amorfo77/sogo
1
0
Fork 0
mirror of https://github.com/inverse-inc/sogo.git synced 2026-02-24 10:56:22 +00:00
Code Issues Projects Releases Wiki Activity
16,647 Commits 45 Branches 141 Tags
650ca16ff78ecbd0dbf23bdf381461d75dda864e
Commit Graph

123 Commits

Author SHA1 Message Date
smizrahi
6971ebd2d1 fix(security): Security fix for WSTG-INPV-02. Fix assertion on NSRange 2022-11-29 17:34:34 +01:00
smizrahi
b1f84891b0 fix(security): Security fix for WSTG-INPV-02. Add unit test. 2022-11-23 09:34:54 +01:00
smizrahi
f5c6fcc350 fix(security): Security fix for WSTG-INPV-02. Fix build issue in ubuntu trusty 2022-11-22 17:37:15 +01:00
smizrahi
1e0f5f0089 fix(security): Security fix for WSTG-INPV-02. Add XSS protection on folders and mail title / content 2022-11-22 10:09:41 +01:00
smizrahi
dcbfd830d4 fix(security): Security fix for WSTG-INPV-02. Add XSS protection on folders and mail title / content. Fix build issue in ubuntu trusty. 2022-11-18 09:16:40 +01:00
smizrahi
714acfc838 fix(security): Security fix for WSTG-INPV-02. Add XSS protection on folders and mail title / content 2022-11-14 14:36:46 +01:00
Nicolas Höft
3b3e0195b1 (fix) NSString+Utilities: Fix safeStringByEscapingXMLString on gnustep-base-1.28 
Newer gnustep version would add a byte-order-mark on
NSString:dataUsingEncoding:NSUTF32StringEncoding, use NSUTF32LittleEndianStringEncoding
instead to skip the BOM.

Fixes #5416
 2022-08-15 17:06:00 +02:00
Francis Lachapelle
a5d18bfced fix(core): improve escaping of double-quotes 
Fixes #5351
 2022-03-29 10:39:09 -04:00
Francis Lachapelle
7c81e3acec fix(core): only escape "%" with the SQL LIKE operator 2022-01-31 14:53:58 -05:00
Francis Lachapelle
969d68dbb6 fix(core): remove trailing closing angle bracket from detected URLs 
Fixes #5465
 2022-01-21 11:07:00 -05:00
Francis Lachapelle
b967eac1f3 fix(core): remove trailing closing angle bracket from detected URLs 
Fixes #5465
 2022-01-17 16:43:11 -05:00
Francis Lachapelle
90752c4382 fix(core): remove CR, diacritical marks, variation selectors 2021-08-11 16:33:18 -04:00
Francis Lachapelle
7da4bc465f fix(core): remove overstruck diacritics from sanitized strings 2020-12-15 14:47:51 -05:00
Nicolas Höft
fc863bf63f fix: Fix for failing test in NSString+Utilities 
The test in TestNSString+Utilities would otherwise fail:

======================================================================
FAIL: test_countOccurrencesOfString (TestNSString+Utilities.m:46)
----------------------------------------------------------------------
assertion failure

Simply leave the loop early if the substring length is zero to
avoid this issue
 2020-06-03 08:17:08 +02:00
Francis Lachapelle
0e918a446a Add rel="noopener" to external links 
Fixes #4764
 2019-06-10 13:20:44 -04:00
Francis Lachapelle
fcdc4c92c0 Improve URLs/emails detection in text mail parts 2019-03-21 11:01:17 -04:00
Francis Lachapelle
15de264967 Web-based management of email certificate (cont'd) 2018-01-12 14:47:31 -05:00
Ludovic Marcotte
8f2bcb6055 (fix) cosmetics 2017-12-23 05:03:18 -05:00
Francis Lachapelle
d526efa501 Remove null characters from JSON responses 2017-12-07 16:07:25 -05:00
Ludovic Marcotte
340ddf0ae6 (fix) make sure we safely escape all chars 2016-12-09 10:45:44 -05:00
Ludovic Marcotte
2a2ebd553e (test) handle sanitization before passing data to libxml 2016-12-06 14:05:27 -05:00
Ludovic Marcotte
4ec0615bcd (fix) encore CR for EAS (fixes #3626) 2016-04-14 15:21:49 -04:00
Ludovic Marcotte
5d26175d56 (fix) don't escape \r 2016-04-07 09:27:57 -04:00
Ludovic Marcotte
35d1cab856 (fix) properly XML escape wide characters (fixes #3616) 2016-04-06 11:19:18 -04:00
Patrice Levesque
7c25b53fdf Remove pointless #imports from .m and .h files 
This was done with a brute-force approach, ensuring no additional
warnings from GCC 4.9 under x86_64.
 2016-02-13 16:11:52 -05:00
Ludovic Marcotte
3c0059192d (fix) rewrote the string sanitization to be 32-bit Unicode safe 2016-01-22 20:31:55 -05:00
Ludovic Marcotte
b3bc6bb7dc Applied changes coming from v2/PR#184. 2016-01-18 09:26:07 -05:00
Euan Thoms
3c62cc744e Stage 1 of clang compiler warning patches. 2015-10-31 14:10:03 +08:00
Juan Vallés
0982d50643 Improve first character check in CSS identifiers 
A CSS identifier can't start with a digit, so when a folder name does,
a '_' character is appended at the beginning of its CSS identifier.

