From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 skins/classic/functions.js |   34 ++++++++++++++++++++++++----------
 1 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/skins/classic/functions.js b/skins/classic/functions.js
index 73c43f6..23c6980 100644
--- a/skins/classic/functions.js
+++ b/skins/classic/functions.js
@@ -355,7 +355,7 @@
 
     for (i in rcmail.env.spell_langs) {
       li = $('<li>');
-      link = $('<a href="#">').text(rcmail.env.spell_langs[i])
+      link = $('<a href="#"></a>').text(rcmail.env.spell_langs[i])
         .addClass('active').data('lang', i)
         .click(function() {
           rcmail.spellcheck_lang_set($(this).data('lang'));
@@ -491,17 +491,26 @@
 
   div.style.top = (parseInt(headers_div.offsetHeight, 10) + 3) + 'px';
   $(window).resize();
+
+  // fixes contacts-table position when there's more than one addressbook
+  $('#contacts-table').css('top', $('#directorylist').height() + 24 + 'px');
+
+  // contacts search submit
+  $('#quicksearchbox').keydown(function(e) {
+    if (rcube_event.get_keycode(e) == 13)
+      rcmail.command('search');
+  });
 },
 
 resize_compose_body: function()
 {
-  var div = $('#compose-div .boxlistcontent'), w = div.width(), h = div.height();
-  w -= 8;  // 2 x 3px padding + 2 x 1px border
-  h -= 4;
+  var div = $('#compose-div .boxlistcontent'),
+    w = div.width() - 2, h = div.height(),
+    x = bw.ie || bw.opera ? 4 : 0;
 
-  $('#compose-body_tbl').width((w+6)+'px').height('');
-  $('#compose-body_ifr').width((w+6)+'px').height((h-54)+'px');
-  $('#compose-body').width(w+'px').height(h+'px');
+  $('#compose-body_tbl').width((w+3)+'px').height('');
+  $('#compose-body_ifr').width((w+3)+'px').height((h-54)+'px');
+  $('#compose-body').width((w-x)+'px').height(h+'px');
   $('#googie_edit_layer').height(h+'px');
 },
 
@@ -625,8 +634,13 @@
 function iframe_events()
 {
   // this==iframe
-  var doc = this.contentDocument ? this.contentDocument : this.contentWindow ? this.contentWindow.document : null;
-  rcube_event.add_listener({ element: doc, object:rcmail_ui, method:'body_mouseup', event:'mouseup' });
+  try {
+    var doc = this.contentDocument ? this.contentDocument : this.contentWindow ? this.contentWindow.document : null;
+    rcube_event.add_listener({ element: doc, object:rcmail_ui, method:'body_mouseup', event:'mouseup' });
+  }
+  catch (e) {
+    // catch possible "Permission denied" error in IE
+  };
 };
 
 // Abbreviate mailbox names to fit width of the container
@@ -635,7 +649,7 @@
   var list = $('#mailboxlist > li a, #mailboxlist ul:visible > li a');
 
   // it's too slow with really big number of folders, especially on IE
-  if (list.length > 500 * (bw.ie ? 0.2 : 1))
+  if (list.length > (bw.ie ? 25 : 100))
     return;
 
   list.each(function(){

--
Gitblit v1.9.1