************************
* NaSMail 1.x Changelog
************************
Version 1.7 - 2009-11-22
------------------------
- Fixed capability cache issues on Cyrus.
- Removed PHP6 unicode.semantics tests. PHP6 is not supported.
- Added missing parent folders in Dovecot.
- Fixed message hilighting.
- Sanitized username in map_yp_alias (CVE-2009-1579).
- Added mailbox_controls hook.
- Use FLAGS.SILENT instead of FLAGS in sqimap_toggle_flag().
- Added nsm_imap_quote_string() and nsm_imap_check_cont_request() functions.
- Use NSM_FOLDER_ALL constant instead of 'All Folders' string in search form.
- Allow to subscribe/unsubscribe special subfolders.
- Added literal string support in sqimap_run_command() and
sqimap_run_command_list(). Removed eims and hmailserver workarounds.
- Added security tokens to option, mailbox, address book forms and vulnerable
bundled plugins. (CVE-2009-2964)
- Sanitized output of contrib/decrypt_headers.php (CVE-2009-1578)
- Added input check in index order options.
- Added ArmSCII-7, ArmSCII-8 and ArmSCII-8A decoders.
- Fixed some issues with "0" mailbox.
Version 1.6.1 - 2009-01-19
--------------------------
- Fixed code incompatible with PHP4 (#12848) (#12849).
- Fixed message part type detection.
Version 1.6 - 2009-01-11
------------------------
- Initialized configuration arrays (#11794).
- Added nsm_tgettext() and nsm_tngettext() functions (#11675).
- Fixed incorrect decoding of some folder names in imap_utf7_decode_local().
- Added pagination to address book listing. Address book layout now looks
similar to layout of other pages. Listing shows contents of only one address
book.
- Use of secure session and password cookies when HTTP over SSL is detected.
- Use HTTPOnly password cookies in PHP 5.2+.
- Mailbox is no longer sorted in default preferences.
- Filter HTML5 media objects.
- Added quotes to rewritten cid and outbind URLs.
Version 1.5 - 2008-06-01
- Added SASL PLAIN support to IMAP functions. Enabled SMTP SASL PLAIN
configuration options.
- Fixed capability parsing and testing in sqimap_capability().
- Removed unused SM 1.5.1+ arguments in ported logout_error() calls.
- Removed 8bit tests in IMAP LOGIN authentication as defined in IMAPEXT-I18N
draft.
- Applied font family and size to form inputs, buttons and selection boxes
with CSS.
- Removed dublicated extraction of pagination preferences.
- Removed obsolate SUBJ_TRIM_AT and PG_SEL_MAX constants.
- Added custom attribute support to form functions.
- utf-8 charset tags are added to login form.
- Undelete button is moved from Expunge to Delete group.
- Don't use $name as img alt attribute in create_flag_string();
- Don't use hardcoded ANSI colors in conf.pl.
- Added custom session handler support.
- Allowed two plugins to be attached to do_hook_function hooks.
- Fixed width of login form fields in IE6.
- Use hex string instead of ipv4/ipv6 addresses in Message-ID header.
- Added remote address and port checks in composed message headers.
- Fixed quoting of filtered html links. Don't whitelist style tags in
sq_sanitize(). Filtered canvas tags. Use blank.png instead of sec_remove
for background and css urls.
- Blacklisted style elements in html emails.
- Allowed message body size is increased to 8MiB, if get_uuencode plugin is
enabled and uuencoded content is detected.
- EXPUNGE is performed only when messages are moved or deleted. Thanks to John
Madden.
- Deprecated findPreviousMessage() and findNextMessage(). Code is moved from
src/read_body.php to nsm_imap_msgs_next() and nsm_imap_msgs_prev() in
functions/imap_messages.php.
- Fixed encodeHeader() function.
- Combined multiple header folding spaces into one space.
- Improved filtering of html comments in nsm_html2txt().
