Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Remove development stuff and update versions to 0.3.1

  • Loading branch information...
commit 7e76b00fec07bf5cb799065aedfeb1266f76481b 1 parent a11da80
@thomascube thomascube authored
View
593 CHANGELOG
@@ -47,596 +47,3 @@ CHANGELOG RoundCube Webmail
- Password Plugin: Fix %d inserts username instead of domain (#1486088)
- Fix rcube_mdb2::affected_rows() (#1486082)
-RELEASE 0.3-stable
-------------------
-- Fix gn and givenName should be synonymous in LDAP addressbook (#1485892)
-- Add mail_domain to LDAP email entries without @ sign (#1485201)
-- Fix saving empty values in LDAP contact data (#1485781)
-- Fix LDAP contact update when RDN field is changed (#1485788)
-- Fix LDAP attributes case senitivity problems (#1485830)
-- Fix LDAP addressbook browsing when only one directory is used (#1486022)
-- Fix endless loop on error response for APPEND command (#1486060)
-- Don't require date.timezone setting in installer (#1485989)
-- Fix date sorting problem with Courier IMAP server (#1486065)
-- Unselect pressed buttons on mouse up (#1485987)
-- Don't set php_value error_log in .htaccess but mention in INSTALL (#1485924)
-- Fix too small status/flag/attachment columns in Safari 4 (#1486063)
-- Fix selection disabling while dragging splitter in webkit browsers (#1486056)
-- Added 'new_messages' plugin hook (#1486005)
-- Added 'logout_after' plugin hook (#1486042)
-- Added 'message_compose' hook
-- Added 'imap_connect' hook (#1485956)
-- Fix vcard_attachments plugin (#1486035)
-- Updated PEAR::Auth_SASL to 1.0.3 version
-- Use sequence names only with PostgreSQL (#1486018)
-- Re-designed User Preferences interface
-- Fix MS SQL DDL (#1486020)
-- Fix rcube_mdb2.php: call to setCharset not implemented in mssql driver (#1486019)
-- Added 'display_next' option
-- Fix rcube_mdb2::unixtimestamp for MS SQL (#1486015)
-- Fix HTML washing to respect character encoding
-- Fix endless loop in iil_C_Login() with Courier IMAP (#1486010)
-- Fix #messagemenu display on IE (#1486006)
-- Speedup UI by using sprites for (toolbar) buttons
-- Fix charset names with X- prefix handling
-- Fix displaying of HTML messages with unknown/malformed tags (#1486003)
-
-RELEASE 0.3-RC1
----------------
-- Fix import of vCard entries with params (#1485453)
-- Fix HTML messages output with empty block elements (#1485974)
-- Use request tokens to protect POST requests from CSFR
-- Added hook when killing a session
-- Added hook to write_log function (#1485971)
-- Performance improvements by use UID commands (#1485690)
-- Fix HTML editor tabIndex setting (#1485972)
-- Added 'imap_debug' and 'smtp_debug' options
-- Support strftime's format modifiers in date_* options (#1484806)
-- Support %h variable in 'smtp_server' option (#1485766)
-- Show SMTP errors in browser (#1485927)
-- Allow WBR tag in HTML message (#1485960)
-- Use spl_autoload_register() instead of __autoload (#1485947)
-- Add hook for identities listing (#1485958)
-- Trigger hook 'smtp_connect' when opening an SMTP connection (#1485954)
-- Added config option to enforce HTTPS connections
-- Fix non-unicode characters caching in unicode database (#1484608)
-- Performance improvements of messages caching
-- Fix empty Date header issue (#1485923)
-- Open collapsed folders during drag & drop (#1485914)
-- Fixed link text replacements (#1485789)
-- Also trigger 'insertrow' events on page load (#1485826)
-- No link on subject in IE browsers (#1484913)
-- Fixed filename encoding according to RFC2231 (#1485875)
-- Added message Edit feature (#1483891, #1484440)
-- Fix message Etag generation for counter issues (#1485623)
-- Fix messages searching on MailEnable IMAP (#1485762)
-- Fixed many 'skip_deleted' issues (#1485634)
-- Fixed messages list sorting on servers without SORT capability
-- Colorized signatures in plain text messages
-- Reviewed/fixed skip_deleted/read_when_deleted/flag_for_deletion options handling in UI
-- Fix displaying of big maximum upload filesize (#1485889)
-- Added possibility to invert messages selection
-- After move/delete from 'show' action display next message instead of messages list (#1485887)
-- Fixed problem with double quote at the end of folder name (#1485884)
-- Speedup UI by using CSS sprites and etags/expires/deflate in Apache config (#1484858,#1485800)
-- Support UID EXPUNGE: remove only moved/deleted messages
-- Add drag cancelling with ESC key (#1484344)
-- Support initial identity name from virtuser_query (#1484003)
-- Added message menu, removed Print and Source buttons
-- Added possibility to save message as .eml file (#1485861)
-- Added 1 minute interval in autosave options (#1485854)
-- Support UTF-7 encoding in messages (#1485832)
-- Better support for malformed character names (#1485758)
-
-RELEASE 0.3-BETA
-----------------
-- Plugin API + jQuery engine
-- Added possibility to encrypt received header, option 'http_received_header_encrypt',
- added some more logic in encrypt/decrypt functions for security
-- Fix Answered/Forwarded flag setting for messages in subfolders
-- Fix autocomplete problem with capital letters (#1485792)
-- Support UUencode content encoding (#1485839)
-- Minimize chance of race condition in session handling (#1485659, #1484678)
-- Fix session handling on non-session SQL query error (#1485734)
-- Fix html editor mode setting when reopening draft message (#1485834)
-- Added quick search box menu (#1484304)
-- Fix wrong column sort order icons (#1485823)
-- Updated TinyMCE to 3.2.3 version
-- Fix attachment names encoding when charset isn't specified in attachment part (#1484969)
-- Fix message normal priority problem (#1485820)
-- Fix autocomplete spinning wheel does not disappear (#1485804)
-- Added log_date_format option (#1485709)
-- Fix text wrapping in HTML editor after switching from plain text to HTML (#1485521)
-- Fix auto-complete function hangs with plus sign (#1485815)
-- Fix AJAX requests errors handler (#1485000)
-- Speed up message list displaying on IE
-- Fix read/write database recognition (#1485811)
-
-RELEASE 0.2.2
--------------
-- Fix quicksearchbox look in Chrome and Konqueror (#1484841)
-- Fix UTF-8 byte-order mark removing (#1485514)
-- Fix folders subscribtions on Konqueror (#1484841)
-- Fix debug console on Konqueror and Safari
-- Fix messagelist focus issue when modifying status of selected messages (#1485807)
-- Support STARTTLS in IMAP connection (#1485284)
-- Fix DEL key problem in search boxes (#1485528)
-- Support several e-mail addresses per user from virtuser_file (#1485678)
-- Fix drag&drop with scrolling on IE (#1485786)
-- Fix adding signature separator in html mode (#1485350)
-- Fix opening attachment marks message as read (#1485803)
-- Fix 'temp_dir' does not support relative path under Windows (#1484529)
-- Fix "Initialize Database" button missing from installer (#1485802)
-- Fix compose window doesn't fit 1024x768 window (#1485396)
-- Fix service not available error when pressing back from compose dialog (#1485552)
-- Fix using mail() on Windows (#1485779)
-- Fix word wrapping in message-part's <PRE>s for printing (#1485787)
