Note: CVE-2017-7692 is already fixed by 1.4.23pre14605nb1.
- compose_send hook now has $draft flag in hook arguments
- Fixed insufficient sendmail command argument escaping (thanks
to Mitchel Sahertian, Beyond Security/Dawid Golunski and Filippo
Cavallarin for bringing this to our attention). [CVE-2017-7692]
- Upgraded preferences for the delete_move_next plugin. Automatic
user preference updates are included, but note that if your
installation is new, or all user prefs have been converted from
"on"/"off" to 0/1 then you can add the following to SquirrelMail's
config/config_local.php to avoid convertign legacy values over and over:
$do_not_convert_delete_move_next_legacy_preferences = TRUE;
- Added ability to control the display of the "Check Spelling"
button provided by the squirrelspell plugin, which allows
administrators to offer this plugin but keep it out of the way
for users who do not want it. Put sqspell_show_button=0 in
default preferences if it should be hidden by default
ab1942d85e