VERSION 1.1.2 * Fix sample rules to remove with content (bug #470) * Change license to LGPL. VERSION 1.1.1 * Fix for bug #179, where certain escaped values were getting through. * Overall better handling of entities and escaped values. VERSION 1.1 * Made htmlfilter part of Linux@DUKE mini-projects * Indentation changes back to 4-space. Easier to maintain with squirrelmail this way, plus I've grown fond of them. * phpfilter.php renamed into samplefilter.php. * Bugfix for the case where the body was ending with an invalid tag, which caused php warnings with E_ALL (reported by Ryan Grove) VERSION 1.0.9 * Code rearrangements and better handling of backslashes and arbitrary whitespace (reported by stardust) * Addition to filtering rules -- now filtering out <plaintext> (reported by stardust). VERSION 1.0.8 * Added handling for backslashes in attribute values, which allowed for thwarting the filters. (reported by stardust) * Added "source-include" handling to the example rules, which is processed by Netscape-4.x (reported by stardust) * Fixed some other rules which weren't checking for linebreaks. VERSION 1.0.7 * A tiny fix in htmlfilter.inc where I did a casenormalize on a variable before it was defined. (Reported by Marco Molinari). OLD CHANGELOG ENTRIES: * Small fix in phpfilter.php rules. Has to do with whitespaces in the style attribute. (Reported by Joerg Ludwig) * Tiny fix in htmlfilter.inc which was causing incorrect behavior for things like ">>broken<<" (reported by Martin Bialasinski). * Added lowsrc to the list of untrusted attributes (phpfilter.php). Kudos go to Jedi/SectorOne for pointing that out. * Added handling for <xml> vulnerabilities in the phpfilter.php rules. * Wow. I've entirely failed to check if the url submitted is an actual http url, exposing all files on my system to the readfile function. I'm such an idiot. :/ * Small changes to htmlfilter.inc and phpfilter.php to take care of the warnings when error reporting was set to E_ALL. Thanks to Wojtek Bok for the notice. * Change to the filtering rules in phpfilter.php. Added 'layer' and 'ilayer'. Thanks go to Matthew Murphy for spotting that. * Adding the case for explorer's stupid treatment of "java script" (yes, with white space) as "javascript" (reported by Matthew Murphy). The addition is actually to the rules in phpfilter.php, not the engine. Indentation changes since I no longer have to really care about the 4-space indents squirrelmail requires.