 +841,8 @@ ); // List of HKP key servers for PGP public key lookups in Enigma/Mailvelope -// Default: array("keys.fedoraproject.org", "keybase.io") -$config['keyservers'] = array(); +// Note: Lookup is client-side, so the server must support Cross-Origin Resource Sharing +$config['keyservers'] = array('keys.openpgp.org'); // ---------------------------------- // ADDRESSBOOK SETTINGS
View file
roundcubemail-1.4.3.29.tar.gz/index.php -> roundcubemail-1.4.4.14.tar.gz/index.php
Changed
@@ -2,7 +2,7 @@ /** +-------------------------------------------------------------------------+ | Roundcube Webmail IMAP Client | - | Version 1.4.3 | + | Version 1.4.4 | | | | Copyright (C) The Roundcube Dev Team | | | @@ -106,7 +106,9 @@ $pass_charset = $RCMAIL->config->get('password_charset', 'UTF-8'); // purge the session in case of new login when a session already exists - $RCMAIL->kill_session(); + if ($request_valid) { + $RCMAIL->kill_session(); + } $auth = $RCMAIL->plugins->exec_hook('authenticate', array( 'host' => $RCMAIL->autoselect_host(), @@ -180,13 +182,15 @@ $RCMAIL->plugins->exec_hook('login_failed', array( 'code' => $error_code, 'host' => $auth['host'], 'user' => $auth['user'])); - $RCMAIL->kill_session(); + if (!isset($_SESSION['user_id'])) { + $RCMAIL->kill_session(); + } } } // end session else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id'])) { - $RCMAIL->request_security_check($mode = rcube_utils::INPUT_GET); + $RCMAIL->request_security_check(rcube_utils::INPUT_GET | rcube_utils::INPUT_POST); $userdata = array( 'user' => $_SESSION['username'],
View file
roundcubemail-1.4.3.29.tar.gz/installer/index.php -> roundcubemail-1.4.4.14.tar.gz/installer/index.php
Changed
@@ -3,7 +3,7 @@ /** +-------------------------------------------------------------------------+ | Roundcube Webmail setup tool | - | Version 1.4.3 | + | Version 1.4.4 | | | | Copyright (C) The Roundcube Dev Team | | |
View file
roundcubemail-1.4.3.29.tar.gz/plugins/markasjunk/drivers/jsevent.php -> roundcubemail-1.4.4.14.tar.gz/plugins/markasjunk/drivers/jsevent.php
Changed
@@ -34,6 +34,12 @@ public function init() { + $rcmail = rcmail::get_instance(); + + // only execute this code on page load + if ($rcmail->output->type != 'html') + return; + $js_addition_spam_folders = json_encode($this->addition_spam_folders); $js_suspicious_folders = json_encode($this->suspicious_folders); @@ -44,7 +50,7 @@ // ignore this special code when in a multifolder listing if (rcmail.is_multifolder_listing()) - return; + return; if ($.inArray(rcmail.env.mailbox, addition_spam_folders) > -1) { props.disp.spam = false; @@ -58,14 +64,13 @@ props.objs.spamobj.find('a > span').text('As possibly spam'); } else { - props.objs.spamobj.find('a > span').text(rcmail.get_label('markasjunk.markasjunk')); + props.objs.spamobj.find('a > span').text(rcmail.get_label('markasjunk.markasjunk')); } return props; }); EOL; - $rcmail = rcmail::get_instance(); $rcmail->output->add_script($script, 'docready'); }
View file
roundcubemail-1.4.3.29.tar.gz/plugins/password/drivers/modoboa.php -> roundcubemail-1.4.4.14.tar.gz/plugins/password/drivers/modoboa.php
Changed
@@ -82,6 +82,7 @@ // Encode json with new password $ret['username'] = $decoded[0]->username; + $ret['mailbox'] = $decoded[0]->mailbox; $ret['role'] = $decoded[0]->role; $ret['password'] = $passwd; // new password $encoded = json_encode($ret);
