************************ * NaSMail 1.x Changelog ************************ Version 1.7 - 2009-11-22 ------------------------ - Fixed capability cache issues on Cyrus. - Removed PHP6 unicode.semantics tests. PHP6 is not supported. - Added missing parent folders in Dovecot. - Fixed message hilighting. - Sanitized username in map_yp_alias (CVE-2009-1579). - Added mailbox_controls hook. - Use FLAGS.SILENT instead of FLAGS in sqimap_toggle_flag(). - Added nsm_imap_quote_string() and nsm_imap_check_cont_request() functions. - Use NSM_FOLDER_ALL constant instead of 'All Folders' string in search form. - Allow to subscribe/unsubscribe special subfolders. - Added literal string support in sqimap_run_command() and sqimap_run_command_list(). Removed eims and hmailserver workarounds. - Added security tokens to option, mailbox, address book forms and vulnerable bundled plugins. (CVE-2009-2964) - Sanitized output of contrib/decrypt_headers.php (CVE-2009-1578) - Added input check in index order options. - Added ArmSCII-7, ArmSCII-8 and ArmSCII-8A decoders. - Fixed some issues with "0" mailbox. Version 1.6.1 - 2009-01-19 -------------------------- - Fixed code incompatible with PHP4 (#12848) (#12849). - Fixed message part type detection. Version 1.6 - 2009-01-11 ------------------------ - Initialized configuration arrays (#11794). - Added nsm_tgettext() and nsm_tngettext() functions (#11675). - Fixed incorrect decoding of some folder names in imap_utf7_decode_local(). - Added pagination to address book listing. Address book layout now looks similar to layout of other pages. Listing shows contents of only one address book. - Use of secure session and password cookies when HTTP over SSL is detected. - Use HTTPOnly password cookies in PHP 5.2+. - Mailbox is no longer sorted in default preferences. - Filter HTML5 media objects. - Added quotes to rewritten cid and outbind URLs. Version 1.5 - 2008-06-01 - Added SASL PLAIN support to IMAP functions. Enabled SMTP SASL PLAIN configuration options. - Fixed capability parsing and testing in sqimap_capability(). - Removed unused SM 1.5.1+ arguments in ported logout_error() calls. - Removed 8bit tests in IMAP LOGIN authentication as defined in IMAPEXT-I18N draft. - Applied font family and size to form inputs, buttons and selection boxes with CSS. - Removed dublicated extraction of pagination preferences. - Removed obsolate SUBJ_TRIM_AT and PG_SEL_MAX constants. - Added custom attribute support to form functions. - utf-8 charset tags are added to login form. - Undelete button is moved from Expunge to Delete group. - Don't use $name as img alt attribute in create_flag_string(); - Don't use hardcoded ANSI colors in conf.pl. - Added custom session handler support. - Allowed two plugins to be attached to do_hook_function hooks. - Fixed width of login form fields in IE6. - Use hex string instead of ipv4/ipv6 addresses in Message-ID header. - Added remote address and port checks in composed message headers. - Fixed quoting of filtered html links. Don't whitelist style tags in sq_sanitize(). Filtered canvas tags. Use blank.png instead of sec_remove for background and css urls. - Blacklisted style elements in html emails. - Allowed message body size is increased to 8MiB, if get_uuencode plugin is enabled and uuencoded content is detected. - EXPUNGE is performed only when messages are moved or deleted. Thanks to John Madden. - Deprecated findPreviousMessage() and findNextMessage(). Code is moved from src/read_body.php to nsm_imap_msgs_next() and nsm_imap_msgs_prev() in functions/imap_messages.php. - Fixed encodeHeader() function. - Combined multiple header folding spaces into one space. - Improved filtering of html comments in nsm_html2txt(). - Recognize ISO646 charset aliases supported by extra decoding library 1.3. - Added ISO2022-JP-1 support. - Added nsm_imap_mailbox_expunge() function with UIDPLUS (rfc4315) support. Deprecated sqimap_mailbox_expunge(). - Rebuild folder cache when folder options are changed. - Use ngettext to translate "%d minutes" correctly. - Don't keep compose session information, when drafts are saved. - Removed dead dorkslayers.com, dev.null.dk and visi.com RBLs from filters plugin. - Help link is not displayed, if help files are not available. - Fixed mailto: links in html mails (#9470). Added subject and body support. - Added use_simple_html option. - Updated spam filtering options in filters plugin. Added UCEProtect and Sorbs RBLs. Reduced number of RBL lookups. - Fixed Content-Transfer-Encoding header in ASCII MDNs and Message class defaults. Version 1.4 - 2007-12-23 - Fixed extraction of cc: and bcc: information from mailtodata in compose.php. Removed site configuration options from src/mailto.php. - Added nsm_str_pad() function. - Fixed collision of targetMailbox names in mailbox controls. Added extra arguments to nsm_print_mailbox_controls() and getMbxList() functions and mailbox_controls_left hook. - Added missing translations in