From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 skins/classic/functions.js |    9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/skins/classic/functions.js b/skins/classic/functions.js
index c59ea9b..23c6980 100644
--- a/skins/classic/functions.js
+++ b/skins/classic/functions.js
@@ -634,8 +634,13 @@
 function iframe_events()
 {
   // this==iframe
-  var doc = this.contentDocument ? this.contentDocument : this.contentWindow ? this.contentWindow.document : null;
-  rcube_event.add_listener({ element: doc, object:rcmail_ui, method:'body_mouseup', event:'mouseup' });
+  try {
+    var doc = this.contentDocument ? this.contentDocument : this.contentWindow ? this.contentWindow.document : null;
+    rcube_event.add_listener({ element: doc, object:rcmail_ui, method:'body_mouseup', event:'mouseup' });
+  }
+  catch (e) {
+    // catch possible "Permission denied" error in IE
+  };
 };
 
 // Abbreviate mailbox names to fit width of the container

--
Gitblit v1.9.1