Community  »  Applications  »  Horde

Changes by Release


[jan] Check for both the memcache and memcached extensions in test script (Bug


[jan] Fix returning to last URL after using the login link.
[jan] Officially support PHP 7.


[jan] SECURITY: Fix open redirects.


[jan] Show alarm ID with error output from horde-alarms.


[mjr] Fix errors in horde-memcache-stats script (Bug #14588).
[mjr] Remove configuration for defunct Yahoo, CloudMade, and MyTopo mapping


[jan] Disallow setting of creator permissions too if sharing with world is


[jan] SECURITY: Add CSRF protection tokens to portal layout forms (Reported by
      ssys GmbH).
[jan] Fix double loading of hooks.php.


[jan] Update Portuguese translation.
[jan] Update Basque translation.


[mjr] Remove broken Facebook posting functionality from the Facebook block.
[jan] Update Greek translation (Limperis Antonis <>).
[jan] Check if temporary directory is writable
      (, Request #14237).


[jan] SECURITY: Fix XSS vulnerability in menu bar exposed by few applications
      (Bug #14213).
[jan] Add more detailed user DN settings to Kolab group configuration (Request
[jan] Fix returning to last page after problem reporting from AJAX pages (Bug
[jan] Fix custom database configuration for groups (Bug #11664).
[jan] Use access rules compatible with both Apache 2.2 and 2.4.
[mjr] Fix reporting results for non-select queries in administrative sql shell
      (Bug #14216).


[mjr] SECURITY: Protect against CSRF attacks on various admin pages.
[jan] Don't apply access keys to checkbox and radiobox rows in the sidebar
      (Bug #14103).
[jan] Send correct MIME type for non-statically cached javascript files.
[mjr] Added configuration support for version 2 of WorldWeatherOnline's API.


[mjr] Don't create a session for Webdav requests (Bug #14040).
[jan] Mark PHP 5.6 as officially supported.
[mjr] Fix some issues with the permission interface when a value of 0 is a
      valid permission value (Bug #14025).


[jan] Use Horde_Ldap in example preference hooks.
[jan] Convert REDIRECT_HTTP_AUTHORIZATION to HTTP authentication headers too.
[jan] Display MOTD on mobile login screen.


[jan] SECURITY: Fix XSS vulnerability in group administration.
[mjr] Fix display of Facebook block by removing no longer allowed notification


[mms] Make dynamic context menus scrollable if taller than the browser screen
      height (Bug #13833).
[jan] Fix horde-import-squirrelmail-prefs script (Bug #13780).
[jan] Don't instantiate notification system for RPC requests.


[mjr] Fix performing actions from ActiveSync user preference page (Bug #13657).
[jan] Add missing 'secure' configuration for SMTP.


[mjr] Honor date_format_mini in Moon block (Bug #13628).
[jan] Fix spacing in top menu (Bug #13617).
[jan] Don't show password reset preferences if disabled in configuration (Bug
[mjr] Remove non-existent Yahoo Maps option for map tile provider.
[mms] Fix display of Horde stylesheets not served from the local server (i.e.
      via a CDN).
[jan] Hide weather portal block if weather configuration is disabled (Bug
[jan] Add show_encryption setting to HTTP authentication configuration
      (, Bug #13444).


[mjr] Fix cancelling remote wipe of EAS client from user prefs.
[mms] Fix fatal error in signup confirmation script.
[mjr] Fix removing ActiveSync device state from administrative interface when
      multiple user accounts exist on the same device (Bug #13336).


[mms] Add configuration to allow for SMTP authentication if the current Horde
      access does not have an authenticated user.


[mjr] Fix removing EAS device pairings via the removeUserData API (Bug #13278).


[jan] Add configuration for searching user DNs in LDAP groups (Bug #12128).
[jan] Don't try to write to read-only group backends when removing user data
      (, Bug #13248).


[mms] Cleaner indication on login page that an authenticated user is logging
      into specific application rather than Horde in general.


[mjr] Fix blocking an ActiveSync client through the admin interface.
[mjr] Add an ActivSync device's currently used heartbeat interval to the device
      information display.
[mms] Fix regression in displaying MOTD content on login screen.
[mms] Support LMTP servers when sending mail.


[mms] Add more advanced configuration options for the Redis HashTable driver
      (Michael Cramer <>).
[jan] Add script to import user preferences from Open-Xchange.
[mms] The location of dynamically served static files is now configurable
      (Request #13070).
[jan] Update Korean translation (Deokgon Kim <>.
[mms] Add a NoSQL driver for history storage.
[mms] The history driver can now be configured via conf.php.
[jan] Add mysql encryption option for SQL backends (Request #12962).
[rla] Add joomla-md5 encryption option for SQL backends (Request #12889).
[mms] By default, enforce maximum storage size on preferences values.
[mms] Support UglifyJS for compressing javascript.
[mjr] Add improved ActiveSync device administration page.
[mms] Display indication that Caps Lock key is on when entering password on
      login page (Request #7178).
[mjr] Add support for configuring a NoSQL driver for ActiveSync state storage.
[mms] Added 'filemtime' configuration option for CSS caching.
[mjr] Add support for X509 authentication support.
[mjr] Improve logging options for ActiveSync logging configuration.
[mjr] Add support for managing ActiveSync devices through the API.
[mjr] Add prefs for selecting From address when sending email via ActiveSync.


[jan] Detect REPORT queries as DAV requests in RPC server (Bug #13124).
[jan] Fix fatal error in LDAP account portal block (Bug #12910).
[jan] Update Korean translation (Deokgon Kim <>).


[jan] Update Danish translation (Erling Preben Hansen <>).
[mms] Fix regression where AJAX actions were not correctly checking permissions
      and potential authentication expiration actions.


[jan] SECURITY: Protect against CSRF attacks on share permissions form (Bug
      #12804, CVE-2013-6365).
[jan] SECURITY: Fix XSS vulnerabilities in top and left menu (Bug #12803,
[jan] Don't show admin alarm form if alarms are disabled.
[mms] Add horde-remove-user-data command-line script.
[mms] Add additional syntax checking for the configuration files in the test
[mms] Only update topbar if the underlying tree data has changed.

[mjr] Fix detecting ActiveSync policies for EAS version 12.0.
[jan] Fix fatal error on ActiveSync preferences page (Bug #12631).


[mjr] Fix issue displaying ActiveSync pref page when it contains a wiped
      device entry.
[mms] Allow non-authenticated AJAX actions to be defined.
[mms] Improved session administration UI (Request #12515).
[jan] Make "Others" and cogwheel menu entry available on iOS (Bug #11937).


[jan] Set Basic Authentication HTTP headers if running PHP as CGI.
[jan] Return to original URL after logging in.
[jan] Fix login icon.
[jan] Enable Turkish translation on PHP 5.5.
[rla] Add a cli script for running queue tasks.
[jan] Create parent permissions too if automatically creating permissions (Bug


[mjr] Update Twitter block layout to honor Twitter's API version 1.1 display
      requirements, and add support for updating favorites.


[mms] Add 'ajaxaction_handle' hook and deprecate 'ajaxaction' hook.
[mms] Add configuration option to configure the e-mail address reset password
      confirmation messages should be sent from.
[mms] Treat an AJAX session token failure as a session timeout.


[jan] Fix broken configuration definition.


[mms] Add configuration of the Horde_HashTable package.
[jan] Fix incorrect dependencies.


[mms] Add ability to update/create NoSQL indices from the admin config page.
[mjr] Add activesync device hooks.
[mms] Add a global default NoSQL driver configuration.
[mms] Allow MongoDB to be used as a cache backend.
[jan] Check all installed PEAR packages when checking for updates.
[mms] Add 'ajaxaction_data' hook.


[mms] SECURITY: Fix XSS vulnerability on smartmobile portal page (João Machado
[jan] Fix changing expired passwords.
[jan] Fix form to reset passwords.
[mjr] Fix displaying activesync devices when a username hook is being used
      (Bug #12186).
[jan] Hide navigation elements from print layout (Bug #12163).
[cjh] Add support for New Relic real-user monitoring (RUM) if New Relic is
[mms] Login screen now hides the mode input if javascript is not available, as
      minimal view is the only supported mode (Request #12093).
[jan] Fix searching from topbar if search URL contains parameters.


[jan] Update French translation (Paul De Vlieger


[jan] Fix setting menu refresh rate to none (Bug #11867).
[jan] Update Basque translation (Ibon Igartua <>).
[jan] Fix JavaScript errors after updating the top menu.


[jan] Fix adding user in admin actions (Bug #11690).
[mms] Fix removing user in admin actions (Bug #11690).
[jan] Allow to set custom search field label.


[jan] Fix form for editing and removing of users.
[mjr] Workaround for broken iOS ActiveSync AUTODISCOVER requests (Bug #11624).
[jan] Update Slovak translation (Jozef Sudolský <>).
[mms] Fix topbar javascript on IE8 (Bug #11614).
[jan] Fix LDAP example for authusername hook.


[jan] Update Polish translation (Krzysztof Kozera <>).
[jan] Update Dutch translation (Arjen de Korte <>).


[jan] Port VAT identification block to use SOAP extension.
[jan] Fix dynamic updating of portal blocks.
[mms] Allow view-specific help files to inherit from base application help
[mms] Allow application basic/dynamic views to have different help source


[mms] Show non-javascript enhanced login screen for non-smartmobile mobile
      browsers (Bug #11215).
[mms] Add version parameter to CSS/javascript file URLs to help with cache
      busting when these files change between releases.
[mms] Add configuration option for maximum allowed session times.


[jan] Fix cancelling problem report.
[jan] Fix audio notification path printed in page output.


[jan] Fix logging in without JavaScript (Bug #11328).
[mms] Fix sidebar element wrapping.
[mms] Better handling of backend authentication errors when returning AJAX data
      (Bug #11297).
[mjr] Fix autocompletion of tags in ajax views.


[jan] Fix dependency on Horde_Service_Weather.


[mjr] Request SSL connection from map providers if using SSL (Bug #11193).
[jan] Remove optional dependency on Horde_DataTree.


[jan] Remove DataTree support.
[jan] Allow to configure encryption in global IMAP configuration (Request
[jan] Update icon set.
[rla] Retrieve more detailed message from Horde_Auth when a user is temporarily
      or permanently locked out (Request #11254).


[jan] Implement new user interface.
[mms] Add 'suppress' option to prefs.php group entries.
[mms] Add 'on_change', 'on_init', 'requires', 'requires_nolock', and
      'suppress' options to prefs.php preference entries.
[mms] Remove support for IE 6.
[mms] Token protect all AJAX actions.
[jan] Allow to use IMAP storage for shares and groupware data without a
      complete Kolab server.
[mms] Implement growler-like notifications for smartmobile view.
[mms] Modified pushapp hook behavior.
[mms] Removed pushapp_post hook.
[mms] AJAX core features now contained within Horde_Core.
[mms] E-mail sending charset now defaults to UTF-8.
[mms] Add post-install script for the Horde application
[mms] Portal blocks can now load just the CSS necessary to display an
      application's blocks.
[jan] Show notifications during logging into Smartphone mode.


[jan] Fix adding attachments to problem tickets (Bug #10654).
[jan] Update Turkish translation (İstanbul Technical University).
[jan] Fix setting permissions on static/ directory with horde-set-perms (Bug


[jan] Update Swedish translation (Jakob Alvermark
[jan] Update Italian translation (Emilien <>).
[jan] Update Lybian flag (Request #11169).
[jan] Update Slovak translation (Marika Schvarczova
[jan] Update Czech translation (Michal Foist <>).
[jan] Update Hungarian translation (Zoltán Németh <>).
[jan] Fix horde-set-perms script (Arjen de Korte, Bug #11048).


[mjr] Add more atomic control over ActiveSync security policies for better
      device compatibility.
[mms] Add 'sendmail_eol' configuration parameter.
[jan] Fix horde-set-perms (, Bug #10923).
[jan] Sort user and group names in permission screen (Request #10896).


[jan] Make the lifetime of cached weather information configurable (Arjen de
      Korte, Request #10848).
[jan] Update Dutch translation (Arjen de Korte <>).
[mjr] Improve layout of weather block.
[jan] Update Japanese translation (Hiromi Kimura <>).


[mjr] Replace Weatherdotcom portal block with generic Weather block supported
      by Horde_Service_Weather.
[jan] Add configuration option to disable password resets (Request #10640).


[cjh] Add Hordevetica theme.
[mjr] Fix issue with ajax uploader and file sizes over 1mb (Bug #10641).
[mjr] Do not show results in the tag cloud block owned by other users.


[mjr] Update javascript map library.
[mms] Allow in-page base64 image encoding to be disabled via configuration.
[jan] Add administration page to list and clear locks.


[rla] Add account locking similar to the former kolab-specific option.
[jan] Add missing configuration for LDAP groups write support.
[rla] Show a warning when resetting password and no security question is set
      (Request #10430).
[mjr] Update jQuery Mobile to version 1.0 Beta 2.
[jan] Update hordeweb theme to match new website layout.


[mjr] Add remove button to image fields (Request #9870).
[mjr] Fix sending unnecessary FOLDERSYNC changes.
[mjr] Fix issue with FOLDERSYNC requests that was causing Android clients to
      PING and SYNC the same collection an unlimited number of times.
[mjr] Use FQL to obtain event list and add rsvp_status.
[cjh] Add mobile maintenance screens.
[jan] Fix exporting multiline attributes to vCard 2.1 and vCalendar 1.0.
[cjh] New log filter for exact level matching (Bryan Alves
[jan] Don't set optional integer fields to 0 when automatically updating
[mjr] ActiveSync policykey is now per user, not per device.
[mjr] Fix recurring event exception handling for ActiveSync.
[mjr] Use AS in column aliases to make PostgreSQL happy (Bug #10346).
[jan] Don't show mobile login page if users are forced to traditional or
      dynamic views (Request #10358).
[mjr] Improve calendar PING for iOS devices.
[mjr] Prevent an ActiveSync sync loop in some fringe cases.
[jan] Update PGP key server list and add SKS pool.


[mjr] Fix returning shares in the proper order when fetching multiple shares
      by id.
[jan] Don't use CSS cache in mobile interfaces because it breaks jQuery Mobile
[mjr] Fix race conditions caused by broken clients sending an inappropriate
      PING request.
[jan] Fix duplication of objects during synchronization (, Bug
[jan] Don't allow to click disabled login button (Bug #10267).
[jan] Allow configuration of split read databases for PostgreSQL (Request
[mjr] Honor initial_application setting for mobile view (Bug #10264).
[mjr] Fix issue with initial Android ActiveSync pairing.
[gwr] Support restricting the HTML tidy post processing by the message size
      (Request #10266).
[gwr] Disabled the timeout on the logout token.
[mjr] Fix integer overflow issue in Facebook code (Bug #9889).
[mms] Fix adding users with Cyrsql driver (, Bug #10239).


[jan] Fix extracting of translation strings in a release.
[rla] Add user-specific admin permissions (Request #9350).
[jan] Don't strip domain from user name in account block.
[jan] Fix account block with empty configuration parameters.


[jan] Remove debug code.


[gwr] Added a script for exporting/importing preferences from/to a backend.
[mms] Fix regression with UTF7-IMAP encoding of non-ascii folder names (Bug
[mms] Allow numbers to be zero in certain preferences (Bug #10120).
[mms] Fix running Horde login tasks (Bug #9767).
[mms] Fix authenticating as several users in the same request (Bug #10027).
[mms] Fix colorpicker on categories preferences screen (Bug #10118).
[jan] Update Spanish translation.
[jan] Update Slovak translation.
[mjr] Fix Metar portal block.
[gwr] Add support for the Kolab IMAP based preferences backend.
[mms] Complete fix for issue causing slow syncs only (Bug #10008).


[mjr] Fix usage of countOwners() and listOwners() in the Sqlng driver.
[mms] Fix return link after reporting problem (Bug #10069).
[jan] Add button to update all configurations with default values at once.
[jan] Update DataTree conversion scripts for Horde 4.
[jan] Fix rendering of DataTree browse tree.
[mjr] Fix issue with deleting identities (Bug #9997).
[mjr] Fix issue causing credentials to be lost when accessing the API during
      ActiveSync requests (Bug #9733).
[jan] Store preferences for guests in the session.


