From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 skins/classic/templates/addressbook.html |   16 ++++++++--------
 1 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/skins/classic/templates/addressbook.html b/skins/classic/templates/addressbook.html
index d77bb38..b11a9e0 100644
--- a/skins/classic/templates/addressbook.html
+++ b/skins/classic/templates/addressbook.html
@@ -9,6 +9,7 @@
 #addresslist { width: <roundcube:exp expression="!empty(cookie:addressviewsplitter) ? cookie:addressviewsplitter-5 : 245" />px; }
 #contacts-box { left: <roundcube:exp expression="!empty(cookie:addressviewsplitter) ? cookie:addressviewsplitter+5 : 255" />px;
 	<roundcube:exp expression="browser:ie ? ('width:expression((parseInt(this.parentNode.offsetWidth)-'.(!empty(cookie:addressviewsplitter) ? cookie:addressviewsplitter+5 : 255).')+\\'px\\');') : ''" />
+}
 #directorylistbox { width: <roundcube:exp expression="!empty(cookie:addressviewsplitterd) ? cookie:addressviewsplitterd-5 : 195" />px; }
 #addressscreen { left: <roundcube:exp expression="!empty(cookie:addressviewsplitterd) ? cookie:addressviewsplitterd+5 : 205" />px;
 	<roundcube:exp expression="browser:ie ? ('width:expression((parseInt(this.parentNode.offsetWidth)-'.(!empty(cookie:addressviewsplitterd) ? cookie:addressviewsplitterd+5 : 205).')+\\'px\\');') : ''" />
@@ -40,11 +41,11 @@
 
 <div id="searchmenu" class="popupmenu">
   <ul class="toolbarmenu">
-    <li><input type="checkbox" name="s_mods[]" value="name" id="s_mod_name" onclick="rcmail_ui.set_searchmod(this)" /><label for="s_mod_name"><roundcube:label name="name" /></label></li>
-    <li><input type="checkbox" name="s_mods[]" value="firstname" id="s_mod_firstname" onclick="rcmail_ui.set_searchmod(this)" /><label for="s_mod_firstname"><roundcube:label name="firstname" /></label></li>
-    <li><input type="checkbox" name="s_mods[]" value="surname" id="s_mod_surname" onclick="rcmail_ui.set_searchmod(this)" /><label for="s_mod_surname"><roundcube:label name="surname" /></label></li>
-    <li><input type="checkbox" name="s_mods[]" value="email" id="s_mod_email" onclick="rcmail_ui.set_searchmod(this)" /><label for="s_mod_email"><roundcube:label name="email" /></label></li>
-    <li><input type="checkbox" name="s_mods[]" value="*" id="s_mod_all" onclick="rcmail_ui.set_searchmod(this)" /><label for="s_mod_all"><roundcube:label name="allfields" /></label></li>
+    <li><label><input type="checkbox" name="s_mods[]" value="name" id="s_mod_name" onclick="rcmail_ui.set_searchmod(this)" /> <span><roundcube:label name="name" /></span></label></li>
+    <li><label><input type="checkbox" name="s_mods[]" value="firstname" id="s_mod_firstname" onclick="rcmail_ui.set_searchmod(this)" /> <span><roundcube:label name="firstname" /></span></label></li>
+    <li><label><input type="checkbox" name="s_mods[]" value="surname" id="s_mod_surname" onclick="rcmail_ui.set_searchmod(this)" /> <span><roundcube:label name="surname" /></span></label></li>
+    <li><label><input type="checkbox" name="s_mods[]" value="email" id="s_mod_email" onclick="rcmail_ui.set_searchmod(this)" /> <span><roundcube:label name="email" /></span></label></li>
+    <li><label><input type="checkbox" name="s_mods[]" value="*" id="s_mod_all" onclick="rcmail_ui.set_searchmod(this)" /> <span><roundcube:label name="allfields" /></span></label></li>
   </ul>
 </div>
 
@@ -53,8 +54,7 @@
 <div id="directorylistbox">
 <div id="directorylist-title" class="boxtitle"><roundcube:label name="groups" /></div>
 <div id="directorylist-content" class="boxlistcontent">
-  <roundcube:object name="directorylist" id="directorylist" />
-  <roundcube:object name="groupslist" id="contactgroupslist" />
+  <roundcube:object name="directorylist" id="directorylist" class="treelist" />
 </div>
 <div id="directorylist-footer" class="boxfooter">
   <roundcube:button command="group-create" type="link" title="newcontactgroup" class="buttonPas addgroup" classAct="button addgroup" content=" " />
@@ -65,7 +65,7 @@
 <div id="addressscreen">
 
 <div id="addresslist">
-<div class="boxtitle"><roundcube:label name="contacts" /></div>
+<roundcube:object name="addresslisttitle" label="contacts" tag="div" class="boxtitle" />
 <div class="boxlistcontent">
 <roundcube:object name="addresslist" id="contacts-table" class="records-table" cellspacing="0" summary="Contacts list" noheader="true" />
 </div>

--
Gitblit v1.9.1