From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
skins/classic/mail.css | 277 ++++++++++++++++++++++++++++++++++++++++++++++--------
1 files changed, 234 insertions(+), 43 deletions(-)
diff --git a/skins/classic/mail.css b/skins/classic/mail.css
index f899dbd..d0ea4b3 100644
--- a/skins/classic/mail.css
+++ b/skins/classic/mail.css
@@ -13,6 +13,12 @@
/* border: 1px solid #cccccc; */
}
+.extwin #messagetoolbar
+{
+ top: 5px;
+ left: 20px;
+}
+
#messagetoolbar a,
#messagetoolbar select
{
@@ -249,7 +255,7 @@
top: 0;
left: 0;
bottom: 0;
- width: 195px;
+ width: 160px;
}
#mailrightcontainer
@@ -385,32 +391,6 @@
#mailboxlist li ul li:last-child
{
border-bottom: none;
-}
-
-#mailboxlist li div
-{
- position: absolute;
- left: 8px !important;
- left: -16px;
- top: 1px;
- width: 14px;
- height: 16px;
-}
-
-#mailboxlist li div.collapsed,
-#mailboxlist li div.expanded
-{
- cursor: pointer;
-}
-
-#mailboxlist li div.collapsed
-{
- background: url(images/icons/collapsed.png) bottom right no-repeat;
-}
-
-#mailboxlist li div.expanded
-{
- background: url(images/icons/expanded.png) bottom right no-repeat;
}
#mailboxlist li.inbox
@@ -1039,6 +1019,11 @@
z-index: 1;
}
+.extwin #messageframe
+{
+ left: 0;
+}
+
div.messageheaderbox
{
margin: -14px 8px 0px 8px;
@@ -1057,6 +1042,17 @@
width: auto;
margin: 6px 8px;
background-color: #F4F4F4;
+}
+
+#messagebody table.headers-table
+{
+ margin: 16px 6px 6px 6px;
+}
+
+div.message-partheaders + div.message-part
+{
+ border-top: 0;
+ padding-top: 4px;
}
table.headers-table tr td
@@ -1243,7 +1239,66 @@
color: #333333;
}
-#messageviewlink
+#messagebody fieldset.image-attachment {
+ border: 0;
+ border-top: 1px solid #ccc;
+ margin: 1em 1em 0 1em;
+}
+
+#messagebody fieldset.image-attachment p > img
+{
+ max-width: 80%;
+}
+
+#messagebody legend.image-filename
+{
+ color: #999;
+ font-size: 0.9em;
+}
+
+#messagebody p.image-attachment
+{
+ margin: 0 1em;
+ padding: 1em;
+ border-top: 1px solid #ccc;
+}
+
+#messagebody p.image-attachment a.image-link
+{
+ float: left;
+ margin-right: 2em;
+ min-width: 160px;
+ min-height: 60px;
+ text-align: center;
+}
+
+#messagebody p.image-attachment .image-filename
+{
+ display: block;
+ font-weight: bold;
+ line-height: 1.6em;
+}
+
+#messagebody p.image-attachment .image-filesize
+{
+ font-size: 11px;
+ padding-right: 1em;
+}
+
+#messagebody p.image-attachment .attachment-links a
+{
+ margin-right: 0.6em;
+ color: #cc0000;
+ font-size: 11px;
+ text-decoration: none;
+}
+
+#messagebody p.image-attachment .attachment-links a:hover
+{
+ text-decoration: underline;
+}
+
+#openextwinlink
{
position: absolute;
top: 8px;
@@ -1251,6 +1306,12 @@
width: 15px;
height: 15px;
border: 0;
+}
+
+#compose-headers #openextwinlink
+{
+ top: 4px;
+ right: 2px;
}
#full-headers
@@ -1305,7 +1366,7 @@
{
position: absolute;
top: 0;
- left: 185px;
+ left: 205px;
right: 0;
bottom: 0;
margin: 0;
@@ -1315,16 +1376,20 @@
{
position: absolute;
top: 85px;
+ right: 0;
+ left: 0;
bottom: 0;