[jan] SECURITY: Fix permission checks of guest users on system shares.
[mms] SECURITY: Fix deletion of unwanted HTML nodes in XSS filter.
[mms] Fix authentication failure when TOS is not accepted.
[jan] Don't show IMP compose link if user doesn't have permissions to IMP (Bug
[mms] Fix issue causing slow syncs only in SyncML (Bug #10008).
[jan] Fix adding categories.
[jan] Fix listing users in Customsql driver (Bug #9963).
[jan] Fix calculation of last password change in LDAP account portal block (Bug
[jan] Don't check for outdated DB schemas if database support is disabled (Bug
[mjr] Fix editing settings of fixed portal blocks (Bug #9910).


[mjr] Fix the blockTitle and blockContent API methods.
[jan] Fix creating folders with SQL VFS driver (Bug #9894).
[jan] Fix LDAP parameters of account portal block (Klaus Steinberger, Bug
[jan] Fix migration detection on Windows.
[mjr] Correctly sanitize DSN when using custom cyrus auth driver (Bug #9879).
[mjr] Fix some display issues when geocoding with HordeMap (Bug #9883).
[mms] Don't load sidebar content if not expanded.
[jan] Fix deleting groups.

[jan] Fix adding new groups (Bug #9881).
[jan] Fix displaying the Facebook preference group.
[mms] Add appinitialized hook.
[cjh] Fix cyrsql configuration, rename cyrus host and port parameters to not
      clash with Horde_Db parameters (Bug #9864).
[cjh] Fix signups, and update style on signup and reset password pages to
      match the login page (Bug #9856, partially from Ian Roth
[cjh] Show an unknown app icon rather than a broken image if an application
      doesn't have an icon (Bug #9867).
[jan] Fix setting incorrect database charset in PDO drivers.


[mms] Add pushapp_post hook.
[jan] Fix application-specific permission checks (Bug #9786).
[jan] Fix resetting passwords (Vilius Sumskas <>, Bug #9800).
[jan] Fix Cyrsql authentication driver (Vilius Sumskas <>, Bug
[mjr] Fix ActiveSync provisioning.
[mjr] Fix for broken Nokia MfE clients (Bug #9757).
[jan] Delete object mappings too when deleting SyncML anchors (Request #9377).
[jan] Delay sidebar creation if the sidebar is generated through JavaScript.


[jan] Fix incorrect lowercasing of objectClasses in LDAP groups driver.
[jan] Fix fatal error in desktop notifications (Bug #9727).
[jan] Rename all scripts in bin/ to be prefixed with horde- and installed in
      PEAR's bin_dir (Request #9647).
[jan] Don't throw exception when setting port number while using localhost in
      MySQL configuration (Bug #9738).
[jan] Fix building LDAP filter for groups from configuration (Bug #9739).
[jan] Fix loading of Horde's vhost conf.php file (Bug #9704).
[jan] Fix OpenOffice MIME viewer.
[jan] Fire access keys on hidden elements in Internet Explorer (Bug #8057).
[jan] Don't fire access keys twice in Chrome browsers.
[jan] Fix JavaScript date calculations across DST boundaries.
[jan] Sort applications in preference menu by name.
[jan] Add translations for file upload error messages.
[mms] Fix identities pref UI when default_identity is locked (Bug #9701).
[mms] Added Horde::debug().


[jan] Update installation and upgrade instructions.
[jan] Fix converting identities with non-ascii characters to new format.
[jan] Fix passing arguments to sendmail binary (Gonçalo Queirós, Bug #9693).
[mjr] Service_Facebook refactored for OAuth2 authentication (Bug #9122).
[mjr] IMSP drivers refactored for Horde 4.
[gwr] Allow disabling applications for administrators.
[jan] Don't show sub-permissions for adding that exist already.
[jan] Fix listing more than one sub-permission (Bug #9671).
[jan] Fix calendar synchronization with certain Nokia phones (Bug #9646).


[jan] Catch fatal errors about missing tables during initial configuration.
[mms] Fix client-side IMAP sorting using envelope data.
[mms] Workaround PHP < 5.2.6 (broken stream handling) (Bug #9644).
[mjr] Fix updating schema for individual libraries.
[mjr] Improved control over which application view to load.
[jan] Find translateable strings in configuration files.
[mms] Fix clearing expanded state for javascript trees (Bug #9659).
[jan] Only show advanced preferences link if there are some.
[mms] Fix updates for refreshing Blocks (Bug #9655).
[mjr] Fix viewing applications with no mobile view from mobile devices.
[jan] Fix error when not using a Group backend. (Bug #9642).


[jan] Provide default configuration files instead of .dist versions.
[jan] Add a new Share SQL driver with better performance.
[cjh] Drop Log SQL driver.
[mms] Update prototypejs to v1.7.
[mms] Add theme caching.
[mms] Add hook to allow browser capabilities to be modified.
[jan] Add a configuration switch for automatic creation of default shares.
[cjh] Move from Net_DNS to Net_DNS2.
[jan] Translations for the framework packages are now bundled with those
[bak] Remove LDAP driver from Horde_SessionHandler
[jan] Require mandatory UTF-8 support for both servers and clients.
[jan] Renamed Setup to Configuration and Options to Preferences.
[mms] Moved sidebar code out of block/portal code (Request #9160).
[cjh] Remove fckeditor, standardizing on ckeditor.
[jan] Move all translations from po/ to locale/ and use short locale
      identifiers where possible.
[jan] Remove frameset.
[jan] Remove dhtmlHistory library.
[mms] Removed support for krb5 authentication driver.
[jan] Allow to specify the URL parameter name for the alternate login setting.
[mms] Remove reliance on PEAR Mail library.
[jan] Send alarm emails again if the alarm has changed (Bug #8717).
[mms] Add advanced preferences options screen.
[mms] Complete rewrite of preferences UI display.
[mjr] Horde_Image can now act as an Iterator for multi-page images.
[mms] Remove Horde_Cipher library.
[mms] Add 'cssfiles' hook to add custom CSS files to a page.
[jan] Add configuration to not automatically show all available shares.
[jan] Add configuration to disallow world permissions for user shares.
[jan] Store alarm dates in UTC (Bug #8381).
[mms] Add abstracted AJAX interface (Request #4561).
[mms] Update scriptaculous to v1.8.3.
[mjr] Add Horde_Image_Exif (ported from Ansel) and add a exiftool driver.
[mjr] Horde_Image now has a native Imagick driver (removed proxy code).
[mms] All Horde login/authentication handled by single login page.
[mms] Move imple processing to a Horde service.
[mms] Refactor Maintenance:: -> Horde_LoginTasks::.
[mms] In Postgres, horde_prefs table now stores data in BYTEA instead of
      TEXT (Bug #8130).
[mms] Improved caching of Registry data significantly reduces session sizes
      and total session storage requirements (Request #8024).
[mms] IMAP auth driver now uses Horde_Imap_Client library.
[mms] Use Gnumeric package to render MS Excel files.
[mms] Use AbiWord package to render MS Word files.
[cjh] Remove sapdb session handler backend.
[jan] Add share locking (Alfonso Marín Marín <>).
[cjh] Remove javascript popup alarms.
[cjh] Update the Auth_passwd driver's add/update/remove user
      implementations (Bug #7810).
[cjh] Add a Horde_Routes dispatcher for Rampage applications.
[mjr] Fix a possible infinite loop with certain recurring events in Horde_Date.
[jan] Use DateTime internally in Horde_Date.


[jan] Convert charset of group names in SQL driver (Bug #9611).
[jan] Fix deleting of SyncML anchors if PHP short_open_tag is off (Bug #9349).
[jan] Add an experimental new Share SQL driver with better performance.
[jan] Fix integer overflow in ASN.1 parser for S/MIME messages.
[jan] Fix splitread database usage in VFS (Bug #9467).
[jan] Fix invalidating permission cache in SQL driver (Bug #9392).


[mms] SECURITY: Fix XSS when viewing details of a vCard.
[jan] Fix exporting recurrence exceptions to vCalendar 1.0.
[jan] Skip event status synchronization with Outlook, which is broken.
[jan] Don't send SIF data to recent Funambol clients, unless requested.
[jan] Log all queries and errors by the history library.


[jan] Fix searching DataTree elements (groups) if backend charset is different
      from interface charset (Bug #9323).
[mms] Fix accessing IMAP ACLs that contain non-alphanumeric characters
      (Bug #9299).
[jan] Avoid fatal errors when using DateTime with not properly configured
      PHP 5.3+ (Bug #9312).
[jan] Fix importing recurrence exceptions from vCalendar 1.0.
[mms] Fix preferences management regression (Bug #9289).
[jan] Fix conversion of all-day events and certain yearly recurring events for
      Funambol clients.
[mms] Fix memcache cache regression (Bug #9279).
[jan] Fix SyncML page sometimes deleting more anchors than selected.


[jan] SECURITY: Add token protection to preference forms.
[mms] SECURITY: Fix XSS in util/icon_browser.php.
[mms] Fix generating RFC 2231 parameters with charset information (Bug #9212).
[mms] On invalid token during logout, redirect to initial page (Bug #7669).
[mjr] Don't allow fixed blocks to be changed to another type (Bug #9141).
[jan] Show future alarms in the alarm management screen too.
[mjr] Fix bug in Horde_Cache that would prevent cache entries from being
      expired in certain cases, and prevent cache key collisions.


[jan] Fix framework include path.


[mjr] Fix issue in Horde_Image that would cause generated images to lose
      transparency in certain situations.
[jan] Allow to update existing identities while requiring email confirmation
      (Sebastian Rettenberger, Bug #8877).
[jan] Fix casting errors when using SQL shares and groups on PostgreSQL
      (Bug #8899).
[gwr] Allow conf.d style directory configuration overriding (Request #8172).
[jan] Fix sending alarms to multiple users (Bug #8821).
[mms] Fix display of S/MIME certificate data (Bug #8826).
[mjr] Fix bug in Horde_Image that caused polaroid effect to fail on really old
      ImageMagick versions (earlier then 6.3.2).
[jan] Work around Funambol clients requiring a "configuration" database
      (Bug #8621).
[jan] Add support for synchronizing only those fields that are supported by
      the client.
[jan] Workaround broken PHP number formatting with some locales (Bug #8780).


[mms] SECURITY: Workaround XSS vulnerability in Firefox for data URLs
      (Bug #8715).
[jan] SECURITY: Fix XSS in administrator section.
[jan] Fix alarm system with Oracle backends.
[mjr] Fix using the removeUserDataFromAllApplications method (Valentin Vidic
      <>, Bug #8754).
[mjr] Fix checking existing signup requests in the Auth_Signup_datatree driver.
[jan] Fix syntax of MSSQL scripts (Bug #8664).
[jan] Export task alarms to Funambol clients (Request #8426).
[jan] Fix not catching Alt key combinations for access keys on Mac OS.
[jan] Fix Oracle SQL scripts.
[jan] Close popup window after saving categories.
[jan] Check quota when copying files with VFS (Valentin Vidic
      <>, Bug #8643).
[jan] Add Croatian translation (Matej Vela <>).
[jan] Fix detecting SyncML message sizes.
[jan] Fix mapping of elements during synchronization (Bug #8386).
[mms] Fix potential session writing issues using PHP 5.0.5+.
[jan] Fix error in PHP 5 SOAP server implementation.
[mms] Fix updating memcache tracking info upon session destruction
      (, Bug #8626).
[mjr] Various improvements and fixes to the Net_IMSP driver
      (; Bug #8532, #8533, #8534, and #8535).
[jan] Export recurrence exceptions to Funambol clients (Alfonso Marín Marín
      <>, Request #8065).
[jan] Export all email addresses to Funambol clients (,
      Request #8571).
[jan] Export all fax numbers to Funambol clients (,
      Request #8618).
[jan] Fix detecting device information of certain synchronization devices.
[jan] Fix warnings when listing sessions with Oracle or PEAR DB session
      handlers (Bug #8601).
[mas] Fix SessionHandler_sql::getSessionIDs() SQL syntax (,
      Bug #8600).
[mas] Fix Horde_SQL::readBlob() on MSSQL (, Bug #8599).
[mms] Fix prototypejs regression on Internet Explorer (Bug #6590).


[jan] SECURITY: Fix vulnerability in image form fields that allows overwriting
      of arbitrary local files.
[cjh] SECURITY: Fix validation of "number" type preferences (Bug #8399).
[mms] SECURITY: Don't display unknown text parts inline (Bug #8311).
[mms] Upgrade prototype.js to v1.6.1.
[jan] Use system timezone for timestamps in the logs (Bug #8496).
[jan] Fix exporting certain weekday recurrence rules to iCalendar
      (, Bug #8510).
[jan] Work around crash bug in Funambol clients when synchronizing all-day
      events (Bug #8474).
[jan] Fix synchronizing tasks with certain devices (Bug #8506).
[jan] Workaround synchronizing of messed up categories in Nokia E phones
      (Bug #7824).
[jan] Fix synchronizing photos with broken Nokia phones (,
      Bug #7407).
[jan] Fix fatal error during synchronization if using certain session handlers
      (Bug #8443).
[jan] Improve synchronizing yearly events with Funambol clients
      (, Request #7790).
[jan] Destroy session when a CLI script ends (Request #8482).
[jan] Fix data casting when caching permissions with the DataTree backend (Bug
[jan] Pass user's password to the signup_addextra hook.
[jan] Add removeUserDataFromAllApplications API method
      (, Request #8454).
[jan] Catch errors when resetting passwords.
[jan] Support resetting passwords with composite authentication.
[mms] Fix memcache issue where it took 1 second to release a lock.
[mjr] Fix weatherdotcom block always displaying a 5 day forecast (Bug #8357).
[cjh] Use streams for file transfers in VFS_ssh2 (,
      Request #8323).
[jan] Send notification messages about new signups with confirmation links.
[jan] Drop signup_email column from sign-up table.
[jan] Show photo in vCard viewer if provided as inline vCard data.
[mjr] Fix issue where pref hooks would not be called for preferences marked as
      shared and defined outside of the Horde scope.
[jan] Add configuration whether to show user drop down list or text field in
      permissions dialog.
[jan] Export current locale to the environment.
[jan] Fix unfolding of vCard 2.1/vCalendar 1.0 data.


[jan] Fix rendering of addresslink form fields (Bug #8053).
[mjr] Fix a botched merge in Horde_Image_gd that was causing an undefined
      variable notice to be output in the image data.


[mjr] Fix an issue that causing users with expired passwords to be allowed to
      log in with the LDAP Auth driver.
[jan] Properly handle synchronization requests to non-existant databases.
[jan] Fix exporting all-day events to Funambol clients (Bugs #4487, #6847).
[jan] Quote parameter values in iCalendar data if necessary (Gunnar Wrobel,
      Bug #7758).
[jan] Detect base64 encoded synchronization data from Blackberry devices
      (Bugs #6995, #6949).
[jan] Optionally use Net_DNS for host name lookups (,
      Request #7374).
[jan] Add TLS support to LDAP drivers (, Request #7958).
[jan] Add scope and sizelimit parameters to LDAP authentication driver
      (, Request #7839).
[jan] Further improve HTML-to-text filter.
[jan] Export recurrence end dates as date-time values in iCalendar data to
      improve compatibility with external clients (Bug #7846).
[jan] Silence errors messages from iconv_substr() (, Bug #8128).
[jan] Don't catch Alt key combinations for access keys on Mac OS.
[mjr] Fix bitwise clause generation in the sql and hierarchical sql driver. This
      fixes issues with Oracle and possibly other RDBMS.
[mjr] Correct numerous bugs in Horde_Image dealing with ImageMagick version
[jan] Fix charset conversion in preference hooks (Bug #7489).
[cjh] Proactively disable allow_url_include in core.php.
[cjh] Add an index on session_lastmodified to the Horde sessionhandler tables.
[mjr] Force the use of REQUEST_URI instead of PATH_INFO in Util::getPathInfo()
      when being served by lighttpd due to issues with case insensitive
      file systems.
[cjh] Add support for SSL connections to MySQL databases (,
      Request #7972).
[cjh] Fix storing of unlocked preferences set by hooks (,
      Bug #6822).
[jan] Highlight color input fields with the color from the picker.
[jan] Fix importing vCards that have the charset specified in a MIME part
      (Bug #7816).
[mms] Ensure all input array entries in String::convertCharset() are properly
      iterated through (Bug #7828,


[cjh] SECURITY: Escape output in the tag cloud block
      (found by Gunnar Wrobel <>).
[cjh] SECURITY: Validate the Horde_Image driver name
      (found by Gunnar Wrobel <>).
[cjh] Allow "." in phone number fields (Request #7858).
[cjh] Fix the SQL Share driver closing the global database connection
      improperly when using PostgreSQL (Bug #7825).
[jan] Add support for Mozilla Sunbirds snooze properties (Request #7470).
[cjh] Try iconv_substr() in String::substr() if it's available
      (, Request #7826).
[cjh] Avoid warnings in Perms::getPermissionId with PostgreSQL
      (Marcus Ryan <>, Bug #7750).
[jan] Fix parsing of LABEL attributes in the vCard viewer.