View file
roundcubemail-1.4.3.29.tar.gz/program/include/iniset.php -> roundcubemail-1.4.4.14.tar.gz/program/include/iniset.php
Changed
@@ -20,7 +20,7 @@ */ // application constants -define('RCMAIL_VERSION', '1.4.3'); +define('RCMAIL_VERSION', '1.4.4'); define('RCMAIL_START', microtime(true)); if (!defined('INSTALL_PATH')) {
View file
roundcubemail-1.4.3.29.tar.gz/program/js/app.js -> roundcubemail-1.4.4.14.tar.gz/program/js/app.js
Changed
@@ -405,16 +405,8 @@ this.enable_command('image-scale', 'image-rotate', !!/^image\//.test(this.env.mimetype)); // Mozilla's PDF.js viewer does not allow printing from host page (#5125) - // to minimize user confusion we disable the Print button - if (bw.mz && this.env.mimetype == 'application/pdf') { - n = 0; // there will be two onload events, first for the preload page - $(this.gui_objects.messagepartframe).on('load', function() { - if (n++) try { if (this.contentWindow.document) ref.enable_command('print', true); } - catch (e) {/* ignore */} - }); - } - else - this.enable_command('print', true); + // to minimize user confusion we disable the Print button on Firefox < 75 + this.enable_command('print', this.env.mimetype != 'application/pdf' || !bw.mz || bw.vendver >= 75); if (this.env.is_message) { this.enable_command('reply', 'reply-all', 'edit', 'viewsource', @@ -4023,7 +4015,7 @@ ref.display_message(error.message, 'error'); }; - mailvelope.createDisplayContainer(selector, data, keyring, { showExternalContent: this.env.safemode }).then(function(status) { + mailvelope.createDisplayContainer(selector, data, keyring, { senderAddress: this.env.sender }).then(function(status) { if (status.error && status.error.message) { return error_handler(status.error); } @@ -6760,7 +6752,7 @@ var key = 'G'+prop.source+prop.id, link = $('<a>').attr({href: '#', rel: prop.source + ':' + prop.id}) .click(function() { return ref.command('listgroup', prop, this); }) - .html(prop.name); + .text(prop.name); this.env.contactfolders[key] = this.env.contactgroups[key] = prop; this.treelist.insert({ id:key, html:link, classes:['contactgroup'] }, prop.source, 'contactgroup'); @@ -6796,11 +6788,11 @@ newnode.id = newkey; newnode.html = $('<a>').attr({href: '#', rel: prop.source + ':' + prop.newid}) .click(function() { return ref.command('listgroup', newprop, this); }) - .html(prop.name); + .text(prop.name); } // update displayed group name else { - $(this.treelist.get_item(key)).children().first().html(prop.name); + $(this.treelist.get_item(key)).children().first().text(prop.name); this.env.contactfolders[key].name = this.env.contactgroups[key].name = prop.name; if (prop.source == this.env.source && prop.id == this.env.group)
View file
roundcubemail-1.4.3.29.tar.gz/program/js/common.js -> roundcubemail-1.4.4.14.tar.gz/program/js/common.js
Changed
@@ -418,7 +418,7 @@ atom = '[^\\x00-\\x20\\x22\\x28\\x29\\x2c\\x2e\\x3a-\\x3c\\x3e\\x40\\x5b-\\x5d\\x7f-\\xff]+', quoted_pair = '\\x5c[\\x00-\\x7f]', quoted_string = '\\x22('+qtext+'|'+quoted_pair+')*\\x22', - ipv4 = '\\[(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}\\]', + ipv4 = '\\[(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(\\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}\\]', ipv6 = '\\[IPv6:[0-9a-f:.]