-- Fix incorrect word wrapping in outgoing plaintext multibyte messages (#1485714)
-- Fix double footer in HTML message with embedded images
-- Fix TNEF implementation bug (#1485773)
-- Fix incorrect row id parsing for LDAP contacts list (#1485784)
-- Fix 'mode' parameter in sqlite DSN (#1485772)
-
-RELEASE 0.2.1
-------------------
-- Use US-ASCII as failover when Unicode searching fails (#1485762)
-- Fix errors handling in IMAP command continuations (#1485762)
-- Fix FETCH result parsing for servers returning flags at the end of result (#1485763)
-- Fix datetime columns defaults in mysql's DDL (#1485641)
-- Fix attaching more than nine inline images (#1485759)
-- Support 'UNICODE-1-1-UTF-7' alias for UTF-7 encoding (#1485758)
-- Fix mime-type detection using a hard-coded map (#1485311)
-- Don't return empty string if charset conversion failed (#1485757)
-- Disable concurrent autocomplete query results display (#1485743)
-- Fix new lines stripped from message footer (#1485751)
-- Fix IE problem with mouse click autocomplete (#1485739)
-- Fix html body washing on reply/forward + fix attachments handling (#1485676)
-- Fix multiple recipients input parsing (#1485733)
-- Fix replying to message with html attachment (#1485676)
-- Use default_charset for messages without specified charset (#1485661, #1484961)
-- Support non-standard "GMT-XXXX" literal in date header (#1485729)
-- Added TNEF support to decode MS Outlook attachments (winmail.dat)
-- Fix "value continuation" MIME headers by adding required semicolon (#1485727)
-- Fix pressing select all/unread multiple times (#1485723)
-- Fix selecting all unread does not honor new messages (#1485724)
-- Fix some base64 encoded attachments handling (#1485725)
-- Support NGINX as IMAP backend: better BAD response handling (#1485720)
-- Performance fix: don't fetch attachment parts headers twice to parse filename
-- Fix checking for recent messages on various IMAP servers (#1485702)
-- Performance fix: Don't fetch quota and recent messages in "message view" mode
-- Fix displaying of alternative-inside-alternative messages (#1485713)
-- Fix MDNSent flag checking, use arbitrary keywords (asterisk) flag (#1485706)
-- Fix creation of folders with '&' sign in name
-- Fix parsing of email addresses without angle brackets (#1485693)
-- Save spellcheck corrections when switching from plain to html editor (and spellchecking is on)
-- Fix large search results on server without SORT capability (#1485668)
-- Get rid of preg_replace() with eval modifier and create_function usage (#1485686)
-- Bring back <base> and <link> tags in HTML messages
-- Fix XSS vulnerability through background attributes as reported by Julien Cayssol
-- Fix problems with backslash as IMAP hierarchy delimiter (#1484467)
-- Secure vcard export by getting rid of preg's 'e' modifier use (#1485689)
-- Fix authentication when submitting form with existing session (#1485679)
-- Allow absolute URLs to images in HTML messages/sigs (#1485666)
-- Fix message body which contains both inline attachments and emotions
-- Fix SQL query execution errors handling in rcube_mdb2 class (#1485509)
-- Fix address names with '@' sign handling (#1485654)
-- Improve messages display performance
-- Fix messages searching with 'to:' modifier
-
-RELEASE 0.2-STABLE
-------------------
-- Fix mark popup in IE 7 (#1485369)
-- Fix line-break issue when copy & paste in Firefox (#1485425)
-- Fix autocomplete "unknown server error" (#1485637)
-- Fix STARTTLS before AUTH in SMTP connection (#1484883)
-- Support multiple quota values in QUOTAROOT resonse (#1485626)
-- Only abbreviate file name for IE < 7 browsers (#1485063)
-- Performance: allow setting imap rootdir and delimiter before connect (#1485172)
-- Fix sorting of folders with more than 2 levels (#1485569)
-- Fix search results page jumps in LDAP addressbook (#1485253)
-- Fix empty line before the signature in IE (#1485351)
-- Fix horizontal scrollbar in preview pane on IE (#1484633)
-- Add Robots meta tag in login page and installer (#1484846)
-- Added 'show_images' option, removed 'addrbook_show_images' (#1485597)
-- Option to check for new mails in all folders (#1484374)
-- Don't set client busy when checking for new messages (#1485276)
-- Allow UTF-8 folder names in config (#1485579)
-- Add junk_mbox option configuration in installer (#1485579)
-- Do serverside addressbook queries for autocompletion (#1485531)
-- Allow setting attachment col position in 'list_cols' option
-- Allow override 'list_cols' via skin (#1485577)
-- Fix 'cache' table cleanup on session destroy (#1485516)
-- Increase speed of session destroy and garbage clean up
-- Fix session timeout when DB server got clock skew (#1485490)
-- Fix handling of some malformed messages (#1484438)
-- Speed up raw message body handling
-- Better HTML entities conversion in html2text (#1485519)
-- Fix big memory consumption and speed up searching on servers without SORT capability
-- Fix setting locale to tr_TR, ku and az_AZ (#1485470)
-- Use SORT for searching on servers with SORT capability
-- Added message status filter
-- Fix empty file sending (#1485389)
-- Improved searching with many criterias (calling one SEARCH command)
-- Fix HTML editor initialization on IE (#1485304)
-- Add warning when switching editor mode from html to plain (#1485488)
-- Make identities list scrollable (#1485538)
-- Fix problem with numeric folder names (#1485527)
-- Added BYE response simple support to prevent from endless loops in imap.inc (#1483956)
-- Fix unread message unintentionally marked as read if read_when_deleted=true (#1485409)
-- Remove port number from SERVER_NAME in smtp_helo_host (#1485518)
-- Don't send disposition notification receipts for messages marked as 'read' (#1485523)
-- Added 'keep_alive' and 'min_keep_alive' options (#1485360)
-- Added option 'identities_level', removed 'multiple_identities'
-- Allow deleting identities when multiple_identities=false (#1485435)
-- Added option focus_on_new_message (#1485374)
-- Fix html2text class autoloading on Windows (#1485505)
-- Fix html signature formatting when identity save error occured (#1485426)
-- Add feedback and set busy when moving folder (#1485497)
-- Fix 'Empty' link visibility for some languages e.g. Slovak (#1485489)
-- Fix messages count bar overlapping (#1485270)
-- Fix adding signature in drafts compose mode (#1485484)
-- Fix iil_C_Sort() to support very long and/or divided responses (#1485283)
-- Fix matching case sensitivity when setting identity on reply (#1485480)
-- Prefer default identity on reply
-- Fix imap searching on ISMail server (#1485466)
-- Add css class for flagged messages (#1485464)
-- Write username instead of id in sendmail log (#1485477)
-- Fix htmlspecialchars() use for PHP version < 5.2.3 (#1485475)
-- Fix js keywords escaping in json_serialize() for IE/Opera (#1485472)
-- Added bin/killcache.php script (#1485434)
-- Add support for SJIS, GB2312, BIG5 in rc_detect_encoding()
-- Fix vCard file encoding detection for non-UTF-8 strings (#1485410)
-- Add 'skip_deleted' option in User Preferences (#1485445)
