From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 plugins/markasjunk/markasjunk.js |   28 ++++++++++++++++++++++++++++
 1 files changed, 28 insertions(+), 0 deletions(-)

diff --git a/plugins/markasjunk/markasjunk.js b/plugins/markasjunk/markasjunk.js
new file mode 100644
index 0000000..0e30fb8
--- /dev/null
+++ b/plugins/markasjunk/markasjunk.js
@@ -0,0 +1,28 @@
+/* Mark-as-Junk plugin script */
+
+function rcmail_markasjunk(prop)
+{
+  if (!rcmail.env.uid && (!rcmail.message_list || !rcmail.message_list.get_selection().length))
+    return;
+  
+    var uids = rcmail.env.uid ? rcmail.env.uid : rcmail.message_list.get_selection().join(','),
+      lock = rcmail.set_busy(true, 'loading');
+
+    rcmail.http_post('plugin.markasjunk', '_uid='+uids+'&_mbox='+urlencode(rcmail.env.mailbox), lock);
+}
+
+// callback for app-onload event
+if (window.rcmail) {
+  rcmail.addEventListener('init', function(evt) {
+    
+    // register command (directly enable in message view mode)
+    rcmail.register_command('plugin.markasjunk', rcmail_markasjunk, rcmail.env.uid);
+    
+    // add event-listener to message list
+    if (rcmail.message_list)
+      rcmail.message_list.addEventListener('select', function(list){
+        rcmail.enable_command('plugin.markasjunk', list.get_selection().length > 0);
+      });
+  })
+}
+

--
Gitblit v1.9.1