[mms] Fix prototypejs regression on IE (Bug #6590).


[cjh] SECURITY: Add another check to the XSS filter.
[jan] Add script to import preferences from SquirrelMail database.
[cjh] Allow the password file Auth driver to require a specific group.
[cjh] Use YYYY-MM-DDTHH:MM:SS for Alarm date queries (Bug #7580).
[jan] Add XPath wrapper to Horde_DOM library.
[cjh] Don't use executeMultiple in the SQL Share driver when we might
      reset the connection in between queries (Bug #7542).
[jan] Fix database XML schema to create all lock table fields (Bug #7433).
[jan] Fix showing two sidebars after saving the display preference group for
      the first time (Bug #7475).
[jan] Fix sharing with LDAP groups (Bug #6883).
[jan] Add javascript event handler for access keys.
[cjh] Remove UNSIGNED from PostgreSQL scripts.
[cjh] Call preference hooks in the scope of the preference
      (vlukashov (at) parallels (dot) com, Bug #7445).
[jan] Fix resuming synchronization session on server farms
      (, Bug #7394).
[jan] Fix synchronization of tasks with many items (,
      Bug #7395).
[mms] Upgrade prototype.js to v1.6.0.3.
[jwm] Fix regression: SOAP wsdl/disco shouldn't require authorization.


[jan] Fix synchronization issues with Blackberry clients (Bug #6949).
[mms] Fix setting the horde user when using application authentication with
      realms (Bug #6749).
[jan] Fix user name conversion with user hooks in the permissions interfaces
      (Bug #6371).
[jan] Provide all settings for the read server in split SQL configuration
      (Request #7024).
[jan] Improve HTML to text filter.
[mjr] Hierarchical SQL Share driver now correctly removes all children when
      removing a share (Bug: 7347).
[mjr] Fix an issue with various date/time fields in horde form that was causing
      erroneous validation errors.
[cjh] Sign parameters to go.php with an HMAC based on a new secret key
      configuration value, to prevent using go.php as an open referrer.
[cjh] Make logout tokens only valid for a configurable length of time.


[mms] Fix garbage collection handling on SQL session handler backends.
[mjr] Change MDB2 sequence names to 'id' in SQL share driver (Bug #7240).
[cjh] When a URL is supplied for pass-through after logging in, go to that URL
      in mobile browsers instead of going to the mobile portal (Bug #6332).
[mms] Memcache session handler no longer writes data with a lifetime.
[cjh] Add DIMP to the horde LDAP OIDs and hordePerson objectclass (Bug #7243).
[mms] Update FCKeditor to v2.6.3.
[jan] Use global mailer configuration when sending alarm emails
      (, Bug #7058).
[jan] Reset background colors when resetting the category form (Bug #7226).
[jan] Improve Funambol contacts support (Requests #7099, #7100).
[jan] Correctly parse GEO tags in vCard 2.1 data (Bug #6563).
[jan] Remove Horde portal link from application menus (Bug #7221).
[cjh] Create a driver for signups, allowing backends other than DataTree
      (Duck <>, Request #7161).
[jan] Fix displaying images with the image form field.
[mjr] Fix issue with hierarchical SQL share driver that caused permissons to
      erroneously be denied when the share contained group permissions and was
      instantiated by a listShares call.
[mjr] Fix issue with hierarchical SQL share driver that caused any child shares
      to be orphaned when the parent share was moved in the hierarchy.
[mjr] Fix issue with SQL share drivers that was causing permission checks to
      fail under certain conditions by no longer explicitly storing owner
      permissions in the Perms backend.
[cjh] Fix overwriting a variable in the tableset_html VarRenderer
      (Paul Roy <>, Bug #7120).
[mms] Fix MIME encoding when using the ISO-2022-JP charset (Bug #1621).
[jan] Fix SQL Share driver not using the correct database when using different
      databases in Horde applications (Bug #6997).
[cjh] Fix SQL portability in Share_sql driver (Bug #7084).
[jan] Fix synchronizing large amounts of data split across several SyncML
[jan] Add Basque translation (Euskal Herriko Unibertsitatea EHU/UPV
[cjh] Fix Horde_Lock::getLockInfo (, Bub #7046).
[cjh] Fix SQL portability in Group_sql driver (Bug #7075).
[jan] Fix PAM authentication driver, but also mark it as deprecated (Bug #6982).
[mjr] Fix issue with native SQL Share driver that caused filtering shares by
      attributes to fail.
[jan] Fix synchronization of event alarms with Funambol clients (Bug #7003).
[jan] Correctly detect Funambol clients on Blackberry devices (Bug #6995).
[mjr] Remove all user application permissions and group memberships from storage
      when removing the user from the system (Bug: 6999)
[cjh] Call the postauthenticate hook in Auth::setAuth(), and allow the
      postauthenticate hook to cause setAuth() to fail. Allows postauthenticate
      to fire on any event, including transparent authentication, that could
      result in a user being successfully logged in.
[jan] Improve attribute support and charset conversion in vCard viewer.
[jan] Show photos in vCard object if provided with an URL.
[mjr] Remove permissions from storage also when removing a share.
[jan] Add Horde_Form fields for string arrays and PGP and S/MIME keys.
[jan] Only show Add Permission icons in permissions interface where adding
      them is possible.
[mjr] Fix issue in Horde_Image that was causing erratic results when cropping
[jan] Fix validation of phone fields marked as required (Bug #6948).
[mms] Fix quoting periods in display part of e-mail address (Bug #6899).
[mms] Fix error checking when parsing an undisclosed recipients mail header
      and using an older version of PEAR::Mail (Bug #6930).
[jan] Return to portal after editing or deleting blocks directly from there.


[jan] SECURITY: Fix vulnerability in image form fields that allows overwriting
      of arbitrary local files.
[cjh] SECURITY: Fix validation of "number" type preferences (Bug #8399).
[mms] SECURITY: Don't display unknown text parts inline (Bug #8311).


[cjh] SECURITY: Escape output in the tag cloud block
      (found by Gunnar Wrobel <>).
[cjh] SECURITY: Validate the Horde_Image driver name
      (found by Gunnar Wrobel <>).


[cjh] SECURITY: Add another check to the XSS filter.


[jan] SECURITY: Fix unescaped output in the MIME attachment linking.
[jan] SECURITY: Add another check to the XSS filter.


[cjh] SECURITY: Escape item names in the object browser (Bug #6906).
[cjh] Select db before queries in MySQL SessionHandler (Bug #6673).
[jan] Format messages sent through MIME_Mail in flowed text format.
[cjh] Catch errors if the Cache_file backend doesn't have permission to
      garbage collect (Bug #6895).
[cjh] Fix deletion of SQL shares when using split read/write databases
      (, Bug #6870).
[mms] Workaround broken IE behavior when downloading files with 8-bit
      filenames (, Bug #129).
[cjh] Fix storing of unlocked preferences set by hooks
      (, Bug #6822).
[mms] Allow Horde memcache driver to use UNIX sockets (Bug #6848).
[mjr] Various fixes for hierarchical SQL Share driver involving share names,
      better error checking and logging.
[gwr] Added group driver for Kolab.
[gwr] Added IMAP based preferences driver for Kolab.
[mms] Fix missing timestamp variable in Horde SQL cache driver
      (, Bug #6839).
[cjh] Fix over-zealous preference caching when preferences are requested for a
      different user (Bug #6820).
[mjr] Fix issue in Horde_Image that caused errors when performing certain image
      operations immediately after an image had been cropped when using the
      ImageMagick driver.
[cjh] Fix order of checks in String::convertCharset (Bug #6794).
[mms] Fix parsing of addresses in headers when the RFC 2047-encoded personal
      part of the address contains address list delimiters (Bug #6747).
[cjh] Fix generation of unique keys in configuration for machines too fast for
      microtime() (, Bug #6762).


[jan] Fix synchronization of contacts with some SyncML clients (Bug #6706).
[mjr] Fix SQL bitwise comparison issue in native SQL share drivers that affected
      PostgresSQL (Bug #6751).
[cjh] Ensure users' email addresses are well-formed (Bug #6654).
[jan] Remove About... link from help viewer.
[mms] Update Xinha editor to support Safari 3.


[bak] Improvements to WebDAV return codes and implement WebDAV locks
[bak] Add Horde_Lock subsystem
[mms] Add memcache caching support to all session backends.
[cjh] Apply fix for to prototype.js
      (Request #6590).
[cjh] Add a files-based Preferences backend (,
      Request #6653).
[cjh] Correct line-folding of encoded lines in iCalendar data
      (Gunnar Wrobel <>, Bug #6555).
[cjh] Add a configuration option for whether users can share with groups
      they aren't members of (, Request #6619).
[cjh] Ensure that alarms are created with a NULL alarm_snooze value
      (, Bug #6183).
[cjh] Add an admintools script for creating PEAR::DB sequences manually.
[cjh] Improved support for PGP fingerprints (Bug #6363).
[jan] Add rpc/ directory for prettified RPC URLs.
[jan] Move SyncML anchors out of the DataTree into a separate database table.
[cjh] Add beta SQL Permissions driver (, Request #6150).
[cjh] Add beta SQL Group driver (, Request #6175).
[jan] Use wider columns for the SyncML database table to correctly store long
      UIDs (Bug #5025).
[jan] Add "hordeweb" theme.
[jan] Add MIME::parseAddressList().
[jan] Add icons to edit and delete blocks directly from the portal.
[jan] Allow users to specify login credentials for Horde applications in the
[jan] Add NLS::setLanguageEnvironment() and NLS::setCharsetEnvironment().
[cjh] Fix LDAP authentication (Bug #6450).
[jan] Improve synchronization with Funambol clients.
[mas] Fix false positive verification of S/MIME messages (Bug #6323).


[cjh] Fix Horde_Compress_zip::checkZipData (Bug #6413).
[jan] Allow adding attachments to the problem reporting form.
[cjh] Make sure that when we used a cached Preferences object, we set the
      correct scope (Bug #6395).
[cjh] Set LC_TIME to C for consistency in date parsing in the SSH2 backend
      (, Bug #6396).
[cjh] Add experimental native SQL Share driver (, Request #6109).
[cjh] Recognize IE8 in the Browser class (, Request #6390).
[cjh] Don't treat no results as an error in the LDAP Groups driver
      (, Request #6362).
[cjh] Use conf.bak.php for backup files so they are parsed by PHP
      (Request #6341).
[cjh] Add a configuration setting for using pretty URLs (Request #6264).
[cjh] Add a method for counting attribute values without returning full objects
      from the DataTree (, Request #6289).
[cjh] Protect logout links with CSRF tokens.
[jan] Fix listing of folders with whitespace in the name using the SSH2 VFS
      driver (Bug #6227).
[jan] Don't indent first line of paragraphs when converting HTML to plain text.
[cjh] Add a PHP 5 SoapServer RPC backend.
[cjh] Add a method for getting just attributes, instead of full object and
      tree structure, from the DataTree (, Request #6209).
[cjh] Add a mock Groups driver for sites that don't need Group support
      (, Request #6157).
[jan] Highlight links in HTML viewer that triggered a phishing warning.
[jan] Fix some string parsing on systems that don't have the "en" or "en_US"
      locales installed (Bug #6194).
[jan] Avoid JavaScript popup if a translation for the WYSIWYG editor doesn't
      exist (Bug #6174).
[cjh] Fix autocreation of DataTree parents (, Bug #6167).
[jan] Fix linefolding with multibyte strings in iCalendar library (Bug #6103).
[jan] Add multibyte-safe String::wordwrap() method.


[jan] SECURITY: Fix privilege escalation in Horde API.
[jan] SECURITY: Filter out FRAME tags from HTML messages (CVE-2007-6018).
[jan] SECURITY: The XSS filter passes the complete XSS cheat sheet
      ( now.
[cjh] Don't trust HTTP_X_FORWARDED_FOR or any proxied requests when consulting
      the safe_ips list (Bug #6133).
[cjh] Add a PHP 5-only block for putting syndicated feeds on the Horde Portal
      (, Request #6107).
[cjh] Automate detection of which themes/app combinations have custom icons
      (Bug #6105).
[cjh] Fix listing of current session ids in the memcache SessionHandler
      (Bug #6083).
[cjh] Correct handling of cache misses from the Horde_Cache_sql driver
      (Bug #6060).
[mas] Add support for PGP revocation certificates to Crypt library.
[cjh] Provide specific validation errors when datetime Horde_Form fields have
      a date but not a time, or vice-versa (Bug #5992).
[cjh] Read email addresses from subjectAltName property of S/MIME certs
      (Bug #5986).
[cjh] Catch Horde_Block errors when doing ajax updates.
[cjh] Allow Horde_Mobile_select to take already-encoded options (Bug #5849).
[jwm] Add support in Horde_RPC_soap for handling SOAP endpoints that only
      expose certain types and/or methods.
[jwm] Make the SOAP service name in Horde_RPC_soap configurable.
[jwm] Add basic logging of SOAP calls (method name and args, elapsed
      time, bytes sent in response).
[cjh] Support LDAP password expiration when using Sun/Fedora Directory Server
      (, Request #6012).
[cjh] Remove the wrap attribute from preference textarea tags (Bug #6024).
[cjh] Recommend and default to SSHA hashed passwords.
[jan] Fix rendering of messages in some charsets that are only supported by
      iconv (Bug #5962).
[jan] Display WYSIWYG editor with correct language.
[jan] Fix creating of sub groups (Bug #5970).
[jan] Fix linking of URLs encapsulated in angle brackets (Bug #4946).
[jan] Fix edge cases of CSV file imports (Bugs #3839, #4025).
[mms] For SessionHandler drivers, don't write to backend if the session data
      did not change while loading the current page.
[cjh] The Auth:: package no longer depends on the PHP mhash extension
      for some encryption types.
[cjh] Add stream support to some VFS backends (Request #5913).
[jan] Add client code to JSON-RPC class and implement JSON-RPC 1.1.


[jan] Apply user name hooks when editing share permissions
      (, Bug #5844).
[jan] Fix some date handling with dates outside the unix epoch (Bug #5893).
[jan] Fix fixed portal blocks (Bug #5853).
[jan] Fix Share caching (Bug #5748).
[cjh] Fix deleting categories (Gunnar Wrobel <>, Bug #5873).
[cjh] Import dhtmlHistory.js from DIMP into Horde core.
[cjh] UTF-8-encode DNs in the LDAP Groups driver (,
      Bugs #4692 and #4918).
[mjr] Addition of an Effects API to the Horde_Image package, including a
      number of image effect plugins.
[jan] Add country list form field.
[cjh] Add example logrotate configuration (Martin Fraer <>).
[cjh] Add LDAP ACL definition for preferences (Martin Fraer
[cjh] Add an index on horde_datatree_attribute.attribute_value to improve
      DataTree performance (Andrew Morgan <>).
[jan] Add SQL upgrade scripts.
[jan] Fix escaping of parenthesis in PDF documents (PEAR Bug #12092).
[jan] Fix alarm notification script (Bug #5660).
[jan] Fix PDF generation with some locales (Gunnar Wrobel, Bug #4094).
[jan] Move all application-specific hook examples to the applications' config/
[jan] Fix SMTP configuration being set to "Best available authentication"
      (Bug #5679).
[jan] Add bind parameters to LDAP account portal block configuration (Request
[cjh] Fix login screen enter key behavior in some circumstances (Bug #5696).
[mjr] Add a new block for displaying a tag cloud that works across all Horde
      applications implementing a searchTag api.
[cjh] Use the Silk flag icons from
      for all flag sets (Bug #5681).
[cjh] Fix generation of UIDs with PHP 5.2+.
[cjh] Add a JSON-RPC Horde_RPC backend (
[cjh] Allow selecting any available sound when creating alarms as an
      administrator (Request #5619).
[cjh] Fix updating of last_maintenance preference with PHP 4 (Bug #5111).
[cjh] Allow considering all IPs to be "safe" for encryption operations,
      passphrase entry, etc., when using SSL hardware or other secure
      environments (, Request #5568).
[cjh] Fix CSRF protection with Horde_Form objects submitted with preserve().