- Recognize ISO646 charset aliases supported by extra decoding library 1.3.
- Added ISO2022-JP-1 support.
- Added nsm_imap_mailbox_expunge() function with UIDPLUS (rfc4315) support.
Deprecated sqimap_mailbox_expunge().
- Rebuild folder cache when folder options are changed.
- Use ngettext to translate "%d minutes" correctly.
- Don't keep compose session information, when drafts are saved.
- Removed dead dorkslayers.com, dev.null.dk and visi.com RBLs from filters
plugin.
- Help link is not displayed, if help files are not available.
- Fixed mailto: links in html mails (#9470). Added subject and body support.
- Added use_simple_html option.
- Updated spam filtering options in filters plugin. Added UCEProtect and Sorbs
RBLs. Reduced number of RBL lookups.
- Fixed Content-Transfer-Encoding header in ASCII MDNs and Message class
defaults.
Version 1.4 - 2007-12-23
- Fixed extraction of cc: and bcc: information from mailtodata in compose.php.
Removed site configuration options from src/mailto.php.
- Added nsm_str_pad() function.
- Fixed collision of targetMailbox names in mailbox controls. Added extra
arguments to nsm_print_mailbox_controls() and getMbxList() functions and
mailbox_controls_left hook.
- Added missing translations in web setup utility (#9996).
- Removed support of commercial RBLs in filters plugin.
- Removed soupNazi() function.
- Restored forward_cc option from SquirrelMail 1.2.6-1.2.11.
- Don't add 'undisclosed-recipients' in replyAllString() output.
- src/addrbook_search_html.php code moved to src/compose.php.
- Added copy buttons to mailbox controls and use_msg_copy user option.
- Added undelete buttons.
- Removed getButton() function. Code uses standard form functions.
- Added nsm_process_upload_errors() function.
- Fixed padding of translated header in forwarded messages.
- Allow SMOPT_TYPE_COMMENT widgets with empty captions.
- Allow use of trailing_text property in all visible option widgets.
- Don't keep smaction value in compose form. Process original drafts in
deliverMessage() instead of processing them after new draft is saved
or message is sent.
- Added accept-charset attribute to compose form.
- Removed dependency on checkdnsrr() in abook_take plugin.
- Address Book Take plugin form moved from read_body_bottom to read_body_header
hook.
- Display of image attachments is restricted to window width.
- Added nsm_page_title() function.
- Fixed sender names with quoted pairs in mailbox display.
- Fixed sorting of normal folders that are subfolders of special folders
(#10287).
- Added interface layout controls. Added displayMessageHeader() function.
- javascript_on setting moved from preferences to session.
- Added size sorting patch by Christopher E. Brown.
- Allow selecting INBOX as draft or sent folder.
- Added To: column to mailbox display.
- Allow use of unsigned 2^31-2^32 integers in message ids.
- Truncate oversized message body in message display. Display is limited to
64 KB.
- Removed sort variable from session and requests.
- Saved drafts and sent emails no longer set 'note' URL parameter. $note
display is removed from src/right_main.php.
- conf.pl should detect invalid plugin name in --install-plugin arguments.
Version 1.3 - 2007-09-09
------------------------
- CSS is used to force consistent bottom margin rendering in signout form.
- Improved nsm_cstrtolower and nsm_cstrtoupper performance.
- Sorted themes and plugins in conf.pl.
- Improved handling of html messages in $show_html_default=0 display mode and
html-only messages in compose. Added nsm_html2txt() function.
- Reverted SquirrelMail #228309 bugfix changes.
- Added rebind and unique_id options to address book ldap backend. List all
ldap mail attribute values in one entry instead of creating multiple
address book entries. Removed unused $bound property from address book ldap
backend. Allowed to set LDAP timeout options in conf.pl.
- Added nsm_cstrcasecmp() function.
- Fixed use of message cache in printer_friendly_bottom.php.
