Fixed session fixation issues where someone who can modify a user’s cookies could gain control of their login session.Fixed unsanitized shell command in example IMAP username mapping function (map_yp_alias) (Thanks to Niels Teusink).Fixed the lack of sanitizing of contrib/decrypt_headers.php input also includes general cleanup of that page (Thanks to Niels Teusink).Fixed improper sanitizing of PHP_SELF and the lack of sanitizing of QUERY_STRING server environment variables (Thanks to Niels Teusink and Christian Balzer).Remove ability for HTML emails to use CSS positioning to overlay SquirrelMail content (Thanks to Luc Beurton).Added Khmer translation (Thanks to Khoem Sokhem).Outgoing attachments that have lines longer than allowed per RFC are now encoded so they are not corrupted by artificial line folds.Default Content-Transfer-Encoding is now RFC-compliant “7bit” instead of “us-ascii”.Date headers in outgoing messages have been brought into RFC 822 compliance (removed time zone name).htaccess files in all directories to which browsers don’t need direct access. Moved documentation to doc/ directory and added example.Added Bengali (Bangladesh) translation (Thanks to Jamil Ahmed).Added Tamil translation (Thanks to Kengatharaiyer Sarveswaran). ![]()
0 Comments
Leave a Reply. |