[cjh] Centralize sounds for audio alarms in Horde.
[cjh] Include CSRF protection when using Horde_Form Tokens (Request #4492).
[cjh] Add first_week_day preference and use it in the calendar widget (Bug
[cjh] Cache permissions with Horde_Cache (
[jan] Add configuration option for safe IP subnets.
[cjh] Allow turning off a user's ability to edit share permissions (Request
[cjh] Consolidate color pickers used for Labels and in Horde_Form (Bug #5112).
[cjh] Log sending of problem report emails (,
      Request #5461).
[cjh] Improve support for dates before 1970 and after 2038 (Bug #3741).
[mms] Add option to send MIME messages in a format that may allow broken MUAs
      to handle 8-bit filename data.
[cjh] Add Tango Blue (xconspirisist <>,, Request #2795) and Silver Surfer (Daniel
      Dembach <>) themes.
[mms] Created a Horde-wide object to access a singlet memcache configuration.
[cjh] Test for PCRE UTF-8 support with extension tests
      (, Bug #1052).
[jan] Add category field to Horde_Form.
[cjh] Better detection of Konqueror JavaScript features
      (, Request #5372).
[cjh] Support the allow_multi parameter when displaying email address form
      types (, Request #5356).
[cjh] Add Scriptaculous and RedBox to Horde.
[mms] Added sql driver for Horde_Cache::.
[mms] Prevent tooltips from scrolling off screen (,
      Request #3958).
[jan] Add portal block to verify EU VAT identification numbers.
[mms] Preserve URL anchor information when performing login.
[jan] Add method to fetch public key by email address from key server.
[jan] Add parameter for a temporary directory to the VC svn driver
      (, Request #5051).
[jan] Change VC library to support open_basedir restrictions (,
      Request #5051).
[cjh] Added a query for checking existance of a user to the custom SQL
      Auth driver (Request #5151).
[jan] Add button to the setup screen to check for newer versions.
[mas] Add MIME Viewer for WordPerfect documents.
[mms] Use lzf compression to compress Horde_SessionObjects:: data in the
[cjh] Replace google popup javascript searching with Google Ajax Search.
[jan] Add datetime variable type to Horde_Form.
[jan] Add Horde_Alarm library for reminders, alarms and notifications across
      all applications with pluggable notification methods.
[jan] Add context renderer to Text_Diff package.
[jan] Add MIME_Mail class to simplify creation and sending of MIME messages.
[cjh] Horde_Share now has a driver system with DataTree and Kolab backends
      (Gunnar Wrobel <>, Request #4263).
[cjh] Remove RPC_rest backend.
[cjh] Add DELETE support to the webdav RPC implementation
      (Håvard Wigtil <>, Request #4721).
[cjh] Add a Horde-wide HTTP proxy config setting (Request #1039).
[mms] Use the geoip PECL extension if available.
[cjh] Add preferences change hooks that are called when preferences are set
      to new values (Request #4343).
[cjh] Add Active Directory support to the LDAP account information driver
      (, Request #3512).
[cjh] Add a finger driver to the account information block
      (, Request #3546).
[cjh] Rewrite the Prefs code to keep the same Prefs object through multiple
      scope changes, instead of re-loading the Horde prefs, or prefs for
      a scope that had already been loaded. Fixes bugs when making changes
      to preferences and then switching scopes again (Bug #2838).
[cjh] Switch from hook functions for every group to a single hook function
      for all groups, allowing more dynamic Group_hooks implementations
      (, Request #4324).
[jan] Allow Kolab users to login with both, UID or mail address
      (, Bug #1317).
[cjh] Switch between 'icon' and 'iconopen' images when toggling Horde_Tree
      sections (Bug #2576).
[cjh] Add a Horde_Form_Action for setting the cursor position in any
      text field (Request #4431).
[cjh] Provide a link for dialing phone numbers if the "telephony/dial"
      API method is present (, Request #3241).
[jan] Add support for PUT method to WebDAV server
      (, Request #3032).
[jan] Add PHP 5 support for Kolab (, Bug #4062).
[jan] Rewrite PAM authentication driver to use PAM extension from PECL.
[mas] Implement IMAP_ACL_rfc2086::canEdit() for cases when the user is
      asking about their own rights.
[mms] Correctly encode MIME parameter values via RFC 2231.
[mms] Add method to do RFC 2231 encoding.
[jan] Allow to set link target for "link" preference types.
[cjh] Move developer and administrator tools into seperate PEAR
      packages that will be available from
[mas] Conform to WCAG 1.0 Priority 2/Section 508 accessibility guidelines.
      (Request #4080)
[jan] Add SMIL MIME viewer.
[jan] Add support for virtual host based configuration.
[jan] Add File_PDF::setTextColor() (PEAR Request #1767).
[jan] Add File_PDF::setFontStyle() (, PEAR Request #5230).
[jan] Add encoding parameter to XML_SVG_Document (PEAR Request #7461).
[jan] Add SMPP driver to Net_SMS package (Ian Eure <>, PEAR
      Request #5101).
[jan] Add support for symmetric PGP encryption to Crypt library.
[jan] Add option to limit file sizes in file and image form fields (Request
[jan] Add caching for shares.
[cjh] Add an audio MIME_Viewer so that audio files are clickable and
      handled immediately by the browser.
[cjh] Add Horde_Form_Type_phone as a parent for Horde_Form_Type_cellphone.
[jan] Add caching for groups.
[cjh] Allow dropping application (or other custom-purpose) configuration
      files into config/registry.d/.
[cjh] Help now has a tree view of topics and is searchable (Request #2452).
[cjh] translation.php now works with PHP 5 (Bug #3539).
[jan] Highlight new configuration items in the configuration interface
      (Request #3868).
[cjh] Add Shibboleth transparent authentication driver
      (Cassio Nishiguchi <>).
[cjh] Add native email address validation to Horde_Form_Type_email
      based on
[jan] Add multidomain support for Kolab servers (, Request #3579).
[cjh] Deprecate htmlarea in favor of xinha.
[mms] Add VFS SSH2/SFTP driver (Cliff Green <>).
[mjr] Move the Horde_Config_Node and related classes out of Horde_Config and
      into it's own Horde_DOM package.
[mjr] Add support for Horde_Share to the Net_IMSP package.
[jan] Add connection pooling support with memcache extension 2.0.0
      (, Request #3213).
[jan] Add memcached driver to the Horde_Cache package (Duck <>).
[cjh] Add phpGroupWare/eGroupWare compatibility driver to Horde_RPC that
      allows mapping xml-rpc methods into Horde applications (Request #2886).
[cjh] Add _horde_hook_post_pushapp for doing actions directly after
      $registry->pushApp() succeeds.
[jan] Update portal block content in the background instead of reloading the
      whole portal periodically.
[mdj] Add support for split read/write databases.
[mdj] Add failover support for database backends.
[jan] Add configuration option to require users to confirm email addresses
      added to their identities.
[cjh] Add a SpellChecker package.
[cjh] Have Horde::addScriptFile() check for a non-PHP version of scripts
      to avoid javascript.php whenever possible.
[cjh] Add SERIALIZE_JSON mode with code from PEAR's Services_JSON.


[jan] SECURITY: Add another check to the XSS filter.


[cjh] SECURITY: Escape item names in the object browser (Bug #6906).
[jan] Fix large messages being rendered empty with PHP 5.2 (Bug #5792).


[cjh] SECURITY: Fix arbitrary file inclusion through abuse of the theme
      preference (CVE-2008-1284).


[jan] SECURITY: Fix privilege escalation in Horde API.
[jan] SECURITY: Filter out FRAME tags from HTML messages (CVE-2007-6018).
[jan] SECURITY: The XSS filter passes the complete XSS cheat sheet
      ( now.
[jan] Apply user name hooks when editing share permissions
      (, Bug #5844).
[jan] Fix fixed portal blocks (Bug #5853).


[cjh] Fix identity javascript when some fields are disabled
      (, Bug #5595).
[cjh] Disable the Turkish locale if using PHP 5 (see
[jan] Fix selecting the language on the login screen (Bug #5098).
[jan] Fix searching for single quotes in email headers (, Bug
[jan] Fix portal layouts with more than one horizontally expanded block per


[jan] SECURITY: Correctly quote file names in cleanup script for temporary
[jan] Fix RPC authentication on CGI SAPIs.
[jan] Detect unencrypted PGP messages.
[jan] Correctly quote file names in cleanup script for temporary files.


[jan] SECURITY: Fix an XSS vulnerability in the language selection.
[jan] Complete Cyrus virtual domain support in cyrsql driver (Vilius Sumskas
      <>, Request #4967).
[jan] Add option whether to strip domains from usernames in the account block
      (Request #4955).
[jan] Fix email lists not being validated under certain conditions (Bug #4834).
[cjh] Add a REST-ful preferences interface.
[cjh] Faster DataTree-to-SQL History migration script
      (, Request #4732).
[cjh] Improved automatic webroot detection (Ben Klang, Request #4126).
[cjh] Rewrite and fix the OCI8 SessionHandler (Bug #3452).
[cjh] Allow signup hooks to override the user_name and password fields
      (, Request #2904).
[cjh] Fix creation of mailbox quotas by the Auth_cyrus driver
      (, Bug #4678).
[cjh] Add "Save and Finish" to the share edit window (,
      Request #4307).
[cjh] Let mailto: and anchor (#) links through Horde::externalUrl (Bug #3079).
[cjh] Add smbclient version of the SMB Auth class (,
      Request #4338).
[cjh] Remove problematic "data descriptor" segment from generated ZIP files
      (, Bug #4670).
[cjh] Strip accesskeys from menu tooltips when only showing icons (Bug #4667).
[jan] Fix saving files in the root directory of an SQL VFS backend (Bug #4652,
      Ben Klang <>).
[jan] Fix displaying all maintenance tasks to be confirmed at once (Bug #4377).
[cjh] Fix return format of DataTree_null::getByAttributes()
      (, Bug #4651).
[jan] Support departments in vCard's ORG properties (,
      Request #4285).
[cjh] Rename Auth_sasl backend to Auth_peclsasl to avoid conflicts with PEAR's
      Auth_SASL (Bug #4547).
[cjh] Implement handling of vTimezones in iCalendar data
      (Carl Thompson <>, Bug #4399).
[cjh] keybindings.js now works with Safari/KHTML.
[jan] Avoid recursive folder creation when sharing Kolab folders
      (, Bug #4325).
[jan] Add Kolab specific account block driver to support special Kolab users
      (, Request: #4119).
[mms] Only dim below the last signature line of input text in the dimsignature
      Text_Filter driver.


[cjh] SECURITY: Validate GET-based URL parameters provided to Horde's
[jan] Support importing of combined date/time fields (Bug #3116).
[jan] Log a warning if using settings that break sessions.
[jan] Fix parse error that broke SyncML synchronization (Bug #4168).
[jan] Support Kolab group ACLs (, Request #2270).
[jan] Fix unserialize() errors in session viewer (Bug #3586).


[cjh] SECURITY: Remove unused image proxy code from dereferrer.
[cjh] SECURITY: Close XSS problems in dereferrer (IE only), help viewer and
      problem reporting screen.
[cjh] Handle errors generated during XML-RPC calls properly
      (Ben Klang <>, Bug #4097).
[jan] Add additional indexes to preference table (, Bug #4079).
[jan] Fix preference cache (Bug #4079).
[jan] Add configuration option to disable GET-based sessions.
[jan] Fix preferences access for special Kolab users (,
      Bug #4049).
[mms] Fix setting default charset for non-MIME messages (Bug #3804).
[jan] Add several methods to manipulate groups and shares to Horde's API.
[jan] Return serialized PHP values through the REST interface if passing a
      restContentType parameter of 'application/x-httpd-php'.
[cjh] Only allow users to assign Share permissions for groups they are
      members of.
[jan] Allow to disable VFS backends in the applications' configurations.
[mms] Update the MIME Content-Type charset parameter in a MIME message when we
      convert the contents for viewing in the browser (Bug #3729).
[cjh] Fix Horde_Form_Type_assign javascript (Bug #3740).
[jan] Add upgrade scripts for Oracle.
[cjh] Include PATH_INFO whenever QUERY_STRING is requested in Horde::selfUrl()
      (Bug #3703).
[jan] Add generic SQL upgrade script (Daniel A. Ramaley


[cjh] SECURITY: Fix remote code execution vulnerability found by Jan Schneider.
[cjh] Fix export and synchronization of events across daylight saving time
[jan] Add proper locking to mysql session handler (Bug #3660).
[cjh] ie.css is not necessary for IE7, so rename appropriately (Bug #3671).
[jan] Fix quota support for some VFS drivers (Bug #3647).
[cjh] Better Opera Mini detection (Bug #2961).
[jan] Fix menu wrapping with Kolab and Purple theme (Bug #3594).


[cjh] Remove bogus Content-Location header in the WML Mobile renderer
      (Bug #3476).
[jan] Add option to block Kolab authentication after failed logins
      (, Request #3474).
[jan] Allow to set height of iframe portal block (,
      Request #3504).
[cjh] Update ToolTips JavaScript object to allow tooltips on non-<a> elements.
[mms] Sort an IMAP_Tree object by display name, not full mailbox name.
[mas] Make sure database portability options are applied in History module.
      (Bug #3482)


[jan] Make sure that Kolab users always have the same user name (Bug #1317).
[jan] Fix moving objects with Kolab drivers (, Bug #2811).
[jan] Add reset button to image form fields.
[jan] Fix selection of default identity (Bug #3416).
[mas] Add Hebrew translation.
[mas] Add support for RFC 4314-style IMAP ACLs.
[mms] Correctly encode 7-bit MIME messages with NULL characters (Bug #3395).
[jan] Hide applications with status 'notoolbar' from options menu (Bug #3383).


[jan] Add Khmer translation (Leang Chumsoben <>).
[mms] Handle quoted text when parsing MDN requests (Bug #3340).
[ben] Better support for MS-SQL.
[jan] Show correct address in last-login message if connecting through a proxy
      (Bug #3288).
[mms] Allow admin to disable browser string checks (Bug #3282).
[jan] Correctly encode email group names (Bug #3234).
[cjh] Add a display method for hourminutesecond form fields (Bug #3165).
[cjh] Horde's preferences now are referred to as Global Options so the user
      doesn't need to know what Horde is, and always appear at the top of
      lists of apps for which preferences are available.
[jan] Add upgrade instructions (Kevin Myer, Bug #3222).
[cjh] Applications which do not have a config/prefs.php file no longer
      appear in lists of applications to set options for to avoid confusion.