+\\]', ip_addr = '(' + ipv4 + ')|(' + ipv6 + ')', // Use simplified domain matching, because we need to allow Unicode characters here @@ -436,7 +436,7 @@ '\\u0909\\u0926\\u093e\\u0939\\u0930\\u0923\\x2e\\u092a\\u0930\\u0940\\u0915\\u094d\\u0937\\u093e', '\\u4f8b\\u3048\\x2e\\u30c6\\u30b9\\u30c8', '\\uc2e4\\ub840\\x2e\\ud14c\\uc2a4\\ud2b8', - '\\u0645\\u062b\\u0627\\u0644\\x2e\\u0622\\u0632\\u0645\\u0627\\u06cc\\u0634\u06cc', + '\\u0645\\u062b\\u0627\\u0644\\x2e\\u0622\\u0632\\u0645\\u0627\\u06cc\\u0634\\u06cc', '\\u043f\\u0440\\u0438\\u043c\\u0435\\u0440\\x2e\\u0438\\u0441\\u043f\\u044b\\u0442\\u0430\\u043d\\u0438\\u0435', '\\u0b89\\u0ba4\\u0bbe\\u0bb0\\u0ba3\\u0bae\\u0bcd\\x2e\\u0baa\\u0bb0\\u0bbf\\u0b9f\\u0bcd\\u0b9a\\u0bc8', '\\u05d1\\u05f2\\u05b7\\u05e9\\u05e4\\u05bc\\u05d9\\u05dc\\x2e\\u05d8\\u05e2\\u05e1\\u05d8'
View file
roundcubemail-1.4.3.29.tar.gz/program/lib/Roundcube/bootstrap.php -> roundcubemail-1.4.4.14.tar.gz/program/lib/Roundcube/bootstrap.php
Changed
@@ -58,7 +58,7 @@ } // framework constants -define('RCUBE_VERSION', '1.4.3'); +define('RCUBE_VERSION', '1.4.4'); define('RCUBE_CHARSET', 'UTF-8'); define('RCUBE_TEMP_FILE_PREFIX', 'RCMTEMP');
View file
roundcubemail-1.4.3.29.tar.gz/program/lib/Roundcube/rcube_image.php -> roundcubemail-1.4.4.14.tar.gz/program/lib/Roundcube/rcube_image.php
Changed
@@ -158,7 +158,8 @@ 'size' => $width . 'x' . $height, ); - $result = rcube::exec($convert . ' 2>&1 -flatten -auto-orient -colorspace sRGB -strip' + $result = rcube::exec(escapeshellcmd($convert) + . ' 2>&1 -flatten -auto-orient -colorspace sRGB -strip' . ' -quality {quality} -resize {size} {intype}:{in} {type}:{out}', $p); } // use PHP's Imagick class @@ -323,7 +324,8 @@ $p['out'] = $filename; $p['type'] = self::$extensions[$type]; - $result = rcube::exec($convert . ' 2>&1 -colorspace sRGB -strip -flatten -quality 75 {in} {type}:{out}', $p); + $result = rcube::exec(escapeshellcmd($convert) + . ' 2>&1 -colorspace sRGB -strip -flatten -quality 75 {in} {type}:{out}', $p); if ($result === '') { chmod($filename, 0600); @@ -419,7 +421,7 @@ // use ImageMagick in command line if ($cmd = $rcube->config->get('im_identify_path')) { $args = array('in' => $this->image_file, 'format' => "%m %[fx:w] %[fx:h]"); - $id = rcube::exec($cmd. ' 2>/dev/null -format {format} {in}', $args); + $id = rcube::exec(escapeshellcmd($cmd) . ' 2>/dev/null -format {format} {in}', $args); if ($id) { return explode(' ', strtolower($id));
View file
roundcubemail-1.4.3.29.tar.gz/program/lib/Roundcube/rcube_plugin_api.php -> roundcubemail-1.4.4.14.tar.gz/program/lib/Roundcube/rcube_plugin_api.php
Changed
@@ -164,6 +164,14 @@ $plugins_dir = unslashify($dir->path); } + // Validate the plugin name to prevent from path traversal + if (preg_match('/[^a-zA-Z0-9_-]/', $plugin_name)) { + rcube::raise_error(array('code' => 520, + 'file' => __FILE__, 'line' => __LINE__, + 'message' => "Invalid plugin name: $plugin_name"), true, false); + return false; + } + // plugin already loaded? if (!