From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
skins/classic/templates/compose.html | 11 -----------
1 files changed, 0 insertions(+), 11 deletions(-)
diff --git a/skins/classic/templates/compose.html b/skins/classic/templates/compose.html
index 8be239c..5b0b479 100644
--- a/skins/classic/templates/compose.html
+++ b/skins/classic/templates/compose.html
@@ -40,7 +40,6 @@
<span id="spellmenulink" onclick="rcmail_ui.show_popup('spellmenu');return false"></span>
</span>
<roundcube:endif />
- <a href="#responses" class="button responses" label="responses" title="<roundcube:label name='insertresponse' />" id="responsesmenulink" unselectable="on" onmousedown="return false" onclick="rcmail_ui.show_popup('responsesmenu');return false"> </a>
<roundcube:container name="toolbar" id="compose-toolbar" />
<roundcube:button name="messageoptions" id="composemenulink" type="link" class="button messagemenu" title="messageoptions" onclick="rcmail_ui.show_popup('composemenu', true);return false" content=" " />
</div>
@@ -190,16 +189,6 @@
<td><roundcube:object name="storetarget" maxlength="30" /></td>
</tr><roundcube:endif />
</table>
-</div>
-
-<div id="responsesmenu" class="popupmenu">
- <ul id="textresponsesmenu">
- <li><label class="comment"><roundcube:label name="insertresponse" /></label></li>
- <roundcube:object name="responseslist" id="responseslist" tagname="ul" itemclass="active" />
- <li><label class="comment"><roundcube:label name="manageresponses" /></label></li>
- <li><roundcube:button command="save-response" type="link" label="savenewresponse" classAct="active" unselectable="on" /></li>
- <li><roundcube:button command="responses" type="link" label="editresponses" classAct="active" /></li>
- </ul>
</div>
<div id="spellmenu" class="popupmenu selectable"></div>
--
Gitblit v1.9.1