[cjh] Make the lock directory for the memcached SessionHandler configurable
      (Bug #3120).
[mms] Update Text_Flowed:: to support RFC 3676.
[cjh] Fix output escaping of Horde_Form_Type_cellphone in UI_VarRenderer_html.
[cjh] Allow choosing [None] as a database for $conf['sql'] (Bug #2754).
[jan] Add Icelandic translation (Bjorn Davidsson <>).
[mms] Work around broken imap_8bit() implementation in
      MIME::quotedPrintableEncode (Bug #2975).
[mms] Add garbage collection to Horde_Cache.
[cjh] Fix Group::listAllUsers (Carlos Pedrinaci, Bug #2937).
[jan] Add high contrast theme (, Request #1598).
[jan] Keeps sidebar expansion state across sessions (Request #1564).
[jan] Add configuration for mail domain used for problem reports
      (, Request #1376).
[cjh] Add dynamic table re-sorting through javascript.
[cjh] Inspect method signatures so that the REST driver isn't dependent on
      the order of GET parameters.
[cjh] Add horde/getPreference and horde/setPreference API methods.
[cjh] Add a list of active users and active sessions to the admin area.
[cjh] Add unobtrusive javascript tooltips based on the title attribute.
[jan] Move sidebar collapse/expand button below the menu bar (Oliver Kuhl
[jan] Add Ideas theme (Roel Gloudemans <>).
[cjh] Move Horde_History data to its own SQL table (Bug #2298).
[jan] Add Horde_Form_type_figlet for CAPTCHA fields with figlet fonts.
[jan] Add Horde_Form_Type_dblookup for form fields with database lookups
      (Request #322).
[jan] Add configuration to disable "About" links in help windows ("Matthew
      M. Gamble" <>).
[cjh] Allow sending problem reports to a ticket system using the
      tickets/addTicket API call (Bug #1917).
[cjh] Define RTL styles via an additional stylesheet.
[cjh] Usability improvements to the identities management page (Bug #1846).
[ben] Add LDAP support to Group package.
[cjh] Add SMB driver to VFS package.
[cjh] Allow creation of expiring accounts in LDAP
      (Roel Gloudemans <>).
[cjh] Add configuration option to search for the user's DN in the Prefs_ldap
      driver (Bug #1786).
[jan] Allow to specify the objectclass for new users added through LDAP
      (Roel Gloudemans <>).
[jan] Add password expiration and password encryption to LDAP authentication
      driver (Roel Gloudemans <>).
[jan] Add permissions to restrict number of portal blocks.
[jan] Add configuration for fixed portal blocks.
[jmf] Add audio notification listener, make portal handle audio notifications
      by blocks (e.g. the IMP folder summary).
[mms] Cache certain registry data to prevent unneeded file loading/parsing
      after the initial login.
[mas] Add support for counting authenticated sessions via SessionHandlers.
[cjh] Re-work Tabs so that background images can be used in creative ways.
[jan] Add "My Account Information" block that mimics the Accounts module.
[jan] Improve rendering for right-to-left languages (Amirkabir MetaNET Ltd.).
[jan] Add support for arbitrary, non-boolean permission values.
[ben] Add alternate_login and redirect_on_logout features.
[jan] Add generic SMTP driver to Net_SMS package (Ian Eure <>).
[mjr] Net_IMSP will now automatically create user's default addressbook if
      it does not already exist instead of just complaining about it.
[cjh] Add select all, none, and invert optionally to Horde_Form_Type_set
      fields (Duck <>).
[cjh] Preferences overview is now built with a definition list (<dl>) styled
      with CSS.
[jan] Add sort() method to Horde_Tree class.
[mdj] Change any output of <b> and <i> tags to <strong> and <em> for better
      accessibility support.
[jmf] Allow Horde templates to include application blocks.
[jan] Add extended forecasts to weatherdotcom Block (Rick Emery
[cjh] Allow for arbitrary attribute filters when listing or counting Share
      objects (Duck <>).
[cjh] Add DataTree::getSortedTree() (Duck <>).
[mjr] Support for imtest authentication added to Prefs_imsp.
[cjh] Add REST RPC driver (, Bug #1500).
[cjh] Add support for fetching the highest and lowest ids in any DataTree
      group (Duck <>).
[cjh] Add DataTree::sortByAttributes() for sorting DataTreeObjects based on
      their attributes (Duck <>).
[mjr] Initial support added to Net_IMSP for imtest driver (provides persistent
      IMSP connections using Cyrus imtest utility).
[jan] Add map links to UK and Australian address fields
      (, Bug #1461).
[mms] Detection of "phishing" tactics in the HTML MIME_Viewer (Todd Merritt
      <>, Bug #1434).
[mms] Text_Flowed package now correctly handles multibyte characters.
[mms] Maintenance confirmation pages now rendered via Horde_Template (Vilius
      Sumskas <>).
[jan] Allow to specify charset of imported CSV files.
[jan] Add File_CSV package.
[jan] Show application names in permissions administration.
[jmf] Allow the auth backend to request a password change, support expiring
      password in the SQL backend.
[cjh] Show menu children for every application with preferences under Options
      in the sidebar menu (Bug #1058).
[mms] Allow individual MIME_Viewers to override the Content-Disposition MIME
      parameter and force viewing inline.


[cjh] SECURITY: Validate GET-based URL parameters provided to Horde's


[cjh] SECURITY: Remove unused image proxy code from dereferrer.
[cjh] SECURITY: Close XSS problems in dereferrer (IE only), help viewer and
      problem reporting screen.


[cjh] SECURITY: Fix remote code execution vulnerability found by Jan Schneider.


[cjh] Fix showstopper bug in Horde_Form select fields (Bug #3123).


[cjh] When deleting an identity, don't show the deleted identity
      in the default identity select dropdown on the next page load.
[cjh] Fix escaping of data in the preferences templates.
[cjh] Fix escaping of data in the data import templates.
[cjh] Fix output escaping of Horde_Form_Type_cellphone in UI_VarRenderer_html.
[cjh] SECURITY: Close several XSS problems in the share edit window.
[jan] Fix portal block.


[jan] SECURITY: Fix XSS vulnerabilities in gzip/tar and css MIME viewers.
[cjh] Add missing COMMIT in MySQL SessionHandler driver
      (, Bug #2731).


[jan] Pass all URL parameters where linking email addresses (Request #1530).
[jan] Show Word viewer content with correct charset (,
      Bug #2737).


[cjh] Fix transactions and binary data in PostgreSQL session handler
      (, Bug #2749, #2789).
[jan] Fix sidebar menu layout for Opera (Bug #2722).
[cjh] Add <pre> to supported help tags (,
      Bug #2633).
[cjh] Fix validation on ipaddress Horde_Form fields (Bug #2583).
[cjh] Add Auth::getAuthDomain() (Bug #2573).
[mjr] Add ability to enable/disable IMSP globally via configuration settings.
[jan] Fix calendar popup with Safari browsers (, Bug #2448).
[cjh] When using CGI PHP, SCRIPT_NAME may contain the path to the PHP binary
      instead of the script being run; use PHP_SELF instead (Bug #2401).
[jan] Fix sharing with groups if using group hooks (Bug #2292).


[mms] Fix VFS's autocreatePath() for directory paths containing the root
[jan] Fix cyrsql authentication driver with unixhierarchysep enabled
      (, Bug #2367).
[mms] Fix nested IMAP AND searches.
[mms] In sql VFS driver, allow the use of '/' at the beginning of a path to
      indicate the base directory.
[jan] Fix returning to last page after sending problem report (Bug #2350).
[mms] Fix a bug that caused hook code to be run unnecessarily after a user
      is already logged in.


[cjh] Fix a far-reaching DataTree bug in loading parent ids (Bug #2203).


[jan] Add Bosnian translation (Vedran Ljubovic <>).
[cjh] Let Horde_Tree handle all indent calculation based on parent/child
      relationships (Bug #2198).
[cjh] Add initial LDAP SessionHandler driver.
[cjh] Use row-level locking or transactions where possible to avoid
      session corruption in SessionHandler (Bug #1580).
[mms] Add the memcached SessionHandler:: driver (Rong-En Fan <>).
[mms] Fix verification of MIME strings with escaped quotes (Bug #2168).
[jan] Fix generation of free periods in free/busy code with overlapping events.
[jan] Don't show Options button in problem reporting page.
[jan] Add Util::realPath() method.
[mas] Include version numbers for applications on Admin Setup screen. (Bug
[mas] Change IMAP Auth driver to use imap/notls by default in non-DSN mode to
      match DSN mode.
[mas] Add tls and self-signed certificate configuration options to IMAP Auth
      driver. (Bug #1357)
[cjh] Recognize Opera 8+ as providing advanced features (Bug #2066).
[cjh] Fix reading of binary files on Windows in VC_svn (Bug #2036).
[mas] Fix SQL 'LIKE' case-insensitive comparison. (Bug #2030)
[jan] Allow charset aware IMAP searches.
[jan] Fix Google search block for non-ascii characters (Bug #1329).
[jan] Add quick-install instructions.
[jan] Improve performance of several framework packages.
[mms] Fix MIME_Contents:: caching in PHP 5 (Bug #1410).
[jan] Fix VC SVN backend to support user names with spaces
      (, Bug #1919).
[cjh] Escape HTML in identity names (Bug #1910).
[mas] Use updated PostgreSQL function names.
[ben] Update application list in horde's LDAP schema
[cjh] Enforce maxlength restrictions in Horde_Form validation (Bug #1895).
[jan] Disable Block if not configured.
[cjh] Include sourceroot in VC cache keys (Bug #1783).
[jan] Add SQL script and instructions for MSDE databases (Bugs #1862, #1870,
[jan] Allow portal blocks to be larger than two column/rows (Bugs #1189, 1632).
[jan] Add SMTP authentication to problem reporting (Bug #1128).
[jan] Support help files in admin directory with translations.php (Bug #1344).
[jan] Fixed SQL binding for ODBC and MSSQL drivers (Bug #1816).
[jan] Add configuration option to set location of MIME magic database.
[mms] Make sure headers in a MIME_Part are encoded with the same character
      set used in that MIME_Part (Bug #1591).
[mms] Add List-Headers listed in RFC 2369 to the list of MIME Headers that
      can only appear once in a single header (Bug #1766).
[cjh] Fix typo in parsing of FREEBUSY data (Bug #1590).
[jan] Support SQLite and Oracle in all SQL backend configurations.
[cjh] Use bind variables in the Auth, VFS, and SessionHandler SQL drivers,
      and in scripts/remove_prefs.php (, Bugs #1665,
      #1666, #1667, #1668, #1677).
[cjh] session_set_cookie_params() expects a relative timeout; setcookie wants
      absolute. Go back to a configinteger for $conf['session']['timeout'] and
      add time() to that value in setcookie() calls (Bugs #1302, #1658).
      YOUR $conf['session']['timeout'] SETTING AFTER UPGRADING.
[cjh] Use bind variables in the Prefs and Token SQL drivers
      (, Bugs #1652, #1653).
[mms] Prune expanded folders that no longer exist in IMAP_Tree (Bug #1517).
[cjh] Don't try to compress output if ZPS compression is on (Bug #1626).
[cjh] If an app only has one prefGroup, always show that prefGroup instead
      of showing an overview screen with only one entry.


[cjh] Use fully qualified URLs in the AnselImage HTMLArea plugin (Bug #1259).
[cjh] SECURITY: Close XSS when setting the parent frame's page title by
[blc] Add PostgreSQL upgrade script (Brad Witte <
[cjh] Avoid division by zero if all preferences are locked (Bug #1627).
[jan] Fix sidebar refreshing with Opera.


[jan] Improve "login" authentication driver (Bug #1571).
[jan] Show database specific connection parameters in global SQL configuration
[jan] Fix left menu overflow in IE and Safari (Bug #1526).
[jan] Fix autocreating of directories and updating of existing files in the
      sql_file VFS driver (, Bugs #1552 and #1553).
[jan] Make wrapping menus visible with Gecko 1.4 browsers (e.g. Netscape 7.1).
[jan] Use SQL binding for some DataTree operations.
[jan] Fix DataTree SQL support for Oracle.
[jan] Fix SQL configuration for Oracle.
[mms] Make sure VFS garbage collection is done recursively.


[jan] Add Horde_Tree_select class (Ben Chavet <>).
[mjr] Fix Net_IMSP to properly handle multiple lines in addressbook fields.
[jan] Fix MIME decoding of strings that contain "%" in multibyte sequences
      (Bug #1423).
[cjh] Control space under the menu bar with a themeable style (Bug #1421).
[cjh] Fix Horde_Tree with the multiline option so that row styles extend over
      the whole height of the row.
[cjh] If configuration files that have a .dist version are missing,
      Horde_Test::configFilesMissing() will copy the defaults over if Horde
      can write to the filesystem (Bug #1015).
[cjh] Fix AnselImage HTMLArea plugin (Bug #1470).
[cjh] Just retrieve uid when listing users in the LDAP Authentication driver.
[cjh] Add choraPrefs to the hordePerson LDAP schema (Bug #1452).
[cjh] 'rootdn' is not required for LDAP preferences (Bug #1453).
[mms] Fix IMAP thread creation when the base level contains more than one
[jan] Allow vCards with lowercase field descriptors.
[jan] Improve tar/gzip MIME viewer to better show unzipped content.
[mjr] Better error handling in Net_IMSP.
[mms] Speed improvements and sorting fixes for IMAP_Tree.
[mms] IMAP_Tree now handles non-uppercased 'INBOX' strings returned from the
      mail server (Bug #199).
[mms] Rebuild certain internal MIME_Part data when retrieving from a cache.
[jan] Show database specific connection parameters in configuration screen.
[mms] IMAP_Tree now correctly updated when subscribing/unsubscribing from a
      mailbox (Bug #1111).
[mms] Make IMAP searches of non-"standard" headers work with the NOT directive
      (Bug #1368).
[jan] Fixed double line numbers in Source-highlight MIME viewer (Bug #1383).
[mms] Fix IMAP_Thread when dealing with the first message in the mailbox
      (Bug #1257).
[cjh] Fix menu heights in Safari.
[jan] Catch errors from configuration files to avoid blank pages.
[jan] Support mime_magic extension again if fileinfo is not present.


[mjr] Net_IMSP now correctly handles addressbook names containing spaces
      (Bug #1286).
[cjh] Implement clear() in the LDAP prefs driver (Bug #1335).
[cjh] Don't list uninstalled applications as initial_application options
      (Bug #1324).
[jan] Fix postauthenticate hook, not completely denying access after a failed
      login (Bug #1320).
[jan] Checkboxes in portal block setup forms are correctly checked now
      (Bug #1247).
[mms] Allow IMAP searches to work on headers with multiple entries
      ( (Bug #1330).
[mms] Correctly sort INBOX subfolders in IMAP_Sort (Bug #1291).
[cjh] Turn off Form Tokens in the configuration interface.
[jan] Sort user and group lists in permissions interface (Bug #1305).
[jan] Allow to enter PHP code in the session timeout configuration (Bug #1302).


[mms] Fix bug in Text_Flowed where unquoted lines could not be flowed.
[cjh] Fix logic problems with the MySQL and OCI8 session handlers that
      prevented them from handling restarting a session cleanly (Bug #1097).
[cjh] Fix persistence of $conf['mailer']['params']['auth'] in the Setup UI
      (Bug #1287).
[jan] Improve performance of DataTree operations like reading email message
[jan] Log successful logins and logouts with the NOTICE level (Vilius Sumskas
[cjh] Encode HTML entities in Horde_Form_Type_longtext display (Bug #1267).
[mms] Fix session handling to ensure variables are persistent across function
      calls (Gary Windham <>).
[mms] Improvements to WebCPP MIME_Viewer rendered output.
[mms] More fixes for URLs with '&' when passing through the sanitizer.
[jan] Make wrapping menus looking nicer in Gecko and KHTML based browsers.
[jan] Fix MIME viewer for gzip files that don't contain tar files.
[cjh] Fix visibility of <a > tags inside smallheader blocks for the Cornflower
      theme (Bug #1206).
[cjh] Do not cache javascript served via services/javascript.php (Bug #1140).
[cjh] Fix management of categories that contain quotes (Bug #1202).
[cjh] Handle addresses that are already surrounded by quotes in
      MIME::_rfc822Encode() (Bug #1143).
[cjh] Fix VC_svn's handling of directory names with spaces (Bug #1123).
[cjh] Fix caching logic that was causing VC to not properly refresh objects in
      a timely manner.
[jan] Allow to set fixed table cell widths in WYSIWYG editor.


[cjh] Make sure not to throw errors when bad emails are supplied in
      services/problem.php (Bug #1070).
[jan] Fix wrong charset of refreshed menu frame if not using UTF-8 (Bugs
      #1052, #1055).
[jan] Fix left menu tree collapsing after each refresh (Bug #1072).
[jan] Fix sidebar being loaded twice if not using cookies (Bug #1076).