web setup utility (#9996). - Removed support of commercial RBLs in filters plugin. - Removed soupNazi() function. - Restored forward_cc option from SquirrelMail 1.2.6-1.2.11. - Don't add 'undisclosed-recipients' in replyAllString() output. - src/addrbook_search_html.php code moved to src/compose.php. - Added copy buttons to mailbox controls and use_msg_copy user option. - Added undelete buttons. - Removed getButton() function. Code uses standard form functions. - Added nsm_process_upload_errors() function. - Fixed padding of translated header in forwarded messages. - Allow SMOPT_TYPE_COMMENT widgets with empty captions. - Allow use of trailing_text property in all visible option widgets. - Don't keep smaction value in compose form. Process original drafts in deliverMessage() instead of processing them after new draft is saved or message is sent. - Added accept-charset attribute to compose form. - Removed dependency on checkdnsrr() in abook_take plugin. - Address Book Take plugin form moved from read_body_bottom to read_body_header hook. - Display of image attachments is restricted to window width. - Added nsm_page_title() function. - Fixed sender names with quoted pairs in mailbox display. - Fixed sorting of normal folders that are subfolders of special folders (#10287). - Added interface layout controls. Added displayMessageHeader() function. - javascript_on setting moved from preferences to session. - Added size sorting patch by Christopher E. Brown. - Allow selecting INBOX as draft or sent folder. - Added To: column to mailbox display. - Allow use of unsigned 2^31-2^32 integers in message ids. - Truncate oversized message body in message display. Display is limited to 64 KB. - Removed sort variable from session and requests. - Saved drafts and sent emails no longer set 'note' URL parameter. $note display is removed from src/right_main.php. - conf.pl should detect invalid plugin name in --install-plugin arguments. Version 1.3 - 2007-09-09 ------------------------ - CSS is used to force consistent bottom margin rendering in signout form. - Improved nsm_cstrtolower and nsm_cstrtoupper performance. - Sorted themes and plugins in conf.pl. - Improved handling of html messages in $show_html_default=0 display mode and html-only messages in compose. Added nsm_html2txt() function. - Reverted SquirrelMail #228309 bugfix changes. - Added rebind and unique_id options to address book ldap backend. List all ldap mail attribute values in one entry instead of creating multiple address book entries. Removed unused $bound property from address book ldap backend. Allowed to set LDAP timeout options in conf.pl. - Added nsm_cstrcasecmp() function. - Fixed use of message cache in printer_friendly_bottom.php. - Fixed initialization of To:, Cc: and Bcc: header information in attached rfc822 messages. - Centralized message caching. - Made sure that configtest.php displays PHP errors. - Added NSM_PREF_EMPTY constant. - Improved performance of folder listing code. - Removed $noselect_fix_enable option (#9206). Code adds missing parents automatically. - Removed $default_sub_of_inbox option. Code detects it from folder prefix. - Make sure that Content-Type headers are lowercased in mailbox display. - Added 'compose_form_process' hook. - Added 'email_message_format' setting. - Unbundled bulkquery utility. - Added experimental UTF-7 and UTF-16 decoding libraries. - Added experimental UTF-16 encoding library. - Rewrote internal UTF7-IMAP decoding and encoding. - decodeBase64() and encodeBase64() functions are replaced with nsm_decode_mod_base64() and nsm_encode_mod_base64(). - Disabled 5-6 byte UTF-8 encoding and decoding. - Moved main executable code from plugins/fortune/setup.php to plugins/fortune/functions.php. Added site configuration file for fortune plugin. - Made sure that data_dir and attachment_dir settings always end with trailing slash. - Removed site configuration options from plugins/filters/setup.php. Added site configuration file support to filters plugin. Cleaned plugins/filters/setup.php file. Fixed possible issues in magic_quotes_sybase=on setups. - Added nsm_addslashes() function. - Added mailbox controls in listing footer. Added nsm_print_mailbox_controls() function. - Added Opera Mini to the list of browsers with broken JavaScript support. - Added get_pref and get_pref_override hooks to DB preference backend. - Small JavaScript support autodetection fixes. - Added nsm_check_for_javascript() function. Deprecated soupNazi(). - Fixed typo in nsm_auth_read_otp(). - truncateWithEntities() evaluates strings in characters and not in bytes. Code reverts to evaluation in bytes, if mbstring extension is not available. - LDAP address book backend is writable only when unique id option is set and rebind option is not enabled. - Fixed search on accounts with noselect mailboxes. - Added 'mailbox_controls_left' and 'mailbox_controls_right' hooks. - Removed hardcoded $sent_subfolders_base value in