- Fixed initialization of To:, Cc: and Bcc: header information in attached
rfc822 messages.
- Centralized message caching.
- Made sure that configtest.php displays PHP errors.
- Added NSM_PREF_EMPTY constant.
- Improved performance of folder listing code.
- Removed $noselect_fix_enable option (#9206). Code adds missing parents
automatically.
- Removed $default_sub_of_inbox option. Code detects it from folder prefix.
- Make sure that Content-Type headers are lowercased in mailbox display.
- Added 'compose_form_process' hook.
- Added 'email_message_format' setting.
- Unbundled bulkquery utility.
- Added experimental UTF-7 and UTF-16 decoding libraries.
- Added experimental UTF-16 encoding library.
- Rewrote internal UTF7-IMAP decoding and encoding.
- decodeBase64() and encodeBase64() functions are replaced with
nsm_decode_mod_base64() and nsm_encode_mod_base64().
- Disabled 5-6 byte UTF-8 encoding and decoding.
- Moved main executable code from plugins/fortune/setup.php to
plugins/fortune/functions.php. Added site configuration file for fortune
plugin.
- Made sure that data_dir and attachment_dir settings always end with trailing
slash.
- Removed site configuration options from plugins/filters/setup.php. Added
site configuration file support to filters plugin. Cleaned
plugins/filters/setup.php file. Fixed possible issues in
magic_quotes_sybase=on setups.
- Added nsm_addslashes() function.
- Added mailbox controls in listing footer. Added nsm_print_mailbox_controls()
function.
- Added Opera Mini to the list of browsers with broken JavaScript support.
- Added get_pref and get_pref_override hooks to DB preference backend.
- Small JavaScript support autodetection fixes.
- Added nsm_check_for_javascript() function. Deprecated soupNazi().
- Fixed typo in nsm_auth_read_otp().
- truncateWithEntities() evaluates strings in characters and not in bytes.
Code reverts to evaluation in bytes, if mbstring extension is not available.
- LDAP address book backend is writable only when unique id option is set and
rebind option is not enabled.
- Fixed search on accounts with noselect mailboxes.
- Added 'mailbox_controls_left' and 'mailbox_controls_right' hooks.
- Removed hardcoded $sent_subfolders_base value in sent_subfolders plugin
check_handleAsSent_result hook.
- Patched up filters plugin to work when bulkquery utility is used.
Version 1.2 - 2007-07-01
------------------------
- Fixed detection of SMTP authentication support in conf.pl.
- Fixed handling of zero values and html links in set_url_var().
- Fixed encoding of subject in read notifications.
- Added nsm_http_redirect(), nsm_fix_session_url(),
nsm_auth_read_password(), nsm_auth_save_password(),
nsm_auth_delete_password(), nsm_auth_read_otp(),
nsm_auth_read_key(), nsm_imap_login() functions. Deprecated
sqimap_login() and sqauth_read_password() functions. Obsolated
direct access to password information.
- Added cookieless interface and cookieless session support.
- Added noframes tags in src/webmail.php.
- Allowed user level access to 'addrsrch_fullname' setting.
- Added missing includes for filters plugin. Plugin broke after 1.1
src/webmail.php optimizations.
- Local configuration overrides are loaded with include_once()
instead of include().
- Removed XML extension dependency in DIGEST-MD5 authentication.
- Removed broken sqimap_get_message_header(), sqimap_get_ent_header(),
sqimap_get_mime_ent_header() and sortSpecialMbx() functions. Removed
obsolate sqimap_get_small_header() function.
- Removed $id argument from sqimap_mailbox_expunge().
- Fixed handling of windows paths in configuration utilities.
- Added error handling controls to sqimap_get_sort_order() and
get_thread_sort(). Fixed SORT and THREAD error handling in
showMessagesForMailbox(). Closes #9205.
- Added preset for Cyrus setups with turned on unixhierarchysep setting.