$this->plugins[$plugin_name]) { $fn = "$plugins_dir/$plugin_name/$plugin_name.php"; @@ -237,7 +245,7 @@ /** * Get information about a specific plugin. - * This is either provided my a plugin's info() method or extracted from a package.xml or a composer.json file + * This is either provided by a plugin's info() method or extracted from a package.xml or a composer.json file * * @param string Plugin name * @return array Meta information about a plugin or False if plugin was not found @@ -283,6 +291,14 @@ $fn = unslashify($dir->path) . "/$plugin_name/$plugin_name.php"; $info = false; + // Validate the plugin name to prevent from path traversal + if (preg_match('/[^a-zA-Z0-9_-]/', $plugin_name)) { + rcube::raise_error(array('code' => 520, + 'file' => __FILE__, 'line' => __LINE__, + 'message' => "Invalid plugin name: $plugin_name"), true, false); + return false; + } + if (!class_exists($plugin_name, false)) { if (is_readable($fn)) { include($fn); @@ -300,17 +316,29 @@ if (!$info) { $composer = INSTALL_PATH . "/plugins/$plugin_name/composer.json"; if (is_readable($composer) && ($json = @json_decode(file_get_contents($composer), true))) { + // Build list of plugins required + $require = array(); + foreach (array_keys((array) $json['require']) as $dname) { + if (!preg_match('|^([^/]+)/([a-zA-Z0-9_-]+)$|', $dname, $m)) { + continue; + } + + $vendor = $m[1]; + $name = $m[2]; + + if ($name != 'plugin-installer' && $vendor != 'pear' && $vendor != 'pear-pear') { + $dpath = unslashify($dir->path) . "/$name/$name.php"; + if (is_readable($dpath)) { + $require[] = $name; + } + } + } + list($info['vendor'], $info['name']) = explode('/', $json['name']); $info['version'] = $json['version']; $info['license'] = $json['license']; $info['uri'] = $json['homepage']; - $info['require'] = array_filter(array_keys((array)$json['require']), function($pname) { - if (strpos($pname, '/') == false) { - return false; - } - list($vendor, $name) = explode('/', $pname); - return !($name == 'plugin-installer' || $vendor == 'pear-pear'); - }); + $info['require'] = $require; } // read local composer.lock file (once)
View file
roundcubemail-1.4.3.29.tar.gz/program/lib/Roundcube/rcube_washtml.php -> roundcubemail-1.4.4.14.tar.gz/program/lib/Roundcube/rcube_washtml.php
Changed
@@ -548,9 +548,6 @@ break; case XML_CDATA_SECTION_NODE: - $dump .= $node->nodeValue; - break; - case XML_TEXT_NODE: $dump .= htmlspecialchars($node->nodeValue, ENT_COMPAT | ENT_HTML401 | ENT_SUBSTITUTE, $this->config['charset']); break; @@ -595,7 +592,11 @@ $method = $this->is_xml ? 'loadXML' : 'loadHTML'; // DOMDocument does not support HTML5, try Masterminds parser if available - if (!$this->is_xml && class_exists('Masterminds\HTML5')) { + if (!$this->is_xml && class_exists('Masterminds\HTML5') + // HTML5 parser is slow with content that contains a lot of tags + // disable it for such cases (https://github.com/Masterminds/html5-php/issues/181) + && substr_count($html, '<') < 10000 + ) { try { $html5 = new Masterminds\HTML5(); $node = $html5->loadHTML($this->fix_html5($html));
View file
roundcubemail-1.4.3.29.tar.gz/program/steps/addressbook/groups.inc -> roundcubemail-1.4.4.14.tar.gz/program/steps/addressbook/groups.inc
Changed
@@ -92,8 +92,6 @@ } if ($created && $OUTPUT->ajax_call) { - $created['name'] = rcube::Q($created['name']); - $OUTPUT->show_message('groupcreated', 'confirmation'); $OUTPUT->command('insert_contact_group', array('source' => $source) + $created); } @@ -120,7 +118,7 @@ if ($newname && $OUTPUT->ajax_call) { $OUTPUT->show_message('grouprenamed', 'confirmation'); $OUTPUT->command('update_contact_group', array( - 'source' => $source, 'id' => $gid, 'name' => rcube::Q($newname), 'newid' => $newgid)); + 'source' => $source, 'id' => $gid, 'name' => $newname, 'newid' => $newgid)); } else if (!$newname) { $OUTPUT->show_message($plugin['message'] ?: 'errorsaving', 'error');
