From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 skins/classic/mail.css |  199 +++++++++++++++++++++++++++++++++++++++----------
 1 files changed, 157 insertions(+), 42 deletions(-)

diff --git a/skins/classic/mail.css b/skins/classic/mail.css
index 85c53d5..d0ea4b3 100644
--- a/skins/classic/mail.css
+++ b/skins/classic/mail.css
@@ -255,7 +255,7 @@
   top: 0;
   left: 0;
   bottom: 0;
-  width: 195px;
+  width: 160px;
 }
 
 #mailrightcontainer
@@ -391,32 +391,6 @@
 #mailboxlist li ul li:last-child
 {
   border-bottom: none;
-}
-
-#mailboxlist li div
-{
-  position: absolute;
-  left: 8px !important;
-  left: -16px;
-  top: 1px;
-  width: 14px;
-  height: 16px;
-}
-
-#mailboxlist li div.collapsed,
-#mailboxlist li div.expanded
-{
-  cursor: pointer;
-}
-
-#mailboxlist li div.collapsed
-{
-  background: url(images/icons/collapsed.png) bottom right no-repeat;
-}
-
-#mailboxlist li div.expanded
-{
-  background: url(images/icons/expanded.png) bottom right no-repeat;
 }
 
 #mailboxlist li.inbox
@@ -1070,6 +1044,17 @@
   background-color: #F4F4F4;
 }
 
+#messagebody table.headers-table
+{
+  margin: 16px 6px 6px 6px;
+}
+
+div.message-partheaders + div.message-part
+{
+  border-top: 0;
+  padding-top: 4px;
+}
+
 table.headers-table tr td
 {
   font-size: 11px;
@@ -1381,7 +1366,7 @@
 {
   position: absolute;
   top: 0;
-  left: 185px;
+  left: 205px;
   right: 0;
   bottom: 0;
   margin: 0;
@@ -1391,16 +1376,20 @@
 {
   position: absolute;
   top: 85px;
+  right: 0;
+  left: 0;
   bottom: 0;
   margin: 0;
-  width: 100%;
 }
 
-#compose-div .boxfooter
+#compose-body-div
 {
-  height: 22px;
-  background: none;
-  border-top: 0;
+  position: absolute;
+  top: 0;
+  left: 0;
+  bottom: 0;
+  right: 175px;
+  border: 1px solid #999;
 }
 
 #compose-div .boxlistcontent
@@ -1418,15 +1407,12 @@
   margin: 0;
   font-size: 9pt;
   font-family: monospace;
-  border: 1px solid #999;
   resize: none;
+  border: none;
+  outline: none;
 }
 
-#compose-body_tbl
-{
-  border: 1px solid #999;
-}
-
+#compose-body_tbl,
 #compose-body_tbl td
 {
   border: none;
@@ -1493,9 +1479,10 @@
 #compose-editorfooter
 {
   position: absolute;
-  right: 0;
+  right: 5px;
   bottom: 0;
   text-align: right;
+  line-height: 20px;
 }
 
 #compose-editorfooter label
@@ -1508,9 +1495,20 @@
 #compose-buttons
 {
   position: absolute;
+  left: 5px;
+  bottom: 1px;
+  width: auto;
+}
+
+#compose-contacts
+{
+  position: absolute;
+  top: 0;
   left: 0;
   bottom: 0;
-  width: auto;
+  width: 195px;
+  border: 1px solid #999;
+  background-color: #F9F9F9;
 }
 
 #compose-attachments
@@ -1518,8 +1516,8 @@
   position: absolute;
   top: 0;
   left: 0;
+  right: 0;
   bottom: 0;
-  width: 175px;
   border: 1px solid #999;
   background-color: #F9F9F9;
 }
@@ -1611,3 +1609,120 @@
   right: 6px;
   z-index: 101;
 }
+
+/* addressbook in compose - copy from addressbook.css */
+
+#directorylist
+{
+  list-style: none;
+  margin: 0;
+  padding: 0;
+  background-color: #FFFFFF;
+}
+
+#directorylist li
+{
+  display: block;
+  font-size: 11px;
+  background: url(images/icons/folders.png) 5px -108px no-repeat;
+  border-bottom: 1px solid #EBEBEB;
+  white-space: nowrap;
+}
+
+#directorylist li a
+{
+  cursor: default;
+  display: block;
+  padding-left: 25px;
+  padding-top: 2px;
+  padding-bottom: 2px;
+  text-decoration: none;
+  white-space: nowrap;
+  height: 15px;
+}
+
+#directorylist li.selected
+{
+  background-color: #929292;
+  border-bottom: 1px solid #898989;
+}
+
+#directorylist li.selected a
+{
+  color: #FFF;
+  font-weight: bold;
+}
+
+#contacts-table
+{
+  width: 100%;
+  table-layout: fixed;
+}
+
+#contacts-table tbody td
+{
+  cursor: default;
+  text-overflow: ellipsis;
+  -o-text-overflow: ellipsis;
+}
+
+#contacts-table td span.email
+{
+  display: inline;
+  color: #ccc;
+  font-style: italic;
+  margin-left: 0.5em;
+}
+
+#abookcountbar
+{
+  margin-top: 4px;
+  margin-left: 4px;
+  position: absolute;
+  margin-right: 5px;
+  right: 0;
+}
+
+#abookactions
+{
+  position: absolute;
+  text-underline: none;
+}
+
+#abookactions a
+{
+  font-weight: bold;
+  line-height: 22px;
+  height: 22px;
+  width: auto;
+  margin: 0;
+  padding-left: 5px;
+  padding-right: 5px;
+  text-shadow: 1px 1px white;
+  background: url("images/icons/groupactions.png") no-repeat right -70px;
+}
+
+#abookactions a.disabled
+{
+  color: #999;
+}
+
+#compose-contacts #quicksearchbar
+{
+  top: 2px;
+  left: 7px;
+}
+
+#compose-contacts #directorylist
+{
+  width: 100%;
+  top: 23px;
+  position: absolute;
+  border-top: 1px solid #eee;
+}
+
+#compose-contacts #contacts-table
+{
+  top: 45px;
+  position: absolute;
+}

--
Gitblit v1.9.1