- Fixed rendering of advanced identities in HTML compliance mode.
Version 1.1 - 2007-05-27
------------------------
- Added missing sq_substr functions for spellcheck plugin.
- HTML filter functions are separated from MIME functions.
- Removed broken ns_4551-1 decoding function.
- Improved handling of iconv decoding.
- Don't load preferences when username is not set.
- Convert foreign charsets before sanitizing html.
- Automatically sort address book search results before displaying them.
- Html switched from quirks to standards compliance mode.
- Added PHP upload processing.
- Saved priority and receipt options in html address book.
- Fixed display of sender in message/rfc822 mime parts.
- Added "hide unsafe images" option for html attachments.
- Removed PHP 4.0.x support.
- Added PHP variables_order and empty base url checks to configtest.php.
- Added more unseen_notify options.
- Ported SquirrelMail 1.4.10 changes.
- Added unicode.semantics checks to configtest.php.
- Reduced number of includes in src/*.php scripts.
- Added compatibility plugin support.
- Updated IMAP server presets for better configuration matching.
Version 1.0 - 2007-01-14
------------------------
- Removed XTRA_CODE support.
- Added automatic language loading.
- Removed LC_CTYPE and LC_NUMERIC workarounds.
- Removed custom iso-2022-jp and ja_JP handling.
- Added ngettext and dgettext support.
- Added STARTTLS and sitewide smtp auth support.
- Removed lossy encoding and default charset options.
- Added internal_link hook (image_buttons plugin).
- Added message flags and icons options.
- Added left_main_folder_icon hook.
- Removed default_unseen_notify, default_unseen_type,
default_use_javascript_addr_book configuration options.
- Removed options_*_inside and options_link_and_description hooks.
- Modified sqimap_msgs_list_copy() function. Added sqimap_msgs_list_move()
function.
- Flipped version from 1.4.9 (SquirrelMail) to 1.0 (NaSMail). Replaced links
to SquirrelMail website in configuration files.
- Ported SM 1.5.2cvs ldap_server address book backend.
- Allow 'None' mailbox. Use empty string instead of 'None' in
displayPageHeader() mailbox argument.
- Address book, date, imap and preference functions always use nasmail
gettext domain.
- Added nsm_cstrtolower() and nsm_cstrtoupper() functions.
- Fixed INBOX subfolder sorting in dovecot and courier.
- Added server side sorting to presets.
- Added compose_before_textarea hook (html_mail emoticons patch).
- Fixed year folder in sent_subfolders plugin.
- Added nsm_i18n_convert_entities() function (Port from 1.5.2cvs).
- Added message composition option block (Port from 1.5.x).
- Added PHP 5.1.0 date_default_timezone_set() support.
- Regenerate 'deleted' session ids in PHP 4.3.0+.
- Added web setup script.
- Added TYPE1 property to message information.
- Removed site configuration of left_size option.
- Added locale tests and configtest hook in configuration testing utility.
- Added frameset border, alternative language names, imap folder case
sensitivity and folder subscription control options.
- Added internal_link hook controls in makeInternalLink() and related functions.
Added makeExternalLink() function. displayInternalLink() function is deprecated.
makeComposeLink() function moved to page_header.php library.
- sm_print_r() updated to print object methods and to align printed information.
(Port from sm 1.5.x).
- Added link target parameter to array submitted in internal_link hook.
- Mailbox names are case sensitive by default. Plugins should not care about
mailbox case sensitivity unless they use custom imap function calls.
- Added nsm_i18n_charset_alias() function.
- Changed theme layout and configuration variables. Limited number of themes
enabled by default.
- Don't display attachment tags on multipart/alternative messages.
- 'macosx' preset and workarounds renamed to 'eims'.
- Removed MacOS X performance cache workarounds. Use $config_location_base.
- Added portability options in db_prefs.
- Added trailing_text parameter to option widgets.
- Added nsm_message_log function and message_log hook.