sent_subfolders plugin check_handleAsSent_result hook. - Patched up filters plugin to work when bulkquery utility is used. Version 1.2 - 2007-07-01 ------------------------ - Fixed detection of SMTP authentication support in conf.pl. - Fixed handling of zero values and html links in set_url_var(). - Fixed encoding of subject in read notifications. - Added nsm_http_redirect(), nsm_fix_session_url(), nsm_auth_read_password(), nsm_auth_save_password(), nsm_auth_delete_password(), nsm_auth_read_otp(), nsm_auth_read_key(), nsm_imap_login() functions. Deprecated sqimap_login() and sqauth_read_password() functions. Obsolated direct access to password information. - Added cookieless interface and cookieless session support. - Added noframes tags in src/webmail.php. - Allowed user level access to 'addrsrch_fullname' setting. - Added missing includes for filters plugin. Plugin broke after 1.1 src/webmail.php optimizations. - Local configuration overrides are loaded with include_once() instead of include(). - Removed XML extension dependency in DIGEST-MD5 authentication. - Removed broken sqimap_get_message_header(), sqimap_get_ent_header(), sqimap_get_mime_ent_header() and sortSpecialMbx() functions. Removed obsolate sqimap_get_small_header() function. - Removed $id argument from sqimap_mailbox_expunge(). - Fixed handling of windows paths in configuration utilities. - Added error handling controls to sqimap_get_sort_order() and get_thread_sort(). Fixed SORT and THREAD error handling in showMessagesForMailbox(). Closes #9205. - Added preset for Cyrus setups with turned on unixhierarchysep setting. - Fixed rendering of advanced identities in HTML compliance mode. Version 1.1 - 2007-05-27 ------------------------ - Added missing sq_substr functions for spellcheck plugin. - HTML filter functions are separated from MIME functions. - Removed broken ns_4551-1 decoding function. - Improved handling of iconv decoding. - Don't load preferences when username is not set. - Convert foreign charsets before sanitizing html. - Automatically sort address book search results before displaying them. - Html switched from quirks to standards compliance mode. - Added PHP upload processing. - Saved priority and receipt options in html address book. - Fixed display of sender in message/rfc822 mime parts. - Added "hide unsafe images" option for html attachments. - Removed PHP 4.0.x support. - Added PHP variables_order and empty base url checks to configtest.php. - Added more unseen_notify options. - Ported SquirrelMail 1.4.10 changes. - Added unicode.semantics checks to configtest.php. - Reduced number of includes in src/*.php scripts. - Added compatibility plugin support. - Updated IMAP server presets for better configuration matching. Version 1.0 - 2007-01-14 ------------------------ - Removed XTRA_CODE support. - Added automatic language loading. - Removed LC_CTYPE and LC_NUMERIC workarounds. - Removed custom iso-2022-jp and ja_JP handling. - Added ngettext and dgettext support. - Added STARTTLS and sitewide smtp auth support. - Removed lossy encoding and default charset options. - Added internal_link hook (image_buttons plugin). - Added message flags and icons options. - Added left_main_folder_icon hook. - Removed default_unseen_notify, default_unseen_type, default_use_javascript_addr_book configuration options. - Removed options_*_inside and options_link_and_description hooks. - Modified sqimap_msgs_list_copy() function. Added sqimap_msgs_list_move() function. - Flipped version from 1.4.9 (SquirrelMail) to 1.0 (NaSMail). Replaced links to SquirrelMail website in configuration files. - Ported SM 1.5.2cvs ldap_server address book backend. - Allow 'None' mailbox. Use empty string instead of 'None' in displayPageHeader() mailbox argument. - Address book, date, imap and preference functions always use nasmail gettext domain. - Added nsm_cstrtolower() and nsm_cstrtoupper() functions. - Fixed INBOX subfolder sorting in dovecot and courier. - Added server side sorting to presets. - Added compose_before_textarea hook (html_mail emoticons patch). - Fixed year folder in sent_subfolders plugin. - Added nsm_i18n_convert_entities() function (Port from 1.5.2cvs). - Added message composition option block (Port from 1.5.x). - Added PHP 5.1.0 date_default_timezone_set() support. - Regenerate 'deleted' session ids in PHP 4.3.0+. - Added web setup script. - Added TYPE1 property to message information. - Removed site configuration of left_size option. - Added locale tests and configtest hook in configuration testing utility. - Added frameset border, alternative language names, imap folder case sensitivity and folder subscription control options. - Added internal_link hook controls in makeInternalLink() and related functions. Added makeExternalLink() function. displayInternalLink() function is deprecated. makeComposeLink() function moved to page_header.php library. - sm_print_r() updated to print object methods and to align