-- Minimize "inline" javascript scripts use (#1485433)
-- Fix css class setting for folders with names matching defined classes names (#1485355)
-- Fix race conditions when changing mailbox
-- Fix spellchecking when switching to html editor (#1485362)
-- Fix compose window width/height (#1485396)
-- Allow calling msgimport.sh/msgexport.sh from any directory (#1485431)
-- Localized filesize units (#1485340)
-- Better handling of "no identity" and "no email in identity" situations (#1485117)
-- Added 'mime_param_folding' option with possibility to choose long/non-ascii attachment names encoding eg. to be readable in MS Outlook/OE (#1485320)
-- Added "advanced options" feature in User Preferences
-- Fix unread counter when displaying cached massage in preview panel (#1485290)
-- Fix htmleditor spellchecking on MS Windows (#1485397)
-- Fix problem with non-ascii attachment names in Mail_mime (#1485267, #1485096)
-- Fix language autodetection (#1485401)
-- Fix button label in folders management (#1485405)
-- Fix collapsed folder not indicating unread msgs count of all subfolders (#1485403)
-- Fix handling of apostrophes in filenames decoded according to rfc2231
-
-RELEASE 0.2-BETA
-----------------
-- Made config files location configurable (#1485215)
-- Reduced memory footprint when forwarding attachments (#1485345)
-- Allow and use spellcheck attribute for input/textarea fields (#1485060)
-- Added icons for forwarded/forwarded+replied messages (#1485257)
-- Added Reply-To to forwarded emails (#1485315)
-- Display progress message for folders create/delete/rename (#1485357)
-- Smart Tags and NOBR tag support in html messages (#1485363, #1485327)
-- Redesign of the identities settings (#1484042)
-- Add config option to disable creation/deletion of identities (#1484498)
-- Added 'sendmail_delay' option to restrict messages sending interval (#1484491)
-- Added vertical splitter for folders list resizing
-- Added possibility to view all headers in message view
-- Fixed splitter drag/resize on Opera (#1485170)
-- Fixed quota img height/width setting from template (#1484857)
-- Refactor drag & drop functionality. Don't rely on browser events anymore (#1484453)
-- Insert "virtual" folders in subscription list (#1484779)
-- Added link to open message in new window
-- Enable export of address book contacts as vCard
-- Add feature to import contacts from vcard files (#1326103)
-- Respect Content-Location headers in multipart/related messages according to RFC2110 (#1484946)
-- Allowed max. attachment size now indicated in compose screen (#1485030)
-- Also capture backspace key in list mode (#1484566)
-- Allow application/pgp parts to be displayed (#1484753)
-- Correctly handle options in mailto-links (#1485228)
-- Immediately save sort_col/sort_order in user prefs (#1485265)
-- Truncate very long (above 50 characters) attachment filenames when displaying
-- Allow to auto-detect client language if none set (#1484434)
-- Auto-detect the client timezone (user configurable)
-- Add RFC2231 header value continuations support for attachment filenames + hack for servers that not support that feature
-- Fix Reply-To header displaying (#1485314)
-- Mark form buttons that provide the most obvious operation (mainaction)
-- Added option 'quota_zero_as_unlimited' (#1484604)
-- Added PRE handling in html2text class (#1484740)
-- Added folder hierarchy collapsing
-- Added options to use syslog instead of log file (#1484850)
-- Added Logging & Debugging section in Installer
-- Fix In-Reply-To and References headers when composing saved draft message (#1485288)
-- Fix html message charset conversion for charsets with underline (#1485287)
-- Fix buttons status after contacts deletion (#1485233)
-- Fix escaping of To: and From: fields when building message body for reply or forward in the HTML editor (#1484904)
-- Use current mailbox name in template (#1485256)
-- Better fix for skipping untagged responses (#1485261)
-- Added pspell support patch by Kris Steinhoff (#1483960)
-- Enable spellchecker for HTML editor (#1485114)
-- Respect spellcheck_uri in tinyMCE spellchecker (#1484196)
-- Case insensitive contacts searching using PostgreSQL (#1485259)
-- Make default imap folders configurable for each user (#1485075)
-- Save outgoing mail to selectable folder (#1324581)
-- Fix hiding of mark menu when clicking th button again (#1484944)
-- Use long date format in print mode (#1485191)
-- Updated TinyMCE to version 3.1.0.1
-- Re-enable autocomplete attribute for login form (#1485211)
-- Check PERMANENTFLAGS before saving $MDNSent flag (#1484963, #1485163)
-- Added flag column on messages list (#1484623)
-- Patched Mail/MimePart.php (http://pear.php.net/bugs/bug.php?id=14232)
-- Allow trash/junk subfolders to be purged (#1485085)
-- Store compose parameters in session and redirect to a unique URL
-- Fixed CRAM-MD5 authentication (#1484819)
-- Fixed forwarding messages with one HTML attachment (#1484442)
-- Fixed encoding of message/rfc822 attachments and image/pjpeg handling (#1484914)
-- Added option to select skin in user preferences
-- Added option to configure displaying of attached images below the message body
-- Added option to display images in messages from known senders (#1484601)
-- User preferences grouped in more fieldsets
-- Fix corrupted MIME headers of messages in Sent folder (#1485111)
-- Fixed bug in MDB2 package: http://pear.php.net/bugs/bug.php?id=14124
-- Use keypress instead of keydown to select list's row (#1484816)
-- Don't call expunge and don't remove message row after message move if flag_for_deletion is set to true (#1485002)
-
-RELEASE 0.2-ALPHA
------------------
-- Added option to disable autocompletion from selected LDAP address books (#1484922)
-- TLS support in LDAP connections: 'use_tls' property (#1485104)
-- Fixed removing messages from search set after deleting them (#1485106)
-- imap.inc: Fixed iil_C_FetchStructureString() to handle many
- literal strings in response (#1484969)
-- Support for subfolders in default/protected folders (#1484665)
-- Disallowed delimiter in folder name (#1484803)
-- Support " and \ in folder names
-- Escape \ in login (#1484614)
-- Better HTML sanitization with the DOM-based washtml script (#1484701)
-- Fixed sorting of folders with non-ascii characters
-- Fixed Mysql DDL for default identities creation (#1485070)
-- In Preferences added possibility to configure 'read_when_deleted',
- 'mdn_requests', 'flag_for_deletion' options
-- Made IMAP auth type configurable (#1483825)
-- Fixed empty values with FROM_UNIXTIME() in rcube_mdb2 (#1485055)
-- Fixed attachment list on IE 6/7 (#1484807)
-- Fixed JavaScript in compose.html that shows cc/bcc fields if populated
-- Make password input fields of type password in installer (#1484886)
-- Don't attempt to delete cache entries if enable_caching is FALSE (#1485051)
-- Optimized messages sorting on servers without sort capability (#1485049)
-- Corrected message headers decoding when charset isn't specified and improved
- support for native languages (#1485050, #1485048)
-- Expanded LDAP configuration options to support LDAP server writes.