- Removed ORDB RBL options.
- Added remote configuration test controls.
- Fixed processing of FETCH response in filters plugin. Added user level
$SpamFilters_YourHop controls.
**************************************
*** SquirrelMail Stable Series 1.4 ***
**************************************
-------------------------------------------------------
Version 1.4.10 - 9 May 2007 (shows only ported changes)
-------------------------------------------------------
- Fix HTML glitches (#1608798, #1628639, #1521389, #1548394, #1704686).
- Reduce (largely theoretical) chance of reusing existing attachment
filenames.
- Fix rare bug in forwarding as attachment from some search results.
- Fix for wrong $_SERVER['REQUEST_URI'] value causing wrong links
in the [more] and [less] links in read_body.php.
- Fix URL to send read receipts from read_body (#1637572).
- Fix for high memory usage when forwarding messages with attachments.
- Fix for filename extraction from attachments.
- Fix reply to all duplicating the address from Reply-To.
- Make compose use get_identities() rather than fiddling with identities
by itself, resolving a problem in the listcommands plugin (#1663762).
- If a date-header cannot be parsed, display the unparsed version as a
better-than-nothing alternative.
- Security: fixes for the HTML filter to counter further XSS exploits:
HTML attachments containing 'data:' URLs. Thanks to Mikhail Markin and
and Michael Jordon for reporting these issues. [CVE-2007-1262]
--------------------------------
Version 1.4.9a - 3 December 2006
--------------------------------
- Security: Multiple IE cross site scripting issues related to the
widely acceptation of the word expression and url by IE.
- Security: Removing @import when sanitizing html mail.
Version 1.4.9 - 2 December 2006
-------------------------------
- Drop obsolete script plugins/make_archive.pl.
- Fixed Google translate form in translate plugin. Added new language
pairs.
- Added XMAGICTRASH extension tests in configtest utility. Removed code
that handled 'inbox.trash' as special folder in courier (#1354393).
- Allowed moving folders to trash in courier.
- Fix misspelled constant PREG_SPLIT_NI_EMPTY in sqimap_get_message
(#1543573).
- Provide View Unsafe Images link on viewing a text/html attachment.
- Fix variable typo in folders_create.php (#1545316).
- Added Courier IMAP OUTBOX check to configtest utility.
- If mailbox name starts with slash or contains ../, error message is
generated. Safety check for insecure default UW IMAP setup (#1557078).
- Ignore message copy errors when messages are deleted. Allows to delete
messages when quota is exceeded (#614887, #646386, #1446026).
- Fixed unintended literal fetching (#1562271).
- Added global file based address book listing controls. Added line
length configuration option for local_file address book backend
(#1181561). Added address book data integrity checks in local_file
address book backend. Fixed eregi and object notices in local_file
and database address book backends. Added additional address book
field support.
- Fixed variable corruption in configtest utility.
- Checked if configuration file is readable in configuration utility
(#1568355).
- Special mailboxes marked in special_mailbox hook are no longer listed
in folder delete, rename and subscription options.
- Translate plugin: prevent PHP notice when viewing empty message.
- Add CEST and MEST (non-standard) timezone codes for +0200.
- Add <label> to From field in message list.
- Add support for parsing SpamAssassin's X-Spam-Status header (#1589520).
- Fix in bodystructure parser code related to strings ending with an
escape character.
- Added third parameter $logout_link to logout_error hook that allows
plugin control over login page URI displayed on login error page.
- Security: close cross site scripting vulnerability in draft, compose
and mailto functionality [CVE-2006-6142].
- Security: work around an issue in Internet Explorer that would guess
the mime type of a file based on contents, not Content-Type header.
Version 1.4.8 - 11th August 2006
--------------------------------
... See SquirrelMail changelogs.
Documentation generated on Sun, 22 Nov 2009 17:37:13 +0200 by phpDocumentor 1.4.3