[jan] Test for session.auto_start.
[mms] Fix parsing of header with undisclosed-recipients (Bug #1057).
[cjh] Add a browser quirk for browsers that don't support overflow:hidden in
      table cells (KHTML).
[jan] Fix application links if not using cookies (Bug #1029).
[mms] Fix disabling of maintenance confirmations (Bug #1027).
[cjh] Fix alignment of Help window header in MSIE (Bug #1023).
[cjh] Fix the Horde_Block graphics to be indexed, not grayscale (Bug #1051).
[cjh] SECURITY: Close several XSS vulnerabilities.
[mms] Make sure external URL's work correctly when the URL contains '&' as
      the delimiter.
[cjh] Fix infinite loop with Auth_application driver (Bug #1004).
[cjh] Never set an empty Horde_Tree cookie (Bug #1022).
[mms] Fix displaying of folders in IMAP_Tree:: for IMAP servers that don't use
      'INBOX' as their delimiter (Bug #1014).
[cjh] HORDE_MENU_MASK_NONE now really means only explicitly added menu items
      are displayed.
[cjh] Ignore H3 in version comparisons (Bug #1017).
[cjh] DataTree_null now stubs out the full DataTree API to avoid fatal errors
      when not using a permanent backend.
[jan] Fix deleting of identities (Bug #1018).


[cjh] Try to catch dangerous URLs in the dereferrer (go.php).
[cjh] Improve tree graphics for right-to-left languages (Vahid Ghafarpour
[mms] Fix IMAP_Tree display if folder contains the text 'pop3'.
[cjh] Fix the Horde_Form date picker popup in Konqueror/Safari (Bug #963).
[jan] Spaces in tree views with Internet Explorer have been fixed.


[cjh] Always reload frameset after logging in (Bug #814).
[cjh] Fix menu rendering for IE 5.0/Mac.
[cjh] Turn off PNG transparency for IE by default.
[cjh] Allow to pass an array of attributes to Horde::img().
[cjh] Allow to set a password for the auto authentication driver.
[jan] Add option for null driver to mailer configuration.
[jan] Fix configuration of ZPS cache.
[jan] Fix some javascript errors with IE 5.0.
[cjh] The "Horde Purple" theme is now simply another theme that inherits from
      the global CSS settings, instead of being both the parent theme as well
      as a user-chooseable option.  The default graphics are now in a
      top-level themes/graphics directory as well for use by all themes.


[jan] Show tab with the field that didn't validate on submitted forms.
[mms] Add a generic MIME_Viewer that will display the raw text of text/*
      parts that we do not have a specific viewer for.


[cjh] Use HORDE_MENU_MASK_* constants for determining what links are shown
      on menus.
[jan] Create default parameters when adding a new block to the portal.
[mms] Autodetect exact version of IE (5.0+) on login and turn off compression
      only for buggy versions.
[cjh] Use an IE behavior for handling alpha transparency with PNG images
      instead of an onload handler.
[mms] Allow all folders to be pre-fetched when intializing IMAP_Tree::.
[mms] Added extensions to the form renderer for the file selection API.
[cjh] Render all menus as <ul> tags, formatted with CSS.
[mms] Added example of _imp_hook_spam_bounce to config/hooks.php.dist.


[cjh] Allow to insert images from galleries in the WYSIWYG HTML editor (Duck
      <>, Roel Gloudemans <>).
[mdj] All Horde icons changed from GIF to PNG.
[mdj] Add /themes directory and group all of each theme's files under a subdir
      of this directory.
[jan] Switch from dynamic to static CSS files.
[mms] Add support for Message Disposition Notifications (RFC 2298).
[jan] Add TableOperations, ContextMenu and ListType plugins to rich text
[jan] Add DataTree browser to admin interface.
[cjh] The Horde_Cache:: API has been completely rewritten to take
      advantage of the new ZPS4 api for content caching, which allows
      a more familiar caching API overall. The old zps driver has been
      dropped because of this.
[jan] Add Persian (Western) translation (Vahid Ghafarpour
[jan] Drop usage of arg_separator.output.
[jan] Make sidebar width a preference (Rick Emery <>).
[cjh] The Prefs_sql driver now uses DB::prepare/DB::execute for better support
      of large fields on database backends such as Oracle.
[cjh] Support custom field mappings in CSV exports, and add an Outlook export
[cjh] The Horde sidebar menu is now built with Horde_Tree.
[jan] SECURITY: Close an XSS hole in the HTML viewer, a variation to the one
      reported in
[jan] Add configuration option to enable SSL for logins only.
[jan] Remove share type (private/public).
[jan] Add framework to clear out user data, e.g. when removing users.
[jan] Add access keys.
[jan] Don't require blocks to be registered in the applications' APIs.
[cjh] Introduce a '_default_' color and better handling of user-specified
      Unfiled colors.
[jan] Allow themes to use their own icon sets.
[cjh] Categories and category color labels are now handled globally by Horde,
      and provided to all applications that use them.
[jan] Identities are now managed with the preferences code and can be accessed
      from every application.
[mms] Handle RFC 2231 encoded parameter values.
[mms] Add IMAP_Sort class to provide sorting for IMAP mailbox lists.
[jan] Add user management to IMAP authentication driver.
[jan] Add IMAP_Admin class to manage IMAP mailboxes.
[mms] Added a generic text/html MIME_Viewer driver for all Horde applications
      that attempts to sanitize malicious code hidden in HTML.
[mms] Added a generic message/rfc822 MIME_Viewer driver.
[cjh] Remove HORDE_LIBS constant and assume libraries are in the include_path.
[jan] Add searching and paging to the user administration interface (Joel
      Vandal <>).


[jan] Access keys are no longer generated automatically but defined by the
      developers and translators.
[cjh] The new services/prefs.php file is now the only UI page necessary
      for preferences for all applications - all app/prefs.php files
      are now obsolete.
[cjh] Prefs::getPref() has been deprecated and is no longer present.
[cjh] Horde::, Registry::, and the last of the libs that are moving should be
      moved to framework packages now.
[cjh] Editor::, Menu.php, NLS::, and Signup.php have all been moved to
      framework packages.
[mms] Moved the IMAP Tree generation class from IMP to framework so it can
      be used by other applications.
[mdj] Setup now has a more informative format. The CVS version tag is copied
      from the conf.xml file into the conf.php file so that it be used to warn
      which applications need their conf updated.
[cjh] Use javascript to autodetect whether or not the frameset is present.
[cjh] Horde_History, Horde_Links, and Horde_Search have been moved to
      framework packages.
[cjh] Allow apps including horde/lib/base.php to specify that a different
      registry application should actually be pushed onto the Registry
      application stack. This lets the fiction of problem.php being its
      own application play nicely with the new permissions checking.
[cjh] The new application permissions checking has been modified to
      allow access to all authenticated users by default, and to deny
      guest access by default. All variations on that must be set
[cjh] Remove the Guest Services link; it's been obsoleted by
[cjh] Various $no_auth and $self_contained_auth flags have been standardized
      into an AUTH_HANDLER constant, which if defined signals the application
      that it should not check permissions upon calling $registry->pushApp(),
      as the calling script will handle that itself, or is a system-level cron
[cjh] Add an option to $registry->pushApp() to specify whether or not to check
      application permissions.
[cjh] The 'allow_guests' setting, and $registry->allowGuests(), have been
      removed in favor of Horde_Perms application permissions.
[mms] Added the text/richtext MIME_Viewer.
[jan] Instantiate the global Perms object in Registry.php.
[cjh] Category has been moved to a framework package, and also renamed
      to DataTree so that it has a more intuitive name for the API.
[jan] Add Indonesian language (Slamin <>).
[jan] Add Auth_login class.
[jan] Add Horde::externalUrl().
[mdj] Perms is now a globally available object, set by the registry's
[jan] Add "About" page for the help system.
[jan] Add SOAP server to RPC framework.
[cjh] Move PrefsUI to Prefs/UI.php for package consistency.
[mms] Added NLS_GeoIP:: to do Hostname -> Country lookups.  NLS:: will do
      lookups by default now using country TLD codes.
[mir] Add preprocess hook for Signup system.
[jan] Move Horde_CLI, Horde_Cache, Horde_Cipher, Horde_Compress,
      Horde_Token and Horde_Util packages to the framework module.
[cjh] Reorganize a number of files from the top level and from util/ into a
      new services/ directory and a number of services/* subdirectories.
      This should give us a better base for expanding the services provided
      by the core Horde module in the future.
[max] Add support for <b> and <i> tags to the Help xml parser.
[cjh] Add the Horde_History API, for storing timestamped events for
      arbitrary objects.
[cjh] Horde_Template now allows if: conditions on array values
      (Nuno Loureiro <>).
[jan] The administrator can now force the default language in nls.php
      (Etienne Goyer <>).
[mdj] Horde_Form now supports setting of a help icon linked to help.xml.
[cjh] mime_mapping.php is no longer a config file; replaced with
      mime.mapping.php inside the MIME package.
[cjh] Add Google search applet (Joe Wilson <>).
[jan] UTF-8 support is enabled by default now.
[jan] Themes are now automatically read from the config/themes directory.
[cjh] Add support for other kinds of servers and other kinds of responses to
      rpc.php and the RPC:: API.
[jwm] Add support for approving queued signup applications.
[cjh] Groups can now have an email address associated with them.
[cjh] Make Horde-level Blocks configurable through the registry, allowing
      easier adding of new blocks (Joe Wilson <>).
[cjh] CategoryTree is now deprecated in favor of Horde_Tree.
[cjh] Move the admin permissions and groups pages to use Horde_Tree.
[max] Add _comparePasswords() function to Auth_sql to correctly compare
      all crypted passwords similar to the Passwd module.
[max] Add crypt-des (which is the same as crypt), crypt-md5, and crypt-blowfish
      encryption types, to match Passwd module.
[max] Add optional show_encryption param to Auth_sql, to match Passwd module.
[mms] Added IP Address check to Auth::authenticate() to increase security.
[jan] Remove NLS::decimalFromLocale() and NLS::decimalToLocale().
[cjh] Horde_VFS:: is now VFS:: again, and has no external Horde dependancies.
[cjh] Round out the various shell tools with a command shell.
[cjh] Add sidebar.php and appropriate prefs entries for using Horde with the
      menu as a Mozilla sidebar.
[mms] Add IMAP_Cache:: class to handle cached IMAP server data.
[cjh] Make getCategoriesByAttributes() much more sophisticated - it can
      now handle a pretty much arbitrary logic tree - and use it to optimize
[cjh] Add getCategoriesByAttributes(), and use it in
[cjh] Add code that lets a CategoryObject subclass define a mapping from its
      internal data to the new horde_category_attributes table.
[mms] IMAP_Search:: now uses a IMAP_Search_Query:: object to build the
      actual IMAP search.
[mms] Added a secure delete temp file option that will overwrite any temp file
      with random data before unlinking.
[jan] Add Lavender theme (Ziaur Rahman <>).
[cjh] Horde_Template:: is now capable of translating text inside
      <gettext></gettext> tags.
[cjh] Horde_Mobile:: now properly supports multiple submit elements in forms.
[mac] Add generic Cyrus auth driver, Auth_cyrus.
[mac] Add optional encryption param to Auth_sql, to match Passwd module.
[jan] Add new hooks (replacing _horde_hook_username) to convert user names
      from the backend to Horde and back.
[cjh] Add a new API call, Auth::isAuthenticated($realm = null), for
      determining whether or not a user is logged in to the current
      realm (by default null). Auth::getAuth() is still used to get
      the current user, but now you don't need to know the auth realm
      to get the current user - just to check authentication.
[cjh] DHTML date picker now opens right over the image used to anchor it.
[cjh] The last_login preference is now entirely handled by Horde.
[mms] Add Horde_Test:: class/templates to aid in creating test.php scripts.
[mms] Move complex IMAP searching code from IMP_Search:: to IMAP_Search::.
[cjh] Re-work the Horde LDAP schema bits to be more correct and
      consistent (Adam Tauno Williams <>).
[mms] Add DOM tooltip capability via Horde::linkTooltip().
[mms] Add garbage collection class (Horde_VFS_GC::) for VFS.
[mms] Add timeout to PGP keyserver lookup.
[cjh] Add navigation for previous/next preferences block in PrefsUI
      (Mathieu CLABAUT <>).
[cjh] Add Horde_Links API (
[cjh] Add more introspection, in the form of getContentType() and
      getLink(), to the Horde_Image:: API.
[cjh] Add util/cacheview.php for viewing any data with a Content-type
      put into the cache.
[cjh] Add Horde_Cache::cacheObject() for use in caching the results of
      non-static object methods.
[cjh] Rename Cache:: to Horde_Cache::.
[cjh] Move Cache_session:: to Horde_SessionObjects::.
[mms] Added Horde::extensionExists() to cache extension_loaded() calls.
[cjh] Add NLS::decimalToLocale() and NLS::decimalFromLocale() to handle
      converting between different decimal point separators.
[cjh] Added MIME_Headers::.
[mms] Moved gzip and tar file handling to Horde_Compress_*:: modules.
[mms] Moved ZIP handling to the Horde_Compress_zip:: module.
[mms] Moved TNEF handling to the Horde_Compress_tnef:: module.
[mms] Added Horde_Compress:: API - used to compress/decompress data.
[mdj] Added the DOM calendar date picker to Horde_Form, based on work by
      Mike Cochrane <> and Brian Keifer
[mms] Added multipart/report MIME_Viewer::.
[mms] Added MIME::generateMessageID() to generate MIME-compliant message IDs.
[cjh] Add command-line setup.php script. Right now, this only generates/updates
      configurations; you cannot *edit* a configuration with it.
[jan] Add String:: class with locale/charset safe string functions.
[mms] Added Horde::authenticationFailureRedirect().
[mms] Added Browser::escapeJSCode() to escape certain characters in
      javascript code depending on the browser type.
[jan] Add NLS::strtolower() and use it everywhere where locale independance
      is necessary.
[jan] Add Turkish translation (Genco Yilmaz <>).
[mms] Add 'link' parameter to the preferences config to allow for help links
      to be added to the preferences pages.
[mms] Another Maintenance:: rewrite - now store all data in the cached
      Maintenance_Tasklist object.
[mms] Added check to Prefs:: to ensure the data stored does not exceed the
      maximum storage size of the preferences storage system.
[jan] Add UTF-8 support. Any content with any charset can now be displayed with
      any translation.
[mms] Add NLS::checkCharset() to determine whether a given character set is
      valid on the current system.
[cjh] Deprecated Registry::includeFiles() and Registry::shutdown().
[mms] Add support in MIME_Magic:: to use the UNIX file function to determine
      the MIME type of unknown files.
[mms] Added an example cron script to delete old temporary files.
[mms] Correctly get charset information for MIME_Parts in MIME_Structure.
[mms] Rewrote MIME_Message to extend MIME_Part.
[cjh] Add ordering extensions to the Category:: framework
      (Marko <>).
[cjh] Add a simple template engine, derived from bTemplate,
      for Horde applications to use.
[cjh] Add Auth_yahoo:: which lets you have no local auth and rely on
      Yahoo! mail usernames.
[mms] Moved Server configuration checking functions to Server::.
[cjh] The user admin page can now set fullname and from_addr preferences
      for any user as long as the Auth backend is capable of at least
      listing users (doesn't have to be able to update them).
[cjh] Share:: is now Horde_Share::, and is reworked to hold permissions
      internally. We can now assign group/default/guest permissions
      more easily.
[jan] Add RPC::parseUrl().
[jan] Add RPC based remote summaries.
[cjh] Add a SQL Shell to the Horde admin section.
[cjh] Don't prefix Horde admin menuitems with "Horde" to save space.
[cjh] Horde_Form:: forms now use the Horde_Token:: API by default to
      make sure that they cannot be reloaded.
[cjh] Rename Token:: to Horde_Token:: for future packaging.
[jan] Add Registry::listAPIs() and Registry::listMethods().
[cjh] The Perms:: system now supports default and guest permissions.
[cjh] Applications can now provide individual registry methods, not just whole
      interfaces. Applications can override a single method out of an interface
      as well - an app providing a mail/filter while IMP provides mail/*, e.g.
[cjh] Renamed FormSprocket:: to Horde_Form:: and GraphSprocket:: to
      Horde_Graph:: for consistency and future PEAR packaging.
[mir] Added example of _imp_hooks_fetchmail_filter to config/hooks.php.dist
[mms] Added the MIME_Contents:: class; functions to help in the output
      of MIME content.
[cjh] Rewrite the Category:: system to allow multiple leaves with the same
      name (as long as they have different parents) and rewrite everything
      (Perms::, Group::, Share::, etc.) to use it.
[cjh] Move _fileCleanup() into Horde:: as Horde::deleteAtShutdown(),
      and add Horde::_deleteAtShutdown() to do the actual deleting.
[cjh] Initial support for configuring the summary screen
      (Eric Rechlin <>).
[cjh] Add a system for defining generic hooks for any preference.
      See horde/config/hooks.php.dist for lots of examples and docs.
[cjh] Add a colorpicker utility to Horde
      (Michael Cochrane <>).
[cjh] Add a guest services entry page and links to it from all
      login pages.
[jan] Add translation helper script.
[mms] Stylesheet link generation handled by Horde::stylesheetLink().
[cjh] Add the new Config:: API and setup.php, a system which reads
      configurations from XML files and existing conf.php files,
      taking care of merges and adding new parameters. Currently we
      have a web wizard.
[cjh] css.php now supports loading CSS classes for multiple applications.
[mms] Removed the SessionCache class. Equivalent code is now available in
      the Cache_session:: class.
[mms] Added IE broken-browser downloading code to Browser::.
[mms] Added a session driver to Cache::.
[cjh] Rename config/horde.php to config/conf.php.
[cjh] Move cookie_domain, cookie_path, server_name, and server_port into
[cjh] Add a parameter for setting the session cache_limiter.
[cjh] Add MIME_Viewer_text to Horde.
[cjh] Rewrite all factory/singleton methods to allow individual applications
      to provide a custom backend, and to allow sites to provide custom
      backends in their include_path settings.
[mms] Handling of Content-Type parameters moved to MIME_Part from MIME_Message.
[mms] Crypt_pgp:: can now upload keys to a public keyserver.
[mms] Renamed the Lang:: class to NLS:: and moved the timezone setting
      method into it.
[mms] The local timezone can now be set via the Horde::setTimezone() call.
[mms] All browser headers for downloading a file have been moved to the
      Browser:: class.
[cjh] Add files to util to support embedding a GUI editor into our pages.
[mms] MIME:: no longer exports $mime_types and $mime_encodings as global
      variables - rather, MIME::type() and MIME::encoding() should be used.
[mms] The tgz MIME_Viewer now lists all files without using an external helper
      program (Michael Cochrane <>).
[mms] The rar MIME_Viewer now lists all files without using an external helper
      program (Michael Cochrane <>).
[mms] The zip MIME_Viewer now lists all files without using an external helper
      program (Michael Cochrane <>).
[mms] Maintenance:: now uses session variables to provide much cleaner and more
      robust performance.
[mms] MS-TNEF attachments are now handled completely via PHP rather than with
      an external program.
[mms] Added application/ms-tnef MIME_Viewer.
[mms] Horde_Crypt_pgp class can query public keyservers.
[mms] MIME_Structure::parseMIMEHeaders() can now parse all headers of a MIME
      message and return an object.
[jan] Add MIME::rfc822WriteAddress() to replace imap_rfc822_write_address().
[mms] Added S/MIME MIME_Viewer.
[jon] Support referrals between LDAP servers in the LDAP preferences driver
      (Kevin Hildebrand <>).
[mms] MIME_Structure::parse() now returns a MIME_Message object.
[cjh] Configure administration services in the Registry
      (Marcus I. Ryan <>).
[cjh] Add API methods for getting the preferences and identities of users
      other than the logged-in user.
[cjh] Allow setting the Content-Disposition of MIME_Part objects.
[mms] Add Crypt:: framework.
[max] Add Brown Horde theme (Marco Obaid <>).
[jon] Allow the LDAP version to be specified for the LDAP preferences driver.
[jan] Add theme preference.
[jan] Add callback funtion for preferences.
[jon] Remove the $conf['menu']['floating_bar'] functionality.
[jan] Load only login page on startup and redirect to frameset after login.
[cjh] Don't allow anonymous access to problem.php.
[cjh] Add en_GB locale.
[cjh] Remove extensions on temporary files; this is a temp race hole.
[cjh] Allow for auto-creation of permissions (multiple levels of hierarchy).
[cjh] Add adding/removing of users from groups.
[cjh] Create temp files with the right extension in MIME_Viewer_enscript:: so
      enscript has more clues to guess file type.
[cjh] The admininstration interface for Groups and Permissions is now
      mostly functional.
[cjh] Make application authentication an Auth:: driver, instead of a special
      Registry case.
[cjh] Fix problems with the Notification stack and register_globals being off.
[jon] Alter Horde::img() to explicitly accept an alt="" attribute.
      Horde::img() now generates title="" attributes based on the alt="" text,
[cjh] Notification::notify() passes the message stack to all listeners, so that
      listeners don't have to know about the message stack, and app writers
      don't have to know about all possible listeners.
[cjh] Replace the HORDE_* message constants with 'horde.error', etc. for
      greater flexibility.
[cjh] Remove Horde::raiseMessage() now that the Notification system
      provides that functionality.
[cjh] Use the new Notification system.
[cjh] Remove other Registry get() methods.
[jon] Remove support for the horde_language cookie.
[mms] Move the maintenace framework from IMP to Horde.