-- Installer: encode special characters in DB username/password (#1485042)
-- Fixed management of folders with national characters in names (#1485036, #1485001)
-- Fixed identities saving when using MDB2 pgsql driver (#1485032)
-- Fixed BCC header reset (#1484997)
-- Improved messages list performance - patch from Justin Heesemann
-- Append skin_path to images location only when it starts with '/' sign (#1484859)
-- Fix IMAP response in message body when message has no body (#1484964)
-- Fixed non-RFC dates formatting (#1484901)
-- Fixed typo in set_charset() (#1484991)
-- Decode entities when inserting HTML signature to plain text message (#1484990)
-- HTML editing is now working with PHP5 updates and TinyMCE v3.0.6
-- Fixed signature loading on Windows (#1484545)
-- Added language support to HTML editing (#1484862)
-- Fixed remove signature when replying (#1333167)
-- Fixed problem with line with a space at the end (#1484916)
-- Fixed <!DOCTYPE> tag filtering (#1484391)
-- Fixed <?xml> tag filtering (#1484403)
-- Added sections (fieldset+label) in Settings interface
-- Mark as read in one action with message preview (#1484972)
-- Deleted redundant quota reads (#1484972)
-- Added options for empty trash and expunge inbox on logout (#1483863)
-- Removed lines wrapping when displaying message
-- Fixed month localization
-- Changed codebase to PHP5 with autoloader
-
-RELEASE 0.1.1
--------------
-- Clear selection when selecting single item (#1484942)
-- Remove hard-coded image size in skin templates (#1484893)
-- Database schema improvements (dropped unnecessary indexes)
-- Fixed creating a new folder with a comma in its name (#1484681)
-- Fixed sorting of messages when default mailbox is empty (#1484317)
-- Improve message previewpane - less loading (#1484316)
-- Fixed login form autoompletion (#1484839)
-- Fixed virtuser_query option for mdb2 backend (#1484874)
-- Fixed attachment resoting from Drafts when message body was empty (#1484506)
-- Fixed usage of ob_gzhandler (#1484851)
-- Fixed message part window in IE6 (#1484610)
-- Fixed decoding of mime-encoded strings (#1484191)
-- Fixed some iconv/mb_string problems (#1484598)
-- Correctly quote mailbox name when using in URL (#1484313)
-- Fixed "headers already sent" errors (#1484860)
-
-RELEASE 0.1-STABLE
-------------------
-- Added interactive installer script
-- Fix folder adding/renaming inspired by #1484800
-- Localize folder name in page title (#1484785)
-- Fix code using wrong variable name (#1484018)
-- Allow to send mail with BCC recipients only
-- condense TinyMCE toolbar down to one line, removing table buttons (#1484747)
-- Add function to mark the selected messages as read/unread (#1457360)
-- Also do charset decoding as suggested in RFC 2231 (fix #1484321)
-- Show message count in folder list and hint when creating a subfolder
-- Distinguish ssl and tls for imap connections (#1484667)
-- Added some charset aliases to fix typical mis-labelling (#1484565)
-- Remember decision to display images for a certain message during session (#1484754)
-- Truncate attachment filenames to 55 characters due to an IE bug (#1484757)
-- Make sending of read receipts configurable
-- Respect config when localize folder names (#1484707)
-- Also respect receipt and priority settings when re-opening a draft message
-- Remember search results (closes #1483883), patch by the_glu
-- Add Received header on outgoing mail
-- Upgrade to TinyMCE 2.1.3
-- Allow inserting image attachments into HTML messages while composing (#1484557)
-- Implement Message-Disposition-Notification (Receipts)
-- Fix overriding of session vars when register_globals is on (#1484670)
-- Fix bug with case-sensitive folder names (#1484245)
-- Don't create default folders by default
-- Fixed some potential security risks (audited by Andris)
-- Only show new messages if they match the current search (#1484176)
-- Switch to/from when searcing in Sent folder (#1484555)
-- Correctly read the References header (#1484646)
-- Unset old cookie before sending a new value (#1484639)
-- Correctly decode attachments when downloading them (#1484645 and #1484642)
-- Suppress IE errors when clearing attachments form (#1484356)
-- Log error when login fails due to auto_create_user turned off
-- Filter linked/imported CSS files (closes #1484056)
-- Improve message compose screen (closes #1484383)
-- Select next row after removing one from list (#1484387)
-
-RELEASE 0.1-RC2
----------------
-- Enable drag-&-dropping of folders to a new parent and allow to create subfolders (#1457344)
-- Suppress IE errors when clearing attachments form (#1484356)
-- Set preferences field in user table to NULL (#1484386)
-- Log error when login fails due to auto_create_user turned off
-- Filter linked/imported CSS files (closes #1484056)
-- Improve message compose screen (closes #1484383)
-- Select next row after removing one from list (#1484387)
-- Make smtp HELO/EHLO hostname configurable (#1484067)
-- IPv6 Compatability (#1484322), Patch #1484373
-- Unlock interface when message sending fails (#1484570)
-- Eval PHP code in template includes (if configured)
-- Show message when folder is empty. Mo more static text in table (#1484395)
-- Only display unread count in page title when new messages arrived
-- Fixed wrong delete button tooltip (#1483965)
-- Fixed charset encoding bug (#1484429)
-- Applied patch for LDAP version (#1484552)
-- Improved XHTML validation
-- Fix message list selection (#1484550)
-- Better fix lowercased usernames (#1484473)
-- Update pngbehavior Script as suggested in #1484490
-- Fixed moving/deleting messages when more than 1 is selected
-- Applied patch for LDAP contacts listing by Glen Ogilvie
-- Applied patch for more address fields in LDAP contacts (#1484402)
-- Add alternative for getallheaders() (fix #1484508)
-- Identify mailboxes case-sensitive
-- Sort mailbox list case-insensitive (closes #1484338)
-- Fix display of multipart messages from Apple Mail (closes #1484027)
-- Protect AJAX request from being fetched by a foreign site (XSS)
-- Make autocomplete for loginform configurable by the skin template
-- Fix compose function from address book (closes #1484426)
-- Added //IGNORE to iconv call (patch #1484420, closes #1484023)
-- Check if mbstring supports charset (#1484290 and #1484292)
-- Prefer iconv over mbstring (as suggested in #1484292)
-- Check filesize of template includes (#1484409)
-- Fixed bug with buttons not dimming/enabling properly after switching folders
-- Fixed compose window becoming unresponsive after saving a draft (#1484487)
-- Re-enabled "Back" button in compose window now that bug #1484487 is fixed
-- Fixed unresponsive interface issue when downloading attachments (#1484496)
-- Lowered status message time from 5 to 3 seconds to improve responsiveness
-- Raised .htaccess upload_max_filesize from 2M to 5M to differ from default php.ini
-- Increased "mailboxcontrols" mail.css width from 160 to 170px to fix non-english languages (#1484499)
-- Fix status message bug #1484464 with regard to #1484353
-- Fix address adding bug reported by David Koblas
-- Applied socket error patch by Thomas Mangin
-- Pass-by-reference workarround for PHP5 in sendmail.inc
-- Fixed buggy imap_root settings (closes #1484379)
-- Prevent default events on subject links (#1484399)
-- Use HTTP-POST requests for actions that change state
-
-RELEASE 0.1-RC1
----------------
-- Use global filters and bind username/ for Ldap searches (#1484159)
-- Hide quota display if imap server does not support it
-- Hide address groups if no LDAP servers configured
-- Add link to message subjects (closes #1484257)
-- Better SQL query for contact listing/search (closes #1484369)
-- Fixed marking as read in preview pane (closes #1484364)
-- CSS hack to display attachments correctly in IE6
-- Wrap message body text (closes #1484148)
-- LDAP access is back in address book (closes #1484087)
-- Added search function for contacts
-- New Template parsing and output encoding
-- Fixed bugs #1484119 and #1483978
-- Fixed message moving procedure (closes #1484308)
-- Fixed display of multiple attachments (closes #1466563)
-- Fixed check for new messages (closes #1484310)
-- List attachments without filename
-- New session authentication: Change sessid cookie when login, authentication with sessauth cookie is now configurable.