The check for this first character used the `isdigit()` function, which
takes a `char` argument, while `[self objectAtIndex: 0]` returns a
`unichar`, i.e. a 16-bit unsigned integer. This caused some non-digit
characters to pass this check (e.g. Chinese characters), ending up with
an underscore at the beginning of the folder name.
 2015-09-14 12:55:32 -04:00
Francis Lachapelle
a70ea38572 New method [NSString+Utilities asSafeJSString] 2015-06-11 11:44:17 -04:00
Ludovic Marcotte
d9896192f3 Revert "Revert "Improve creation of CSS identifier"" 
This reverts commit 7d018221ef.
 2015-06-10 20:05:40 -04:00
Ludovic Marcotte
7d018221ef Revert "Improve creation of CSS identifier" 
This reverts commit e40a19cf89.
 2015-06-10 16:31:15 -04:00
Francis Lachapelle
e40a19cf89 Improve creation of CSS identifier 
Now escaping (), [], {}, ", and ;
 2015-06-10 14:02:44 -04:00
Jesús García Sáez
c4b0ac209b NSString:objectFromJSONString now can parse single values 
Like null => [NSNull null]
 2014-11-19 17:12:32 +01:00
Ludovic Marcotte
95b122c912 Simplified even more -safeString 2014-09-29 15:04:40 -04:00
Ludovic Marcotte
aa0499dbac Fixed sanitization char skipping and #2936 2014-09-29 14:28:13 -04:00
Ludovic Marcotte
3675220756 Refactored code to be more rigorous Unicode-wise. 2014-09-24 14:14:25 -04:00
Ludovic Marcotte
8ba031d6ec Consider 0x0C as "unsafe" 2014-09-15 19:54:07 -04:00
Ludovic Marcotte
c31429a5d5 Also include the BS character in non-safe ones. 2014-05-27 08:45:00 -04:00
Francis Lachapelle
6cecca6c4f Fix CSS id for string prefixed with a digit 
When encoding a string as a CSS identifier, we must add an underscore if
the strings starts with a digit.
 2014-03-06 21:32:36 -05:00
Ludovic Marcotte
31969d162d Properly escape some control chars (and generalized it) 2014-02-04 15:03:02 -05:00
Ludovic Marcotte
1c439c866e Added DAV support for mails labels. 2013-11-13 15:44:57 -05:00
Ludovic Marcotte
05990e9a14 Fix for bug 2007 2013-09-30 10:50:27 -04:00
Francis Lachapelle
8e5a26dfb1 Remove unicode separators from JSON 
Fixes #2309
 2013-06-05 15:55:52 -04:00
Ludovic Marcotte
49a2299414 Avoid going out of bounds for special URL chars ending mail contents. 2013-02-05 16:11:37 -05:00
Francis Lachapelle
0408415c61 Remove control characters before returning JSON 2013-01-30 15:47:20 -05:00
Wolfgang Sourdeau
21ee23e7df avoid comparisons that extend past the string length 2012-10-30 16:59:22 -04:00
Wolfgang Sourdeau
5557c01b99 Monotone-Parent: 61e6d0133bf0d45c09767727617ba746f65a28b9 
Monotone-Revision: 54ac2dbf42dee286f64da8b9b3c4567570b00258

Monotone-Author: wsourdeau@inverse.ca
Monotone-Date: 2012-08-13T15:29:44
Monotone-Branch: ca.inverse.sogo
 2012-08-13 15:29:44 +00:00
Francis Lachapelle
2c9a61f0c5 See ChangeLog 
Monotone-Parent: 6a6bbe9da76e6e30fd9ce63cf4a8c7677f5f61a0
Monotone-Revision: f542ae0ee839e825fc2f1dae6c5d916237edb3e4

Monotone-Author: flachapelle@inverse.ca
Monotone-Date: 2012-06-01T14:29:30
 2012-06-01 14:29:30 +00:00
Ludovic Marcotte
08230b33bb See ChangeLog 
Monotone-Parent: 747fe8c2134a990c1cdf3b494c2b7776021cb736
Monotone-Revision: 3c4baa92c5634d4da061da739a9b544d04c44586

Monotone-Author: ludovic@Sophos.ca
Monotone-Date: 2012-05-31T13:24:32
 2012-05-31 13:24:32 +00:00