Dev

dev@lists.roundcube.net

1 participants
4289 discussions

Encryption problem in the Password plugin
by Rimas Kudelis 03 May '11

03 May '11

Hi, There is a problem with Password plugin's password encryption in Debian Squeeze. Because of a known bug in Debian's PHP (CRYPT_SALT_LENGTH is not set*), the password is currently being encrypted with an empty salt in SQL driver (but I think this might apply to the LDAP driver too, because it too uses crypt()). The simple fix is to replace this block of code in drivers/sql.php (https://svn.roundcube.net/trunk/plugins/password/drivers/sql.php): $salt = ''; if (CRYPT_MD5) { $len = rand(3, CRYPT_SALT_LENGTH); } else if (CRYPT_STD_DES) { $len = 2; } else { return PASSWORD_CRYPT_ERROR; } for ($i = 0; $i < $len ; $i++) { $salt .= chr(rand(ord('.'), ord('z'))); } $sql = str_replace('%c', $db->quote(crypt($passwd, CRYPT_MD5 ? '$1$'.$salt.'$' : $salt)), $sql); with a single line: $sql = str_replace('%c', $db->quote(crypt($passwd)), $sql); When called without the second parameter, crypt() will automatically generate the salt itself. Which makes me wonder: why does the plugin try to generate this random salt instead of simply relying on PHP to do that? As far as I know, crypt($text, $salt) is useful when you actually want to check whether the password is correct, but there's absolutely no need to use your own random salt when setting user's password – PHP will take care. May I suggest to apply this change in SVN? I really don't see why the plugin should use 12 lines of code to achieve what can be achieved in one line. * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603012 Regards, Rimas _______________________________________________ List info: http://lists.roundcube.net/dev/ BT/aba52c80

1 0

Updated Hebrew translation
by Moish 03 May '11

03 May '11

-- Moish --- 8< --- detachments --- 8< --- The following attachments have been detached and are available for viewing. http://detached.gigo.com/rc/em/CcpR5dL3/messages.inc http://detached.gigo.com/rc/em/CcpR5dL3/labels.inc Only click these links if you trust the sender, as well as this message. --- 8< --- detachments --- 8< --- _______________________________________________ List info: http://lists.roundcube.net/dev/ BT/aba52c80

1 0

Updated dutch translation (nl_NL)
by Justin van Beusekom 03 May '11

03 May '11

Updated dutch translation (nl_NL) -- Kind regards, Justin van Beusekom --- 8< --- detachments --- 8< --- The following attachments have been detached and are available for viewing. http://detached.gigo.com/rc/Lm/8lG3I2kX/messages.inc http://detached.gigo.com/rc/Lm/8lG3I2kX/labels.inc Only click these links if you trust the sender, as well as this message. --- 8< --- detachments --- 8< --- _______________________________________________ List info: http://lists.roundcube.net/dev/ BT/aba52c80

1 0

[PATCH] add host config option to http_authentication plugin
by Johannes Weißl 03 May '11

03 May '11

Hello list, I have a patch for the http_authentication plugin. I use http authentication mainly as protection because I have set $rcmail_config['default_host'] to '' (host can be chosen arbitrarily). But with this setting the plugin is not usable! I have added a configuration option ($rcmail_config['http_authentication_host']) to make the default host configurable! What do you think? Greetings, Johannes Weißl --- 8< --- detachments --- 8< --- The following attachments have been detached and are available for viewing. http://detached.gigo.com/rc/VJ/LNPb0hUc/0001-add-host-config.patch Only click these links if you trust the sender, as well as this message. --- 8< --- detachments --- 8< --- _______________________________________________ List info: http://lists.roundcube.net/dev/ BT/aba52c80