[jan] SECURITY: Fix potential XSS vulnerability due to not properly escaped
      error messages.


[jan] SECURITY: Close XSS when setting the parent frame's page title by
      javascript (cjh).


[cjh] Restore compatibility with PHP 4.1.
[jan] SECURITY: Fix potential XSS vulnerability in the help window.
[jan] Fix charset for Latvian translation (Bug #656).


[jan] Use DB::prepare/DB::execute ONLY for Oracle to avoid implicitly requiring
      PHP 4.2 for all other RDBMs.
[cjh] Fix Oracle session handler.
[cjh] Add SQL scripts for Oracle and PostgreSQL session handlers.
[jan] Don't strip trailing spaces from signature dashes in IMP.


[cjh] Fix support for custom session handlers.
[cjh] Use DB::prepare/DB::execute in the Prefs_sql driver for better support
      of large fields on databases such as Oracle.
[jan] Show the user's full name on the summary screen directly after logging
      in (D. Adam Karim <>).
[jan] Fix javascript error in "Problem" page with some translations (Bug #61).
[cjh] Fix handling of PostgreSQL blobs (Bug #44).


[jan] Add Indonesian language (Slamin <>).
[jan] Add Galician translation (Rafael Varela Pet <>, Guillermo
      Mendez <>).
[mms] Fix downloading of files with spaces in Mozilla.


[mdj] SECURITY: Add dereferer to strip off session information from links to
      the outside of the Horde system to protect against session hijacking.
[mms] SECURITY: Add code to protect against session fixation issues.
[jan] Fix a bug with importing vCard 2.1 data.
[jan] Add Arabic (Syria) translation (Platinum Development Team
[jan] Add Macedonian translation (Stojan Pesov <>).
[mir] Fix a bug that incorrectly quotes pref values (Bug #1224)
[cjh] Fix a bug that prevented logging.
[mms] DB session handlers do not use persistent connections by default.


[mms] Fix parse error in Horde_Cipher_BlockMode_ofb64::.


[mms] Optimization of Secret:: and Horde_Cipher:: drivers.
[jan] Add Catalan translation (Angels Guimerà <>).
[mms] Added a RADIUS Auth:: driver.
[mir] Added a Samba Auth:: driver.
[cjh] Added the Horde_Image:: class.


[jan] Fix incompatibility with PHP < 4.2.0 in the SQL VFS driver.
[jan] Fix undefined variable in Cipher.php (cjh).
[mms] Complete merging of SQL session handler.


[cjh] Add support for user-defined session handlers
      (Mike Cochrane <>).
[mac] Change Secret:: from using PEAR Crypt_HCEMD5 to the Horde_Cipher class.
[mac] Add Horde_Cipher:: class to provide a common abstracted interface to
      various Ciphers for encryption of arbitrary length pieces of data.
[mms] Correctly get charset information for MIME_Parts in MIME_Structure.
[jan] Add Latvian translation (Kaspars Kapenieks <>).
[jan] Add Romanian translation (Corneliu MUSAT <>).
[jon] Added support for an <eref> entity to the help system.  This allows an
      external link to be embedded in a help entry. (<>)
[cjh] Rename VFS:: to Horde_VFS:: for PEAR packaging.
[cjh] VFS:: is now packaged so that it can be exported as a PEAR component.
[cjh] Add a multi-user SQL VFS backend (Mike Cochrane <>).
[cjh] The VFS api now consistently takes a temp file in the write() method
      across all backends (Michael Varghese <>).
[cjh] Add a VFS API for storage of files in an abstracted filesystem.
[cjh] Add a preference to allow maintenance ops with no confirmation screen
[cjh] Replace 'show' attribute in the registry with a more flexible 'state'
[jan] Allow setting the number of columns in the summary screen as a user
      preference (Brian Keifer <>).
[cjh] Add Horde::getGet() and Horde::getPost().
[cjh] Add an initial_application preference so users can select an app
      to be taken to instead of the Horde Summary on login.
[cjh] Make text, icon, or both menus a user preference
      (KaalH! <>).
[cjh] Add a parameter for setting the session timeout.
[cjh] Add a parameter for setting the session delimiter.
[mms] Add MIME_Magic::filenameToMIME().
[jan] Use arg_separator.output instead of hardcoding '&' (David Ulevitch
[jan] Add Notification::count() (David Ulevitch <>).
[cjh] Add Auth::isAdmin().
[cjh] Allow loading of sub-classes from several additional sources.
[jan] Remove references to not yet released applications (Gollem, Troll).
[cjh] Rewrite Category_sql implementation to be much more efficient.
[jan] Add Lithuanian translation (Darius Matuliauskas <>).
[mms] Add Horde::compressOutput().
[mms] Add a kerberos Auth:: driver.
[jan] Add Bulgarian translation (Miroslav Pendev <>).
[jan] Remove deprecated DB::isWarning() calls.
[mms] Add Horde::createTempDir().
[cjh] Add Horde::usingSSLConnection().
[cjh] Replace <?= with <?php echo to remove the short_open_tags requirement.
[jan] Add Text::toHTML(), Text::highlightQuotes() and Text::dimSignature().
[cjh] Add Registry::listApps().
[cjh] Add Prefs::getPref() for getting preferences for someone other than the
      logged-in user.
[cjh] Add the ability to load identities for someone other than the logged-in
[mms] Add Horde::removeParameter().
[mms] All browser headers for downloading a file have been moved to the
      Browser:: class.
[jan] Add detection for UTF capability to Browser class.
[mms] Added images MIME_Viewer.
[bjn] Add PostgreSQL command flag (Richard G Konlon <>).


[jan] Add Hungarian translation (Laszlo L. Tornoci <>).
[jan] Add Norwegian Nynorsk translation (Per-Stian Vatne <>).
[jon] Major overhaul to the LDAP preferences driver. Note the changes to
      config/horde.php and scripts/ldap/horde.schema when upgrading.
[jan] Add Slovenian translation (Jure Krasovic <>).
[cjh] Add a Horde preferences screen, and a preference to refresh the summary
[cjh] Add text/enriched MIME_Viewer
      (Eric Rostetter <>).
[jan] Improve language selection.
[jan] Add Japanese translation (B.J. Black <>).
[cjh] Close a potential problem with register_globals On and $js_onLoad.
[jan] Add Prefs::isDefault() method to determine if a preference's value is
      set by the user or the default value from prefs.php.
[jon] Overhauled LDAP preferences driver.
[cjh] Make Horde::dispelMagicQuotes() recursive, so that it handles arrays.
[cjh] Have Secret::setKey() check for the session cookie explicitly, to avoid
      problems with old cookies being sent to a site when they are really
[cjh] Add a PrefsUI class for handling the form processing and UI generation
      for user preferences; this code was duplicated all through Horde.
[cjh] Add a mapping function to the enscript driver which maps file
      extensions to enscript language codes, and pass the language
      directly to enscript, to avoid having to use a file extension.
[cjh] Fix MIME_Magic::MIMEToExt() to work with x-extension/ext types.
[cjh] Add MIME_Magic::MIMEToExt() to map MIME types to file extensions.
[cjh] Rewrite Perms:: to use the Categories backend.
[jan] Change the Norwegian Bokmal locale from no_BOK to nb_NO and make it the
      default language for Norwegian users.
[cjh] Make Horde's login screen nicer; include reasons in it.
[cjh] Use HORDE_TEMPLATES for all template paths.
[cjh] Use $registry->get() for all Registry information.
[cjh] Removed administration code which is incomplete and confusing to users.
[jan] Add Estonian translation (Toomas Aas <>).
[jan] Add Slovak translation (Leo Mrafko <>).
[jon] Enable the "portability" option in the PEAR DB (sql) drivers.
[cjh] Use Horde's 'initial_page' configuration value in the Horde frameset.
[jan] Add Portugues translation (Nuno Loureiro <>).
[jan] Rebuild the language selection logic. The language selected on the login
      screen is now respected and the site's standard language is defined in
      lang.php instead of each application's preferences.
[jan] Add javascript to set the frameset's page title (Michael Cochrane
[jan] Add Ukrainian translation (Andriy Kopystyansky <>).
[jan] Update gettext documentation and Makefiles for Solaris and Debian.
[jan] Add Danish translation (Martin List-Petersen <>).


[jan] Add Norwegian Bookmal translation (Oystein Steimler <>).
[avsm] Add .htaccess files to deny access to data directories.
[jan] Add Finnish translation (Leena Heino <>).
[cjh] Fix one last problem with POP3 and multipart/alternative attachments.


[rich] Include rewritten and reorganized documentation.
[cjh] Add an MSPowerpoint MIME_Viewer.
[jan] The language cookie was removed in favor of new methods in the Lang::
      class that select the language and set the gettext domain.
[avsm] Include Chora in this release cycle, but not showing in the toolbar.
[cjh] Add MIME_Viewer_zip.
[cjh] Trim registry.php.dist to only list apps in this release cycle.
[jan] Add deleteObject() method to the SessionCache class.
[bjn] Change 'en' and 'en_EN' locales to 'en_US' (default).


[cjh] Recognize a few browsers and set quirks/features accordingly.
[cjh] Support for adding and listing LDAP users given a set schema.
[cjh] Set the session cookie parameters with our cookie_path/cookie_domain
      settings. This means that you can be logged into multiple Horde
      installations on the same server (different paths) and not have the
      sessions interfere.
[cjh] Use 'hostspec' consistently in Auth drivers.


[jan] Add Brazilian Portuguese translation (Carlos Daniel Kibrit <>).
[jan] Add Greek translation (Stefanos I. Dimitriou <>).
[jan] Add vCard MIME driver. Changed config/mime_drivers.php.dist.
[jan] Add Swedish translation (Andreas Dahlén <>).
[jan] Add Korean translation (J.I Kim <>).