- Should close bugs #1483951 and #1484299
-- Correctly translate mailbox names (closes #1484276)
-- Quote e-mail address links (closes #1484300)
-- Updated PEAR::Mail_mime package
-- Accept single quotes for HTML attributes when modifying message body (thanks Jason)
-- Sanitize input for new users/identities (thanks Colin Alston)
-- Don't download HTML message parts
-- Convert HTML parts to plaintext if 'prefer_html' is off
-- Correctly parse message/rfc822 parts (closes #1484045)
-- Also use user_id for unique key in messages table (closes #1484074)
-- Hide contacts drop down on blur (closes #1484203)
-- Make entries in contacts drop down clickable
-- Turn off browser autocompletion on login page
-- Quote <? in text/html message parts
-- Hide border around radio buttons
-- Applied patch for attachment download by crichardson (closes #1484198)
-- Fixed bug in Postgres DB handling (closes #1484068)
-- Fixed bug of invalid calls to fetchRow() in rcube_db.inc (closes #1484280)
-- Fixed array_merge bug (closes #1484281)
-- Fixed flag for deletion in list view (closes #1484264)
-- Finally support semicolons as recipient separator (closes ##1484251)
-- Fixed message headers (subject) encoding
-- check if safe mode is on or not (closes #1484269)
-- Show "no subject" in message list if subject is missing (closes #1484243)
-- Solved page caching of message preview (closes #1484153)
-- Only use gzip compression if configured (closes #1484236)
-- Fixed priority selector issue (#1484150)
-- Fixed some CSS issues in default skin (closes #1484210 and #1484161)
-- Prevent from double quoting of numeric HTML character references (closes #1484253)
-- Fixed display of HTML message attachments (closes #1484178)
-- Applied patch for preview caching (closes #1484186)
-- Added error handling for attachment uploads
-- Use multibyte safe string functions where necessary (closes #1483988)
-- Applied security patch to validate the submitted host value (by Kees Cook)
-- Applied security patch to validate input values when deleting contacts (by Kees Cook)
-- Applied security patch that sanitizes emoticon paths when attaching them (by Kees Cook)
-- Applied a patch to more aggressively sanitize a HTML message
-- Visualize blocked images in HTML messages
-- Fixed wrong message listing when showing search results (closes #1484131)
-- Show remote images when opening HTML message part as attachment
-- Improve memory usage when sending mail (closes #1484098)
-- Mark messages as read once the preview is loaded (closes #1484132)
-- Include smtp final response in log (closes #1484081)
-- Corrected date string in sent message header (closes #1484125)
-- Correclty choose "To" column in sent and draft mailboxes (closes #1483943)
-- Changed srong tooltips for message browse buttons (closes #1483930)
-- Fixed signature delimeter character to be standard (Bug #1484035)
-- Fixed XSS vulnerability (Bug #1484109)
-- Remove newlines from mail headers (Bug #1484031)
-- Selection issues when moving/deleting (Bug #1484044)
-- Applied patch of Clement Moulin for imap host auto-selection
-- ISO-encode IMAP password for plaintext login (Bugs #1483977 & #1483886)
-- Fixed folder name encoding in subscription list (Bug #1484113)
-- Fixed JS errors in identity list (Bug #1484120)
-- Translate foldernames in folder form (closes #1484113)
-- Added first and last buttons to message list, address book
- and message detail
-- Pressing Shift-Del bypasses Trash folder
-- Enable purge command for Junk folder
-- Fetch all aliases if virtuser_query is used instead
-- Re-enabled multi select of contacts (Bug #1484017)
-- Enable contact editing right after creation (Bug #1459641)
-- Correct UTF-7 to UTF-8 conversion if mbstring is not available
-- Fixed IMAP fetch of message body (Bug #1484019)
-- Fixed safe_mode problems (Bug #1418381)
-- Fixed wrong header encoding (Bug #1483976)
-- Made automatic draft saving configurable
-- Fixed JS bug when renaming folders (Bug #1483989)
-- Added quota display as image (by Brett Patterson)
-- Corrected creation of a message-id
-- New indentation for quoted message text
-- Improved HTML validity
-- Fixed URL character set (Ticket #1445501)
-- Fixed saving of contact into MySQL from LDAP query results (Ticket #1483820)
-- Fixed folder renaming: unsubscribe before rename (Bug #1483920)
-- Finalized new message parsing (+ chaching)
-- Fixed wrong usage of mbstring (Bug #1462439)
-- Set default spelling language (Ticket #1483938)
-- Added support for Nox Spell Server
-- Re-built message parsing (Bug #1327068)
- Now based on the message structure delivered by the IMAP server.
-- Fixed some XSS and SQL injection issues
-- Fixed charset problems with folder renaming
-
-
-
-
View
9 README
@@ -1,15 +1,6 @@
RoundCube Webmail (http://roundcube.net)
-ATTENTION
----------
-This is just a snapshot of the current SVN repository and is NOT A STABLE
-version of RoundCube. Unlike the latest release this version requires PHP 5
-and does not work on a webserver with PHP 4. It's not recommended to
-replace an existing installation of RoundCube with this version. Also using
-a separate database for this installation is highly recommended.