1 0

TinyMCE contextmenu
by Victor Benincasa 03 May '11

03 May '11

Hi Devs! Currently the mail editing area captures the mouse right click and display options such as CUT, COPY, PASTE, CREATE TABLE (tinymce cut/copy/paste just works in IE). I'm planning to remove this right click context menu and move the CREATE TABLE option to the toolbar area. With this change the user would not lose any function and can use the browser's native functions which is more user-friendly, such browser spelling checker (the googiespell used in RC has few languages) and so on. By eliminating the tinyMCE plugin CONTEXTMENU we also reduce the size of the loaded code. Speaking in codes: editor.js - plugins: 'paste,emotions,media,nonbreaking,table,searchreplace,visualchars,directionality,tabfocus, contextmenu' + ... + plugins: 'paste,emotions,media,nonbreaking,table,searchreplace,visualchars,directionality,tabfocus' + ... - theme_advanced_buttons2: 'link,unlink,code,|,emotions,charmap,image,media,|,search' + ... + theme_advanced_buttons2: 'link,unlink,code,|,emotions,charmap,image,media, table,|,search' + ... Does anyone have any objection about this change? -- Victor Benincasa _______________________________________________ List info: http://lists.roundcube.net/dev/ BT/aba52c80

1 0

File move
by Victor Benincasa 02 May '11

02 May '11

Hi RC Devs, I'm planning to move the file *roundcube/program/js/*editor.js to the skin folder (*roundcube/skins/default/*editor.js) because this file contains several options that can be used as skin basis, like the location and order of buttons, the theme and skin of TinyMCE editor and so on. I'm currently developing a skin and missed some control over TinyMCE. Does anyone have any objection? -- Victor Benincasa _______________________________________________ List info: http://lists.roundcube.net/dev/ BT/aba52c80

2 3

Skin unaware plugins
by Kees de Keizer (RC) 02 May '11

02 May '11

Hi, I use (and develop) the skin Groupvice4. I've just upgraded to v0.5.2 and noticed that the buttons for the plugins Archive and MarkAsJunk have code in the plugin which is skin unaware: 'width' => 32, 'height' => 32, The cause of the problem are these width and the height values. why are they added? Can this be fixed? For now I've removed these values and the buttons show fine. -- Kees de Keizer kees(a)de-keizer.net http://www.de-keizer.net/ _______________________________________________ List info: http://lists.roundcube.net/dev/ BT/aba52c80

3 4

Slovak translation update sk_SK
by Martin Lacina 02 May '11

02 May '11

Slovak translation update --- 8< --- detachments --- 8< --- The following attachments have been detached and are available for viewing. http://detached.gigo.com/rc/H9/tQWA0TC/labels.inc http://detached.gigo.com/rc/H9/tQWA0TC/messages.inc Only click these links if you trust the sender, as well as this message. --- 8< --- detachments --- 8< --- _______________________________________________ List info: http://lists.roundcube.net/dev/ BT/aba52c80

1 0

Hello
by David Sabatié 29 Apr '11

29 Apr '11

Hello all, I am e new roundcube's user. I saw some translation mistake and corrected them. I attach the files here, let me know if it's ok. best regards -- David Sabatié *LINAGORA GSO* 4 Rue Giotto 31520 RAMONVILLE david.sabatie(a)linagora.com <mailto:david.sabatie@linagora.com> | www.linagora.com <http://www.linagora.com> --- 8< --- detachments --- 8< --- The following attachments have been detached and are available for viewing. http://detached.gigo.com/rc/d6/gQSmJNh6/managesieve_localiza.patch http://detached.gigo.com/rc/d6/gQSmJNh6/markasjunk_localizat.inc Only click these links if you trust the sender, as well as this message. --- 8< --- detachments --- 8< --- _______________________________________________ List info: http://lists.roundcube.net/dev/ BT/aba52c80

1 0

Sync Kolab Support
by Jason Ramsey 28 Apr '11

28 Apr '11

Roundcube developers, Hi, I'm Jason Ramsey, I've been working with large php applications for about 10 years now. I currently work as a consultant, and use/have clients that use Roundcube. I also use Thunderbird extensively with syncKolab to sync my contacts between multiple systems. I'm interested in adding syncKolab support to roundcube. So I figured I would introduce myself and see if anyone on the team is currently working on such a thing that I could help or collaborate with. Regards, Jason Ramsey _______________________________________________ List info: http://lists.roundcube.net/dev/ BT/aba52c80

2 1

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Dev