From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 plugins/managesieve/skins/larry/templates/filteredit.html |   10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/plugins/managesieve/skins/larry/templates/filteredit.html b/plugins/managesieve/skins/larry/templates/filteredit.html
index 424bdbc..602816a 100644
--- a/plugins/managesieve/skins/larry/templates/filteredit.html
+++ b/plugins/managesieve/skins/larry/templates/filteredit.html
@@ -5,7 +5,7 @@
 <roundcube:include file="/includes/links.html" />
 <link rel="stylesheet" type="text/css" href="/this/managesieve.css" />
 </head>
-<body class="iframe<roundcube:exp expression="env:task != 'mail' ? '' : ' mail'" />">
+<body class="iframe<roundcube:exp expression="env:task != 'mail' ? ' floatingbuttons' : ' mail'" />">
 
 <roundcube:if condition="env:task != 'mail'" />
 <div id="filter-title" class="boxtitle"><roundcube:label name="managesieve.filterdef" /></div>
@@ -16,12 +16,12 @@
 
 <roundcube:if condition="env:task != 'mail'" />
 <div id="footer">
-<div class="footerleft">
+<div class="footerleft formbuttons floating">
 <roundcube:button command="plugin.managesieve-save" type="input" class="button mainaction" label="save" />
-</div>
-<div class="footerright">
-<label for="disabled"><roundcube:label name="managesieve.filterdisabled" /></label>
+<label for="disabled">
 <input type="checkbox" id="disabled" name="_disabled" value="1" />
+<roundcube:label name="managesieve.filterdisabled" />
+</label>
 </div>
 </div>
 <roundcube:endif />

--
Gitblit v1.9.1