-
-
Introduction:
-------------
RoundCube Webmail is a browser-based multilingual IMAP client with an
View
101 bin/dumpschema.php
@@ -1,101 +0,0 @@
-#!/usr/bin/env php
-<?php
-/*
-
- +-----------------------------------------------------------------------+
- | bin/dumpschema.php |
- | |
- | This file is part of the RoundCube Webmail client |
- | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland |
- | Licensed under the GNU GPL |
- | |
- | PURPOSE: |
- | Dumps database schema in XML format using MDB2_Schema |
- | |
- +-----------------------------------------------------------------------+
- | Author: Thomas Bruederli <roundcube@gmail.com> |
- +-----------------------------------------------------------------------+
-
- $Id$
-
-*/
-
-if (php_sapi_name() != 'cli') {
- die('Not on the "shell" (php-cli).');
-}
-
-define('INSTALL_PATH', realpath(dirname(__FILE__) . '/..') . '/' );
-require INSTALL_PATH.'program/include/iniset.php';
-
-/** callback function for schema dump **/
-function print_schema($dump)
-{
- foreach ((array)$dump as $part)
- echo $dump . "\n";
-}
-
-$config = new rcube_config();
-
-// don't allow public access if not in devel_mode
-if (!$config->get('devel_mode') && $_SERVER['REMOTE_ADDR']) {
- header("HTTP/1.0 401 Access denied");
- die("Access denied!");
-}
-
-$options = array(
- 'use_transactions' => false,
- 'log_line_break' => "\n",
- 'idxname_format' => '%s',
- 'debug' => false,
- 'quote_identifier' => true,
- 'force_defaults' => false,
- 'portability' => false,
-);
-
-$dsnw = $config->get('db_dsnw');
-$dsn_array = MDB2::parseDSN($dsnw);
-
-// set options for postgres databases
-if ($dsn_array['phptype'] == 'pgsql') {
- $options['disable_smart_seqname'] = true;
- $options['seqname_format'] = '%s';
-}
-
-$schema =& MDB2_Schema::factory($dsnw, $options);
-$schema->db->supported['transactions'] = false;
-
-
-// send as text/xml when opened in browser
-if ($_SERVER['REMOTE_ADDR'])
- header('Content-Type: text/xml');
-
-
-if (PEAR::isError($schema)) {
- $error = $schema->getMessage() . ' ' . $schema->getUserInfo();
-}
-else {
- $dump_config = array(
- // 'output_mode' => 'file',
- 'output' => 'print_schema',
- );
-
- $definition = $schema->getDefinitionFromDatabase();
- $definition['charset'] = 'utf8';
-
- if (PEAR::isError($definition)) {
- $error = $definition->getMessage() . ' ' . $definition->getUserInfo();
- }
- else {
- $operation = $schema->dumpDatabase($definition, $dump_config, MDB2_SCHEMA_DUMP_STRUCTURE);
- if (PEAR::isError($operation)) {
- $error = $operation->getMessage() . ' ' . $operation->getUserInfo();
- }
- }
-}
-
-$schema->disconnect();
-
-if ($error && !$_SERVER['REMOTE_ADDR'])
- fputs(STDERR, $error);
-
-?>
View
34 bin/makedoc.sh
@@ -1,34 +0,0 @@
-#!/usr/bin/env bash
-
-if [ -z "$SSH_TTY" ]
-then
- if [ -z "$DEV_TTY" ]
- then
- echo "Not on the shell."
- exit 1
- fi
-fi
-
-TITLE="RoundCube Classes"
-PACKAGES="Core"
-
-INSTALL_PATH="`dirname $0`/.."
-PATH_PROJECT=$INSTALL_PATH/program/include
-PATH_DOCS=$INSTALL_PATH/doc/phpdoc
-BIN_PHPDOC="`/usr/bin/which phpdoc`"
-
-if [ ! -x "$BIN_PHPDOC" ]
-then
- echo "phpdoc not found: $BIN_PHPDOC"
- exit 1
-fi
-
-OUTPUTFORMAT=HTML
-CONVERTER=frames
-TEMPLATE=earthli
-PRIVATE=off
-
-# make documentation
-$BIN_PHPDOC -d $PATH_PROJECT -t $PATH_DOCS -ti "$TITLE" -dn $PACKAGES \
--o $OUTPUTFORMAT:$CONVERTER:$TEMPLATE -pp $PRIVATE
-
View
2  index.php
@@ -2,7 +2,7 @@
/*
+-------------------------------------------------------------------------+
| RoundCube Webmail IMAP Client |
- | Version 0.3-20090814 |
+ | Version 0.3.1-20091031 |
| |
| Copyright (C) 2005-2009, RoundCube Dev. - Switzerland |
| |
View
2  program/include/iniset.php
@@ -22,7 +22,7 @@
// application constants
-define('RCMAIL_VERSION', '0.3-trunk');
+define('RCMAIL_VERSION', '0.3.1');
define('RCMAIL_CHARSET', 'UTF-8');
define('JS_OBJECT_NAME', 'rcmail');
View
119 tests/mailfunc.php
@@ -1,119 +0,0 @@
-<?php
-
-/**
- * Test class to test steps/mail/func.inc functions
- *
- * @package Tests
- */
-class rcube_test_mailfunc extends UnitTestCase
-{
-
- function __construct()
- {
- $this->UnitTestCase('Mail body rendering tests');
-
- // simulate environment to successfully include func.inc
- $GLOBALS['RCMAIL'] = $RCMAIL = rcmail::get_instance();
- $GLOBALS['OUTPUT'] = $OUTPUT = $RCMAIL->load_gui();
- $RCMAIL->action = 'spell';
- $IMAP = $RCMAIL->imap;
-
- require_once 'steps/mail/func.inc';
-
- $GLOBALS['EMAIL_ADDRESS_PATTERN'] = $EMAIL_ADDRESS_PATTERN;
- }
-
- /**
- * Helper method to create a HTML message part object
- */
- function get_html_part($body)
- {
- $part = new rcube_message_part;
- $part->ctype_primary = 'text';
- $part->ctype_secondary = 'html';
- $part->body = file_get_contents(TESTS_DIR . $body);
- $part->replaces = array();
- return $part;
- }
-
- /**
- * Test sanitization of a "normal" html message
- */
- function test_html()
- {
- $part = $this->get_html_part('src/htmlbody.txt');
- $part->replaces = array('ex1.jpg' => 'part_1.2.jpg', 'ex2.jpg' => 'part_1.2.jpg');
-
- // render HTML in normal mode
- $html = rcmail_html4inline(rcmail_print_body($part, array('safe' => false)), 'foo');
-
- $this->assertPattern('/src="'.$part->replaces['ex1.jpg'].'"/', $html, "Replace reference to inline image");
- $this->assertPattern('#background="./program/blocked.gif"#', $html, "Replace external background image");
- $this->assertNoPattern('/ex3.jpg/', $html, "No references to external images");
- $this->assertNoPattern('/<meta [^>]+>/', $html, "No meta tags allowed");
- $this->assertNoPattern('/<style [^>]+>/', $html, "No style tags allowed");
- $this->assertNoPattern('/<form [^>]+>/', $html, "No form tags allowed");
- $this->assertPattern('/Subscription form/', $html, "Include <form> contents");
- $this->assertPattern('/<!-- input not allowed -->/', $html, "No input elements allowed");
- $this->assertPattern('/<!-- link not allowed -->/', $html, "No external links allowed");
- $this->assertPattern('/<a[^>]+ target="_blank">/', $html, "Set target to _blank");