margin: 0;
- width: 100%;
}
-#compose-div .boxfooter
+#compose-body-div
{
- height: 22px;
- background: none;
- border-top: 0;
+ position: absolute;
+ top: 0;
+ left: 0;
+ bottom: 0;
+ right: 175px;
+ border: 1px solid #999;
}
#compose-div .boxlistcontent
@@ -1342,15 +1407,12 @@
margin: 0;
font-size: 9pt;
font-family: monospace;
- border: 1px solid #999;
resize: none;
+ border: none;
+ outline: none;
}
-#compose-body_tbl
-{
- border: 1px solid #999;
-}
-
+#compose-body_tbl,
#compose-body_tbl td
{
border: none;
@@ -1417,9 +1479,10 @@
#compose-editorfooter
{
position: absolute;
- right: 0;
+ right: 5px;
bottom: 0;
text-align: right;
+ line-height: 20px;
}
#compose-editorfooter label
@@ -1432,9 +1495,20 @@
#compose-buttons
{
position: absolute;
+ left: 5px;
+ bottom: 1px;
+ width: auto;
+}
+
+#compose-contacts
+{
+ position: absolute;
+ top: 0;
left: 0;
bottom: 0;
- width: auto;
+ width: 195px;
+ border: 1px solid #999;
+ background-color: #F9F9F9;
}
#compose-attachments
@@ -1442,8 +1516,8 @@
position: absolute;
top: 0;
left: 0;
+ right: 0;
bottom: 0;
- width: 175px;
border: 1px solid #999;
background-color: #F9F9F9;
}
@@ -1535,3 +1609,120 @@
right: 6px;
z-index: 101;
}
+
+/* addressbook in compose - copy from addressbook.css */
+
+#directorylist
+{
+ list-style: none;
+ margin: 0;
+ padding: 0;
+ background-color: #FFFFFF;
+}
+
+#directorylist li
+{
+ display: block;
+ font-size: 11px;
+ background: url(images/icons/folders.png) 5px -108px no-repeat;
+ border-bottom: 1px solid #EBEBEB;
+ white-space: nowrap;
+}
+
+#directorylist li a
+{
+ cursor: default;
+ display: block;
+ padding-left: 25px;
+ padding-top: 2px;
+ padding-bottom: 2px;
+ text-decoration: none;
+ white-space: nowrap;
+ height: 15px;
+}
+
+#directorylist li.selected
+{
+ background-color: #929292;
+ border-bottom: 1px solid #898989;
+}
+
+#directorylist li.selected a
+{
+ color: #FFF;
+ font-weight: bold;
+}
+
+#contacts-table
+{
+ width: 100%;
+ table-layout: fixed;
+}
+
+#contacts-table tbody td
+{
+ cursor: default;
+ text-overflow: ellipsis;
+ -o-text-overflow: ellipsis;
+}
+
+#contacts-table td span.email
+{
+ display: inline;
+ color: #ccc;
+ font-style: italic;
+ margin-left: 0.5em;
+}
+
+#abookcountbar
+{
+ margin-top: 4px;
+ margin-left: 4px;
+ position: absolute;
+ margin-right: 5px;
+ right: 0;
+}
+
+#abookactions
+{
+ position: absolute;
+ text-underline: none;
+}
+
+#abookactions a
+{
+ font-weight: bold;
+ line-height: 22px;
+ height: 22px;
+ width: auto;
+ margin: 0;
+ padding-left: 5px;
+ padding-right: 5px;
+ text-shadow: 1px 1px white;
+ background: url("images/icons/groupactions.png") no-repeat right -70px;
+}
+
+#abookactions a.disabled
+{
+ color: #999;
+}
+
+#compose-contacts #quicksearchbar
+{
+ top: 2px;
+ left: 7px;
+}
+
+#compose-contacts #directorylist
+{
+ width: 100%;
+ top: 23px;
+ position: absolute;
+ border-top: 1px solid #eee;
+}
+
+#compose-contacts #contacts-table
+{
+ top: 45px;
+ position: absolute;
+}
--
Gitblit v1.9.1