View file
roundcubemail-1.4.3.29.tar.gz/program/steps/mail/compose.inc -> roundcubemail-1.4.4.14.tar.gz/program/steps/mail/compose.inc
Changed
@@ -958,7 +958,12 @@ $messages[] = $part->mime_id; } - if ($part->disposition == 'attachment' || ($part->disposition == 'inline' && $bodyIsHtml) || $part->filename) { + if ( + $part->disposition == 'attachments' + || ($part->disposition == 'inline' && $bodyIsHtml) + || $part->filename + || $part->mimetype == 'message/rfc822' + ) { // skip parts that aren't valid attachments if ($part->ctype_primary == 'multipart' || $part->mimetype == 'application/ms-tnef') { continue;
View file
roundcubemail-1.4.3.29.tar.gz/public_html/index.php -> roundcubemail-1.4.4.14.tar.gz/public_html/index.php
Changed
@@ -3,7 +3,7 @@ /* +-----------------------------------------------------------------------+ | Roundcube Webmail IMAP Client | - | Version 1.4.3 | + | Version 1.4.4 | | | | Copyright (C) The Roundcube Dev Team | | |
View file
roundcubemail-1.4.3.29.tar.gz/skins/elastic/styles/widgets/lists.less -> roundcubemail-1.4.4.14.tar.gz/skins/elastic/styles/widgets/lists.less
Changed
@@ -721,6 +721,12 @@ content: @fa-var-flag; } + tr.flaggedroot:not(:hover) span.unflagged:before { + &:extend(.font-icon-class); + content: @fa-var-flag; + color: @color-list-icon; + } + tr:hover span.unflagged:before { &:extend(.font-icon-class); .font-icon-regular(@fa-var-flag);
View file
roundcubemail-1.4.3.29.tar.gz/skins/elastic/ui.js -> roundcubemail-1.4.4.14.tar.gz/skins/elastic/ui.js
Changed
@@ -1558,9 +1558,7 @@ case 'compose-encrypted': // show the toolbar button for Mailvelope - if (args.status) { - $('.toolbar a.encrypt').parent().show(); - } + $('.toolbar a.encrypt').parent().show(); break; case 'compose-encrypted-signed':
View file
roundcubemail-1.4.3.29.tar.gz/skins/larry/mail.css -> roundcubemail-1.4.4.14.tar.gz/skins/larry/mail.css
Changed
@@ -401,7 +401,7 @@ } /* thread parent message with flagged children */ -.messagelist tbody tr.flaggedroot .flag span { +.messagelist tr.flaggedroot td.flag span.unflagged { background-position: -23px -1076px; }
View file
roundcubemail-1.4.3.29.tar.gz/tests/Framework/Washtml.php -> roundcubemail-1.4.4.14.tar.gz/tests/Framework/Washtml.php
Changed
@@ -506,4 +506,17 @@ $this->assertContains('First line', $washed); } + + /** + * Test CDATA cleanup + */ + function test_cdata() + { + $html = '<p><![CDATA[<script>alert(document.cookie)</script>]]></p>'; + + $washer = new rcube_washtml; + $washed = $washer->wash($html); + + $this->assertTrue(strpos($washed, '<script>') === false, "CDATA content"); + } }
View file
roundcubemail.dsc
Changed
@@ -2,7 +2,7 @@ Source: roundcubemail Binary: roundcubemail Architecture: all -Version: 1:1.4.3.29-0~kolab1 +Version: 1:1.4.4.14-0~kolab1 Maintainer: Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> Uploaders: Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> Homepage: http://www.roundcube.net/ @@ -14,5 +14,5 @@ roundcubemail deb web extra roundcubemail-core deb web extra Files: - 00000000000000000000000000000000 0 roundcubemail-1.4.3.29.tar.gz + 00000000000000000000000000000000 0 roundcubemail-1.4.4.14.tar.gz 00000000000000000000000000000000 0 debian.tar.gz
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.