- $this->assertTrue($GLOBALS['REMOTE_OBJECTS'], "Remote object detected");
-
- // render HTML in safe mode
- $html2 = rcmail_html4inline(rcmail_print_body($part, array('safe' => true)), 'foo');
-
- $this->assertPattern('/<style [^>]+>/', $html2, "Allow styles in safe mode");
- $this->assertPattern('#src="http://evilsite.net/mailings/ex3.jpg"#', $html2, "Allow external images in HTML (safe mode)");
- $this->assertPattern("#url\('http://evilsite.net/newsletter/image/bg/bg-64.jpg'\)#", $html2, "Allow external images in CSS (safe mode)");
-
- $css = '<link rel="stylesheet" type="text/css" href="./bin/modcss.php?u='.urlencode('http://anysite.net/styles/mail.css').'&amp;c=foo"';
- $this->assertPattern('#'.preg_quote($css).'#', $html2, "Filter external styleseehts with bin/modcss.php");
- }
-
- /**
- * Test the elimination of some trivial XSS vulnerabilities
- */
- function test_html_xss()
- {
- $part = $this->get_html_part('src/htmlxss.txt');
- $washed = rcmail_print_body($part, array('safe' => true));
-
- $this->assertNoPattern('/src="skins/', $washed, "Remove local references");
- $this->assertNoPattern('/\son[a-z]+/', $washed, "Remove on* attributes");
-
- $html = rcmail_html4inline($washed, 'foo');
- $this->assertNoPattern('/onclick="return rcmail.command(\'compose\',\'xss@somehost.net\',this)"/', $html, "Clean mailto links");
- $this->assertNoPattern('/alert/', $html, "Remove alerts");
- }
-
- /**
- * Test HTML sanitization to fix the CSS Expression Input Validation Vulnerability
- * reported at http://www.securityfocus.com/bid/26800/
- */
- function test_html_xss2()
- {
- $part = $this->get_html_part('src/BID-26800.txt');
- $washed = rcmail_print_body($part, array('safe' => true));
-
- $this->assertNoPattern('/alert|expression|javascript|xss/', $washed, "Remove evil style blocks");
- $this->assertNoPattern('/font-style:italic/', $washed, "Allow valid styles");
- }
-
- /**
- * Test links pattern replacements in plaintext messages
- */
- function test_plaintext()
- {
- $part = new rcube_message_part;
- $part->ctype_primary = 'text';
- $part->ctype_secondary = 'plain';
- $part->body = quoted_printable_decode(file_get_contents(TESTS_DIR . 'src/plainbody.txt'));
- $html = rcmail_print_body($part, array('safe' => true));
-
- $this->assertPattern('/<a href="mailto:nobody@roundcube.net" onclick="return rcmail.command\(\'compose\',\'nobody@roundcube.net\',this\)">nobody@roundcube.net<\/a>/', $html, "Mailto links with onclick");
- $this->assertPattern('#<a href="http://www.apple.com/legal/privacy/" target="_blank">http://www.apple.com/legal/privacy/</a>#', $html, "Links with target=_blank");
- }
-
-}
-
-?>
View
45 tests/modcss.php
@@ -1,45 +0,0 @@
-<?php
-
-/**
- * Test class to test rcmail_mod_css_styles and XSS vulnerabilites
- *
- * @package Tests
- */
-class rcube_test_modcss extends UnitTestCase
-{
-
- function __construct()
- {
- $this->UnitTestCase('CSS modification and vulnerability tests');
- }
-
- function test_modcss()
- {
- $css = file_get_contents(TESTS_DIR . 'src/valid.css');
- $mod = rcmail_mod_css_styles($css, 'rcmbody');
-
- $this->assertPattern('/#rcmbody div.rcmBody\s+\{/', $mod, "Replace body style definition");
- $this->assertPattern('/#rcmbody h1\s\{/', $mod, "Prefix tag styles (single)");
- $this->assertPattern('/#rcmbody h1, #rcmbody h2, #rcmbody h3, #rcmbody textarea\s+\{/', $mod, "Prefix tag styles (multiple)");
- $this->assertPattern('/#rcmbody \.noscript\s+\{/', $mod, "Prefix class styles");
- }
-
- function test_xss()
- {
- $mod = rcmail_mod_css_styles("body.main2cols { background-image: url('../images/leftcol.png'); }", 'rcmbody');
- $this->assertEqual("/* evil! */", $mod, "No url() values allowed");
-
- $mod = rcmail_mod_css_styles("@import url('http://localhost/somestuff/css/master.css');", 'rcmbody');
- $this->assertEqual("/* evil! */", $mod, "No import statements");
-
- $mod = rcmail_mod_css_styles("left:expression(document.body.offsetWidth-20)", 'rcmbody');
- $this->assertEqual("/* evil! */", $mod, "No expression properties");
-
- $mod = rcmail_mod_css_styles("left:exp/* */ression( alert(&#039;xss3&#039;) )", 'rcmbody');
- $this->assertEqual("/* evil! */", $mod, "Don't allow encoding quirks");
-
- $mod = rcmail_mod_css_styles("background:\\0075\\0072\\006c( javascript:alert(&#039;xss&#039;) )", 'rcmbody');
- $this->assertEqual("/* evil! */", $mod, "Don't allow encoding quirks (2)");
- }
-
-}
View
53 tests/runtests.sh
@@ -1,53 +0,0 @@
-#!/usr/bin/env php
-<?php
-
-/*
- +-----------------------------------------------------------------------+
- | tests/runtests.sh |
- | |
- | This file is part of the RoundCube Webmail client |
- | Copyright (C) 2009, RoundCube Dev. - Switzerland |
- | Licensed under the GNU GPL |
- | |
- | PURPOSE: |
- | Run-script for unit tests based on http://simpletest.org |
- | All .php files in this folder will be treated as tests |
- +-----------------------------------------------------------------------+
- | Author: Thomas Bruederli <roundcube@gmail.com> |
- +-----------------------------------------------------------------------+
-
- $Id: $
-
-*/
-
-if (php_sapi_name() != 'cli')
- die("Not in shell mode (php-cli)");
-
-if (!defined('SIMPLETEST')) define('SIMPLETEST', '/www/simpletest/');
-if (!defined('INSTALL_PATH')) define('INSTALL_PATH', realpath(dirname(__FILE__) . '/..') . '/' );
-
-define('TESTS_DIR', dirname(__FILE__) . '/');
-
-require_once(SIMPLETEST . 'unit_tester.php');
-require_once(SIMPLETEST . 'reporter.php');
-require_once(INSTALL_PATH . 'program/include/iniset.php');
-
-if (count($_SERVER['argv']) > 1) {
- $testfiles = array();
- for ($i=1; $i < count($_SERVER['argv']); $i++)
- $testfiles[] = realpath('./' . $_SERVER['argv'][$i]);
-}
-else {
- $testfiles = glob(TESTS_DIR . '*.php');
-}
-
-$test = new TestSuite('RoundCube unit tests');
-$reporter = new TextReporter();
-
-foreach ($testfiles as $fn) {
- $test->addTestFile($fn);
-}
-
-$test->run($reporter);
-
-?>
View
52 tests/src/BID-26800.txt
@@ -1,52 +0,0 @@
-<html>
-<head>
-</head>
-<body>
-<h1>1 test</h1>