printed information. (Port from sm 1.5.x). - Added link target parameter to array submitted in internal_link hook. - Mailbox names are case sensitive by default. Plugins should not care about mailbox case sensitivity unless they use custom imap function calls. - Added nsm_i18n_charset_alias() function. - Changed theme layout and configuration variables. Limited number of themes enabled by default. - Don't display attachment tags on multipart/alternative messages. - 'macosx' preset and workarounds renamed to 'eims'. - Removed MacOS X performance cache workarounds. Use $config_location_base. - Added portability options in db_prefs. - Added trailing_text parameter to option widgets. - Added nsm_message_log function and message_log hook. - Removed ORDB RBL options. - Added remote configuration test controls. - Fixed processing of FETCH response in filters plugin. Added user level $SpamFilters_YourHop controls. ************************************** *** SquirrelMail Stable Series 1.4 *** ************************************** ------------------------------------------------------- Version 1.4.10 - 9 May 2007 (shows only ported changes) ------------------------------------------------------- - Fix HTML glitches (#1608798, #1628639, #1521389, #1548394, #1704686). - Reduce (largely theoretical) chance of reusing existing attachment filenames. - Fix rare bug in forwarding as attachment from some search results. - Fix for wrong $_SERVER['REQUEST_URI'] value causing wrong links in the [more] and [less] links in read_body.php. - Fix URL to send read receipts from read_body (#1637572). - Fix for high memory usage when forwarding messages with attachments. - Fix for filename extraction from attachments. - Fix reply to all duplicating the address from Reply-To. - Make compose use get_identities() rather than fiddling with identities by itself, resolving a problem in the listcommands plugin (#1663762). - If a date-header cannot be parsed, display the unparsed version as a better-than-nothing alternative. - Security: fixes for the HTML filter to counter further XSS exploits: HTML attachments containing 'data:' URLs. Thanks to Mikhail Markin and and Michael Jordon for reporting these issues. [CVE-2007-1262] -------------------------------- Version 1.4.9a - 3 December 2006 -------------------------------- - Security: Multiple IE cross site scripting issues related to the widely acceptation of the word expression and url by IE. - Security: Removing @import when sanitizing html mail. Version 1.4.9 - 2 December 2006 ------------------------------- - Drop obsolete script plugins/make_archive.pl. - Fixed Google translate form in translate plugin. Added new language pairs. - Added XMAGICTRASH extension tests in configtest utility. Removed code that handled 'inbox.trash' as special folder in courier (#1354393). - Allowed moving folders to trash in courier. - Fix misspelled constant PREG_SPLIT_NI_EMPTY in sqimap_get_message (#1543573). - Provide View Unsafe Images link on viewing a text/html attachment. - Fix variable typo in folders_create.php (#1545316). - Added Courier IMAP OUTBOX check to configtest utility. - If mailbox name starts with slash or contains ../, error message is generated. Safety check for insecure default UW IMAP setup (#1557078). - Ignore message copy errors when messages are deleted. Allows to delete messages when quota is exceeded (#614887, #646386, #1446026). - Fixed unintended literal fetching (#1562271). - Added global file based address book listing controls. Added line length configuration option for local_file address book backend (#1181561). Added address book data integrity checks in local_file address book backend. Fixed eregi and object notices in local_file and database address book backends. Added additional address book field support. - Fixed variable corruption in configtest utility. - Checked if configuration file is readable in configuration utility (#1568355). - Special mailboxes marked in special_mailbox hook are no longer listed in folder delete, rename and subscription options. - Translate plugin: prevent PHP notice when viewing empty message. - Add CEST and MEST (non-standard) timezone codes for +0200. - Add <label> to From field in message list. - Add support for parsing SpamAssassin's X-Spam-Status header (#1589520). - Fix in bodystructure parser code related to strings ending with an escape character. - Added third parameter $logout_link to logout_error hook that allows plugin control over login page URI displayed on login error page. - Security: close cross site scripting vulnerability in draft, compose and mailto functionality [CVE-2006-6142]. - Security: work around an issue in Internet Explorer that would guess the mime type of a file based on contents, not Content-Type header. Version 1.4.8 - 11th August 2006 -------------------------------- ... See SquirrelMail changelogs.
Documentation generated on Sun, 22 Nov 2009 17:37:13 +0200 by phpDocumentor 1.4.3