From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 plugins/markasjunk/markasjunk.js |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/plugins/markasjunk/markasjunk.js b/plugins/markasjunk/markasjunk.js
index 8b02d74..0e30fb8 100644
--- a/plugins/markasjunk/markasjunk.js
+++ b/plugins/markasjunk/markasjunk.js
@@ -5,10 +5,10 @@
   if (!rcmail.env.uid && (!rcmail.message_list || !rcmail.message_list.get_selection().length))
     return;
   
-    var uids = rcmail.env.uid ? rcmail.env.uid : rcmail.message_list.get_selection().join(',');
-    
-    rcmail.set_busy(true, 'loading');
-    rcmail.http_post('plugin.markasjunk', '_uid='+uids+'&_mbox='+urlencode(rcmail.env.mailbox), true);
+    var uids = rcmail.env.uid ? rcmail.env.uid : rcmail.message_list.get_selection().join(','),
+      lock = rcmail.set_busy(true, 'loading');
+
+    rcmail.http_post('plugin.markasjunk', '_uid='+uids+'&_mbox='+urlencode(rcmail.env.mailbox), lock);
 }
 
 // callback for app-onload event

--
Gitblit v1.9.1