-<p>&lt;style&gt; block</p>
-<style>input { left:expression( alert(&#039;expression!&#039;) ) }</style>
-<style>div { background:url(alert(&#039;URL!&#039;) ) }</style>
-
-<h1>2 test</h1>
-<p>&lt;div&gt; block</p>
-<div style="font-style:italic">valid css</div>
-<div style="{ left:expression( alert(&#039;expression!&#039;) ) }">
-<div style="{ background:url( alert(&#039;URL!&#039;) ) }">
-
-<h1>3 test</h1>
-<p>Inject comment text</p>
-<div style="{ left:exp/* */ression( alert(&#039;xss3&#039;) ) }">
-<div style="{ background:u/* */rl( alert(&#039;xssurl3&#039;) ) }">
-
-<h1>4 test</h1>
-<p>Using reverse solid to directe the codepoint</p>
-<div style="{ left:\0065\0078pression( alert(&#039;xss4&#039;) ) }">
-<div style="{ background:\0075rl( alert(&#039;xssurl4&#039;) ) }">
-
-<h1>5 test</h1>
-<p>Character entity references</p>
-<p>Character entity references is acceptable in "inline styles"</p>
-<div style="{ left:&#x0065;xpression( alert(&#039;xss&#039;) ) }">
-<div style="{ left:&#101;xpression( alert(&#039;xss&#039;) ) }">
-<div style="{ background:&#x0075;rl( alert(&#039;URL!&#039;) ) }">
-<div style="{ background:&#117;rl( alert(&#039;URL!&#039;) ) }">
-<div style="{ left:&#x0065xpression( alert(&#039;xss&#039;) ) }">
-
-<div style="{ left:�.�.p�.�.�.�.�.o�.( alert(&#039;xss&#039;) ) }">
-<div style="{ left:�.�.&#x2f;**/pression( alert(&#039;xss&#039;) ) }">
-<div style="{ left:exp&#x0280;essio&#x0274;( alert(&#039;xss&#039;) ) }">
-<div style="{ left:&#x5c;0065&#x5c;0078pression( alert(&#039;xss&#039;) ) }">
-<div style="{ left:ex p ression( alert(&#039;xss&#039;) ) }">
-
-<div style="{ background:�.�.�.( javascript:alert(&#039;xss&#039;) ) }">
-<div style="{ background:&#x0075;/**/rl( javascript:alert(&#039;xss&#039;) ) }">
-<div style="{ background:\0075\0072\006c( javascript:alert(&#039;xss&#039;) ) }">
-<div style="{ background:u&#x0280;&#x029F;( javascript:alert(&#039;xss&#039;) )
-}">
-<div style="{ background:&#x5c;0075&#x5c;0280l( javascript:alert(&#039;xss&#039;)
-) }">
-<div style="{ background:u r l( javascript:alert(&#039;xss&#039;) ) }">
-
-</body>
-</html>
-
View
51 tests/src/htmlbody.txt
@@ -1,51 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html>
-<head>
-<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
-<title>RoundCube Test Message</title>
-<link rel="stylesheet" type="text/css" href="http://anysite.net/styles/mail.css">
-<style type="text/css">
-
-p, a {
- font-family: Arial, 'Bitstream Vera Sans', Helvetica;
- margin-top: 0px;
- margin-bottom: 0px;
- padding-top: 0px;
- padding-bottom: 0px;
-}
-
-</style>
-</head>
-<body style="margin: 0 0 0 0;">
-
-<table width="100%" cellpadding="0" cellspacing="20" style="background-image:url(http://evilsite.net/newsletter/image/bg/bg-64.jpg);background-attachment:fixed;" background="http://evilsite.net/newsletter/image/bg/bg-64.jpg" border="0">
-<tr>
-<td>
-
-<h1>This is a HTML message</h1>
-
-<p>See nice pictures like the following:</p>
-
-<div>
- <img src="ex1.jpg" width="320" height="320" alt="Example 1">
- <img src="ex2.jpg" width="320" height="320" alt="Example 2">
- <img src="http://evilsite.net/mailings/ex3.jpg" width="320" height="320" alt="Example 3">
-</div>
-
-<form action="http://evilsite.net/subscribe.php">
- <p>Subscription form</p>
-
- E-Mail: <input type="text" name="mail" value=""><br/>
- <input type="submit" value="Subscribe">
-
-</form>
-
-<p>To unsubscribe click here <a href="http://evilsite.net/unsubscribe.php?mail=foo@bar.com"> or
- send a mail to <a href="mailto:unsubscribe@evilsite.net">unsubscribe@evilsite.net</a></p>
-
-</td>
-</tr>
-</table>
-
-</body>
-</html>
View
22 tests/src/htmlxss.txt
@@ -1,22 +0,0 @@
-<html>
-<body>
-
-<p><img onLoad.="alert(document.cookie)" src="skins/default/images/roundcube_logo.png" /></p>
-
-<p><a href="mailto:xss@somehost.net') && alert(document.cookie) || ignore('">mail me!</a>
-<a href="http://roundcube.net" target="_self">roundcube.net</a>
-<a href="http://roundcube.net" \onmouseover="alert('XSS')">roundcube.net (2)</a>
-
-</p>
-
-<div>Brilliant!</div>
-
-<table><tbody><tr><td background="javascript:alert('XSS')">BBBBBB</td></tr></tbody></table>
-
-<p>
-Have a nice Christmas time.<br />
-Thomas
-</p>
-
-</body>
-</html>
View
37 tests/src/plainbody.txt
@@ -1,37 +0,0 @@
-From: iPhone Developer Program <noreply-iphonedev@apple.com>
-To: nobody@roundcube.net
-
-*iPhone Developer Program*
-
------------------------------------
-iPhone SDK 2.2.1 is now available
-https://daw.apple.com/cgi-bin/WebObjects/DSAuthWeb.woa/wa/login?appIdKey=3D=
-D635F5C417E087A3B9864DAC5D25920C4E9442C9339FA9277951628F0291F620&path=3D//i=
-phone/login.action
-
-Log in to the iPhone Dev Center to download iPhone SDK for iPhone OS 2.2.1.=
- Installation of iPhone SDK 2.2.1 is required for development with devices =
-updated to iPhone OS 2.2.1. Please view the Read Me before installing the n=
-ew version of the iPhone SDK.
-
-Log in now
-https://daw.apple.com/cgi-bin/WebObjects/DSAuthWeb.woa/wa/login?appIdKey=3D=
-D635F5C417E087A3B9864DAC5D25920C4E9442C9339FA9277951628F0291F620&path=3D//i=
-phone/login.action
-
------------------------------------
-Copyright (c) 2009 Apple Inc. 1 Infinite Loop, MS 303-3DM, Cupertino, CA 95=
-014.
-
-All Rights Reserved
-http://www.apple.com/legal/default.html
-
-Keep Informed
-http://www.apple.com/enews/subscribe/
-
-Privacy Policy
-http://www.apple.com/legal/privacy/
-
-My Info
-https://myinfo.apple.com/cgi-bin/WebObjects/MyInfo
-
View
30 tests/src/valid.css
@@ -1,30 +0,0 @@
-/** Master style definitions **/
-
-body, p, div, h1, h2, h3, textarea {
- font-family: "Lucida Grande", Helvetica, sans-serif;
- font-size: 8.8pt;
- color: #333;
-}
-
-body {
- background-color: white;
- margin: 0;
-}
-
-h1 {
- color: #1F519A;
- font-size: 1.7em;
- font-weight: normal;
- margin-top: 0;
- margin-bottom: 1em;
-}
-
-.noscript {
- display: none;
-}
-
-.hint, .username {
- color: #999;
-}
-
-
Please sign in to comment.
Something went wrong with that request. Please try again.