[jon] Added $file and $line parameters to Horde::fatal().
[jon] Removed the PREFS_* and AUTH_* constants in favor of PEAR_Error objects.
[avsm] Don't depend on the registry being available when displaying
      the 'Horde is not configured' message.
[cjh] Clean up the Identity class to be a generalized, clean piece of the
      framework that can be used in other apps and subclassed if necessary.
[cjh] Make failure to connect to the preferences datasource a fatal error.
[cjh] Added the Serialize:: class for various methods of encapsulating data
      (steph <>).
[cjh] Added the capability to get authentication credentials other than
      username back from the Auth framework, and completed the
      authentication realm functionality.
[jon] Allow the table cell and link CSS classes to be specified when creating
      menu items.
[jan] Add registry method for linking to a nag task.
[jan] Add identity class.
[max] Add Registry::getName() for querying application names.
[cjh] Horde now provides the Horde::logMessage() method for logging of
      information according to configurable priorities, etc.
[jan] Add functionality to map date and time fields to the Data class.
[cjh] Add the beginnings of a user administration system.
[cjh] Add Chinese (Traditional) translation (David Chang
[jan] Add Italian translation (Giovanni Meneghetti <>).
[jan] Add Data class for importing and exporting data.
[jon] Cleaned up the help system a bit.
[cjh] Add Horde::fatal() for displaying PEAR_Error objects and aborting.
[avsm] Extend Horde::getTempFile() to allow directory to be overridden.
[avsm] Allow temporary files to be unregistered from deletion.
[avsm] Add a Cache framework for persistently storing objects, along
       with a filesystem driver.
[jan] Add Polish translation.
[cjh] Fix a problem with $registry->call() and switching application
[cjh] Get rid of the invoke() methods in the registry.
[cjh] Don't re-include application config files; save configs in a cache so
      that we can just point $GLOBALS['conf'] at the old config on
      $registry->popApp(), etc.
[jan] Add French translation (Frederic Trudeau <ftrudeau@CAM.ORG>).
[cjh] Add Czech translation (
[jan] Add new timezone handling with cleartext timezone names in lang.php.
[cjh] Add Russian translation (Ignat Ikryanov <>).
[jon] New methods in Browser.php for retrieving versions. <>
[jon] Browser.php now detects Opera. <>
[cjh] Move the language and charset defaults into config/lang.php, and add a
      Registry method to get the current charset.
[cjh] Map browser codes such as 'nl' to the full code ('nl_NL', etc.).
[avsm] Replace $conf['paths'] with the $registry equivalents.
[avsm] Add four registry functions to query webroots and paths.
[avsm] Many MIME_Viewer changes: API tweaks, new drivers, works with IMP.
[cjh] $conf['user']['online_help'] is now a Horde-level setting.
[avsm] Enable applications to have local MIME_Viewer drivers in addition
       to the global Horde ones.
[avsm] Shuffle around the MIME_Viewer API: getDriver() is now private
[avsm] Add an 'initial_page' option to the registry, to let us link into
      any page inside an application.
[cjh] Add a framework-level base.php file and make framework scripts use it.
[cjh] Add re-organized but still mostly out of date HELP/LISTS/SOURCE files
      (Josh Miller <>).
[cjh] Add a parameter that determines whether or not apps are linked on the
      Horde menubar.
[cjh] Clear the whole session when the user logs out of Horde.
[jon] Added Prefs::isEmpty() for determining whether a preference is empty.
[jon] Added an $onclick parameter to Horde::link() for specifying an anchor's
      'onclick' JavaScript event.
[cjh] Use the *url() functions more consistently to make sure that
      cookie-less sessions work.
[cjh] Modify css.php to use the Registry to get application file paths.
[cjh] Add cookie_path and cookie_domain settings for people who keep apps
      outside of the Horde webroot or on multiple servers.


[cjh] Add a Horde summary framework, which uses the Registry to get
      summaries of available data - tasks, events, etc. - for the Horde
      login screen.
[cjh] The preferences settings should be Horde-wide, and so have been moved to
[cjh] Move prefs.gif and generic prefs templates into Horde.
[cjh] Move setting of the gettext domain into the Registry.
[jon] Simplified the preference system's cleanup functions.
[jon] Merge into
[jon] Added Text::htmlspaces() and Text::htmlallspaces().
[cjh] Add an option to Horde::getTempFile() to not delete the file at the
      end of the request.
[cjh] Add a &singleton() method to the Registry class.
[jon] Added Nag interface to the registry.
[jon] Expanded the registry to handle importing application-specific
      configuration values.
[max] Add auth/login and auth/logout options for Gollem in the registry.
[max] Add Registry::getMethod function.
[max] Add contacts/sources service to the registry.
[cjh] Rename the Connection classes to Token.
[cjh] Rename the ObjectStore class to SessionCache.
[jon] Adding Dutch language.
[avsm] Add icon support to the MIME_Viewer framework
[avsm] Update the MIME_Viewer API to include getDriver() and getIcon()
[jon] Overhauled the preferences caching system a bit.
[cjh] Update Browser:: to recognize IE6.
[jon] Added Horde-wide and driver-specific cleanup methods to the preferences
[cjh] Remove the strtolower() from Lang::select() which was preventing
      proper locale names (like pt_BR) from working correctly.
[max] Added authentication handler to the Registry.
[jon] The 'session' preferences driver now honors preference scope.
[max] Made sitename title configurable.
[jon] Reworked the Menu::customItem() to accept PHP data structures instead
      of a string of encoded parameters.
[avsm] Added MIME_Viewer framework to handle rendering files into HTML
       (and other) formats in a user-extensible fashion (experimental)
[avsm] New MIME_Magic and mime_mapping.php config file (experimental)
[avsm] Two new temporary file handling functions, Horde::getTempFile() and
      Horde::getTempDir() to take care of the housekeeping of temp files.
[max] Added contacts/add service to registry.
[cjh] Registry::call() is now Registry::link(). There is a new
      Registry::call() which actually returns the result of a function call
      made to another application.
[cjh] Fix DB query result checking in sql drivers.
[cjh] Fix help so that generic help links (on menu bars) show the topic list
[cjh] Make the login form nicer, and add a logout link.
[cjh] Make sure all of the sql drivers use DB::quoteString() on all strings.
[cjh] Replace a @mysql_query() that was hiding in Connection/sql.php with
[cjh] Return basename($language) from Lang::Select() to avoid possible
[cjh] Add Registry::hasMethod() for checking if a piece of functionality has
      been registered with Horde.
[jon] Another large overhaul to the preferences system.  Note that the
      isChangeable() function has been renamed isLocked().  There is also
      support for preference scope (via isShared() and setShared()).
[jon] Added capaiblity tests to those drivers that require non-standard PHP
      extensions (handled by Horde::functionCheck()).
[jon] Added an Auth_LDAP Horde authentication driver.
[cjh] Add little snippet-templates for dynamically building preference GUIs.
[cjh] Rename the Auth interface's auth() method to authenticate() to avoid
      overlapping the name of the constructor for the Auth parent class.
[cjh] The configuration array is now simply $conf. Any settings that must be
      accessible unchanged (not overridden) should be put into $conf['horde'].
      Everything else is fair game for applications to override.
[cjh] Add a wml/wap login form.
[max] Add an Auth_FTP Horde authentication driver.
[cjh] Add an Auth_MCAL Horde authentication driver.
[cjh] The Horde login form now actually does something. Logging in to it
      gets you a token in your session saying that you've authenticated and
      who you are. Apps can then use this information to allow or deny
      access, and to identify users.
[cjh] The format of the config/registry.php file has changed drastically to
      be more readable and less indirect. There is also a new app parameter,
      'allow_guests', which defines whether or not a user is allowed to
      access the application without logging in to Horde.
[cjh] The Auth:: classes now expect to receive a userid and an array of
      credentials. Right now all backends assume that those credentials
      contain a password, but the way is clear to have other kinds of auth
      (IP, time-based, whatever).
[jon] Added a new parameter to the LDAP preferences driver: 'always_bind'.
[cjh] Added a Menu:: class that all modules can use to generate menu items.
[jon] Cleaned up the LDAP preferences driver a bit.
[jon] Added session-level preferences caching to the preferences system.
[cjh] Have Horde::link() make sure that the status text is safe for
      javascript (htmlentities, addslashes).
[cjh] Fix ObjectStore to work when register_globals = On.
[jon] Added a Session-based preferences driver.


[cjh] Further revamp the MIME interface. Be consistent in capitalization
      (acronyms are capitalized), break out MIME_Structure and MIME_Message
      into seperate files, and put all methods into classes.
[cjh] Add Horde::getFormData() to fetch a variable from either
      $HTTP_POST_VARS or $HTTP_GET_VARS (and to clean magic quotes, if
[cjh] Remove the Log:: class. This is part of PEAR now.
[cjh] Add a SessionCache:: class. This is intended for storing objects in
      the session intended for near-term use, and will currently start
      throwing out objects when more than 20 are put in. This will hopefully
      keep any one session from growing too large.
[cjh] Use the new PEAR class Mail_rfc822:: to parse address lists, so that
      we get rfc 822 group support (my-buddies: jon@horde,org,;), which imap_rfc822_parse_adrlist() doesn't have.
[max] Make Horde XHTML 1.0 compliant.
[cjh] Add a few fields to the problem report and try to make it more friendly.
[cjh] Flesh out the Mime:: class.
[cjh] Move trimEmailAddress() into the new Mime:: class.
[cjh] Move set_env_in_string() to Text::expandEnvironment().
[cjh] Rename horde_cleanup() to _fileCleanup().
[cjh] The zlib module now supplies a gzencode() function that obsoletes
[cjh] Modify Horde::url() so that it defaults $conf['use_ssl'] to 2
      (auto-detect current mode).
[cjh] Modernize some of the Horde frontend (still lots to do here); get rid
      of package.HTMLDocument.php once and for all.
[avsm] Breakdown all special characters in URLs to entities, to avoid
      ambiguity in how various browsers parse them.
[cjh] Add Horde::raiseMessage() for creating Horde messages to be displayed
      to the user.
[cjh] Some general UI tweaks - font size, etc.
[cjh] Remove rfcdate() in favor of the new 'r' parameter to date.
[cjh] Added application 'webroot' and 'fileroot' properties to the registry
      config file. These allow more flexibility in placing apps, and let the
      registry work from more places.
[cjh] Moved package.Registry.php to Registry.php.
[cjh] Commented config/horde.php.dist heavily.
[cjh] Add a Secret:: class to Horde.php that provides a transparent
      interface to either the mcrypt extension (preferred) or the PEAR
      Crypt_HCEMD5:: class.
[jon] Accept a user-defined function for performing username lookups in the
      preferences code.  The preferences constructor looks for the function
      in $params['user_hook'].
[cjh] Check HTTP_ENV_VARS for the user-agent as well as HTTP_SERVER_VARS.
[cjh] Remove mailfrom() in favor of the PEAR Mail:: interface. Adjust the
      conf files and problem.php accordingly.
[cjh] Add a set of invoke() methods to the Registry:: class for directly
      invoking services (ie, actually popping up a window) instead of
      printing links to invoke them.
[cjh] Clean up package.Mime.php a bit; don't set a charset on MIME parts
      that aren't text.
[cjh] Added a file driver for the Connection:: class.
[cjh] Added a WAP index to provide quick links to all Horde wireless pages.
[cjh] Add basic WAP browser detection to Browser::. Currently this is of the
      "it detects the phone I have and the simulator I use" variety; it is
      _very_ far from complete.
[cjh] Added Max Kalika's Connection:: class for connection tracking.
[cjh] HTTP_Cache:: now compresses content without the use of a temp file.
[cjh] Fleshed out the Auth:: class with the ability to cache authorization
      in the session.
[jon] Removed the scripted wordwrap in favor of the native function.  Moved
      the wrap_message() function to Text::wrap().
[jon] Standardize on the rfcdate() function in lib/Horde.php.
[cjh] The prefs drivers now expect $params['hostspec'], for consistency with
[cjh] The PEAR sql prefs driver now works.
[cjh] Move horde configuration values that should not be overridded by
      modules into $horde['horde'][] to allow modules to do
      overriding/inheritance of other options.
[cjh] Add the HTTP_Cache:: class to Horde.php for ETag generation, gzip
      compression of http content, etc.
[cjh] Replace $horde['localhost'] with $HTTP_SERVER_VARS['SERVER_NAME'].
[cjh] Reject outright envelope From addresses with spaces in them.
[cjh] Quote the from address passed to sendmail to prevent shell exploits.
[cjh] Update Browser.php to use HTTP_SERVER_VARS, consolidate the javascript
      version information, and add ssl_download_hack for browsers that need
      downloads to be cacheable.
[jon] Add Text::filter to lib/Horde.php.
[cjh] Check the return value of pclose() correctly in mailfrom().
[jon] Security fix for $from value in mailfrom(). <>
[jon] Silence session_start warnings.
[jon] Added new |extra| substitution to config/registry.php for extra,
      non-standard parameter passing.
[jon] Remove buildURL().  It's been replaced by Horde::url().
[jon] Restructured the SQL preferences schema.
[cjh] Added $horde['session_name'] to control the session name globally.
[cjh] Session:: doesn't really buy us anything, so we've moved the utility
      methods that do into Horde::, and are just using php4 session calls
[cjh] Added the beginnings of User and Auth interfaces, with a bare-bones
      working Auth_sql implementation.
[jon] Rewrote the Session class for instantiation with hooks for
      user-defined session handlers.
[cjh] The bare-bones implementation of the Perms scheme, with a sql driver,
      works. If you pass it a full path it will traverse up it, returning
      the first permission it finds.
[jon] Moved the language handling functions in Horde.php into their own
      classed named Lang.
[cjh] More consistent/css-based look for the help system.
[cjh] Starting to remove all uses of call-time pass-by-reference.
[cjh] Added css.php for automagical generation of stylesheets for apps.
[jon] Promoted the WebClient class from lib/Horde.php to its own component
      named Browser.php.
[cjh] Use wordwrap in a slightly different way, which seems to produce much
      prettier quoting of messages.
[jon] Added Prefs/mysql.php driver from Max Kalika <>.
[jon] New XML-based help subsystem.
[cjh] Renamed package.horde.php to Horde.php.
[cjh] Add img() and pimg() functions to the Horde:: class so that modules
      using only stylesheets don't need the HTMLDocument package.
[cjh] Omit the session name/id from the URL if we can verify that cookies
      are being accepted.
[jon] New wrap_message function that uses the native wordwrap function if it
[jon] Updating header comment copyright information.
[jon] Report module versions in test.php output.
[cjh] mime_encapsulate() now uses an array instead of an object.
[jon] Removed the $_html['compose*'] sizing parameters from config/html.php.
[cjh] Leave Bcc: out of the headers that are passed to sendmail.
[jon] Rewrite a good portion of the scripts/ script so
      that it enforces an extremely high level of security.
[cjh] The valid_lang() function now requires $nls['languages'][<language>]
      to be set for a language to be considered valid (instead of just the
      locale directory existing).
[cjh] Added a &singleton() method to make it easier to only create one log
      instance, no matter when you need it.
[cjh] Now mailfrom() works for recipient addresses with single quotes or
      other characters that need to be escaped in them.
[cjh] Log class now has an mcal instance, a composite (for grouping multiple
      log backends), and observers register the level of events they want to
      hear about, and only get notified of events as important or more
      important than that level.
[cjh] Added a Log:: framework and syslog implementation, including a
      Log_observer class intended to sit on top of Lob objects and take
      action in exceptional circumstances.
[cjh] Make sure to always send a charset with emails.
[cjh] Improved the mime_decode() and mime_encode() functions.
[cjh] Updated test.php to recognize php4 stable releases.
[jon] Removed all of the locale/*.lang dependencies.
[jon] Assume the browser is frames-capable by default.
[cjh] Add horde_cleanup($filename), which takes care of deleting files that
      should be unlinked regardless of whether or not the request is
      canceled by the user before we finish executing.
[cjh] Remove phplib dependancy in favor of php4 sessions/PEAR.
[cjh] Replace use with require_once.
[cjh] Fixed up select_lang() to work (identical to 1.2 now)
[cjh] Horde is now under the LGPL.
[cjh] Fix mailfrom() so it doesn't send extra headers when using mail()
[cjh] Adding a 'margins' attribute to HTMLDocument to enable turning off
      document margins.


[cjh] Replaced module.XML_RDF.php with a working copy.


[cjh] Revamped the MimeMessage class to be much smaller and simpler.
[cjh] Replaced the MimePartData class with a set of functions that more
      cleanly and correctly implement the MIME standard.
[cjh] select_lang() now checks for en when the browser requests en_GB, etc.
[cjh] Replaced all calls to ereg* functions with preg* functions, for speed.
      Because of this we now require php 3.0.12 or later.


[   ] German updated
[   ] Fixed the broken 'back' link in setup.php3 for non-English users
[   ] manager.php3, db.lib, and cohorts are now gone. They were all unmaintained, out of date, and not very useful.
      Various build scripts are updated to reflect this.
[jon] Removed config/defaults.php3 in preference of horde.php3
[   ] Fixed a setup.php3 bug where " was used instead of ' for $default values (mike)
[   ] New Finnish translations (Thanks to:
[   ] Fixed lynx support issue with login.php3
[   ] Fixed signup.php3 problems
[   ] Fixed problem.php3 problems (lynx support)
[   ] Added database creation scripts for building phplib complian tables
[   ] Moved all documentation (except README and COPYING) into docs/ subdir
[   ] Added a caching class so that caching can be turned on per page if needed


[   ] Horde understands French (thanks to Mathieu Clabaut
[   ] Major frameset redesign
[   ] Auto registration/congiruation of modules


[   ] Horde is now web surfable.
[   ] Horde handles lynx (pseudoly)
[   ] Extendable menus. (menu.txt in horde/config)
[   ] Signup, problem reporting, help functions are now part of horde