3f9afa0
docs: update feature screenshots (#1018)
Floatpane Bot created
3f9afa0
docs: update feature screenshots (#1018)
Floatpane Bot created
bd85ddb
ci: exclude preview tags (#1019)
Drew Smirnoff created
6ce2588
chore: use strings.Builder (#1016)
Mohamed Mahmoud created
a4c620b
ci: exclude all prereleases (#1015)
Drew Smirnoff created
88e0cb5
ci: use @floatpanebot token (#1014)
Drew Smirnoff created
3aeea9d
ci: use base repo (#1014)
Drew Smirnoff created
3e32431
ci: GH_TOKEN to use github.token (#1014)
Drew Smirnoff created
75b9cc6
ci: build prerelease (#1014)
Drew Smirnoff created
b523fb7
ci: add /build command (#1013)
Drew Smirnoff created
8ecde2d
ci: use renovate github action (#1009)
Drew Smirnoff created
a4734a1
feat: split panes (#1006)
Co-authored-by: Andriy Chernov <andriy@floatpane.com> Co-authored-by: Lea <lea@floatpane.com> Co-authored-by: Steve Evans <steve@floatpane.com>
Drew Smirnoff , Andriy Chernov , Lea , and Steve Evans created
c99d66d
chore: update website (#858)
Drew Smirnoff created
6f8d0e0
chore: clean up gitattributes (#857)
Drew Smirnoff created
793e9a2
chore: remove stb_image from linguist (#856)
## What? <!-- Describe what this PR changes. Keep it concise — what code was added, removed, or modified? --> ## Why? <!-- Explain the motivation behind this change. What problem does it solve, or what addition does it enable? Link related issues if applicable. --> Signed-off-by: drew <me@andrinoff.com>
Drew Smirnoff created
cbe3735
fix: remove html from linguist (#854)
Drew Smirnoff created
3070659
feat: mailto support and swift lib (#852)
Co-authored-by: Lea <lea@floatpane.com>
Drew Smirnoff and Lea created
fd781ce
feat: per-account email signatures (#847)
Co-authored-by: drew <me@andrinoff.com>
Daniel Purnomo and drew created
2d9ee39
fix: unchecked error on ReadAll (#851)
Co-authored-by: gittihub-jpg <rico@springer-mail.net>
Drew Smirnoff and gittihub-jpg created
5c7fec7
fix: change the language dynamically (#843)
Drew Smirnoff created
77f53a8
docs: add public and developer docs (#844)
Drew Smirnoff created
ce43417
feat: localization (#842)
## What? <!-- Describe what this PR changes. Keep it concise — what code was added, removed, or modified? --> Adds support for several languages, with easy-to-manage JSON format. Includes a new library `github.com/floatpane/matcha/i18n` a self-written library by us. ## Why? <!-- Explain the motivation behind this change. What problem does it solve, or what addition does it enable? Link related issues if applicable. --> Users would like support across their favorite languages. --------- Signed-off-by: drew <me@andrinoff.com> Co-authored-by: Lea <lea@floatpane.com> Co-authored-by: Steve <steve@floatpane.com> Co-authored-by: Andriy Chernov <andriy@floatpane.com>
Drew Smirnoff , Lea , Steve , and Andriy Chernov created
dda7a7c
feat: add no-header flag to csv export (#841)
A-R-Narke created
b9b582c
fix: add timeout to HTTP client (#835)
Daniel Purnomo created
61c24ed
docs: update feature screenshots (#829)
Floatpane Bot created
74012a0
docs: update demo.gif (#828)
Floatpane Bot created
7f01c99
fix: encryption settings not working (#827)
Drew Smirnoff created
8c9af39
fix: load folders from cache (#826)
Drew Smirnoff created
630be6a
fix: check io.ReadAll errors (#713) (#726)
Co-authored-by: Matt Van Horn <455140+mvanhorn@users.noreply.github.com>
Matt Van Horn and Matt Van Horn created
8d2aebd
fix: limit filename length (#825)
Co-authored-by: Daniel Purnomo <danielpurnomo100@gmail.com>
Drew Smirnoff and Daniel Purnomo created
462d670
fix: validate port range (#823)
Daniel Purnomo created
90e4de2
ci: add check for length (#824)
Drew Smirnoff created
e4026e2
ci: fix screenshots workflow (#822)
Drew Smirnoff created
8727d8f
fix: use local time, and highlight dates (#749)
Drew Smirnoff created
8cfd372
fix: use atomic increment for image ID allocation to prevent race condition (#748)
Daniel Purnomo created
918fa9b
chore(deps): update actions/github-script action to v9 (#745)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
renovate[bot] and renovate[bot] created
0369c9a
fix: sanitize attachment filename to prevent path traversal (#743)
What?
Added sanitizeFilename() function and applied it to the attachment download path in main.go. The function:
Strips path components via filepath.Base()
Replaces remaining path separators (/, \) and .. sequences with _
Rejects hidden files (names starting with .) and empty names, falling back to "attachment"
Why?
Fixes #725
Fixes #642
Attachment filenames come from untrusted email headers. Without sanitization, a malicious filename like ../../../etc/passwd passed to filepath.Join(downloadsPath, candidate) could write files outside the Downloads directory. This is a path traversal vulnerability that could overwrite arbitrary user files.
Testing
16 table-driven test cases covering Unix traversal, Windows traversal, hidden files, empty names, unicode, absolute paths, and chained traversal
Additional test verifying no sanitized output ever contains path separators
go build . — compiles clean
All tests pass
Daniel Purnomo created
8ed36b9
ci: use regex to stop errors (#747)
Drew Smirnoff created
706be37
ci: add bot @floatpanebot (#746)
Drew Smirnoff created
e67e65e
fix: enforce TLS 1.2 minimum version in IMAP and SMTP connections (#742)
Daniel Purnomo created
7fff665
fix(fetcher): replace fmt.Print with standard logger (#712)
Mohamed Mahmoud created
125208f
feat(tui/login): add ctrl+v password visibility toggle (#685)
Co-authored-by: Matt Van Horn <455140+mvanhorn@users.noreply.github.com>
Matt Van Horn and Matt Van Horn created
c9da429
chore: refactor settings.go and improve UI (#683)
Drew Smirnoff created
13f8554
feat: daemon (#682)
Co-authored-by: Steve Evans <steve@floatpane.com> Co-authored-by: Lea <lea@floatpane.com> Co-authored-by: Andriy <andriy@floatpane.com>
Drew Smirnoff , Steve Evans , Lea , and Andriy created
64dd05a
docs: update demo.gif (#680)
github-actions[bot] created
3ef4ce9
chore: update flake.lock (#679)
github-actions[bot] created
4bbef7e
feat: calendar events support (#678)
Drew Smirnoff created
29032fb
Added Suggestions for Troubleshooting section in README.md (#677)
Danny Schönknecht created
6fc1eae
fix: validate PGPKeySource field on config load (#676)
Matt Van Horn created
1cee418
fix: log keyring failures (#668)
Sai Asish Y created
a72f3bb
fix: yubikey bounds-check (#666)
Sai Asish Y created