From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 skins/larry/addressbook.css |  210 +++++++++++++++++++++++++++++++++++++++++++++++++---
 1 files changed, 198 insertions(+), 12 deletions(-)

diff --git a/skins/larry/addressbook.css b/skins/larry/addressbook.css
index 57a1b0d..46d4d10 100644
--- a/skins/larry/addressbook.css
+++ b/skins/larry/addressbook.css
@@ -1,15 +1,13 @@
 /**
  * Roundcube webmail styles for the Address Book section
  *
- * Copyright (c) 2011, The Roundcube Dev Team
+ * Copyright (c) 2012, The Roundcube Dev Team
  * Screendesign by FLINT / B�ro f�r Gestaltung, bueroflint.com
  *
  * The contents are subject to the Creative Commons Attribution-ShareAlike
  * License. It is allowed to copy, distribute, transmit and to adapt the work
  * by keeping credits to the original autors in the README file.
  * See http://creativecommons.org/licenses/by-sa/3.0/ for details.
- *
- * $Id$
  */
 
 #addressview-left {
@@ -18,6 +16,7 @@
 	left: 0;
 	width: 220px;
 	bottom: 0;
+	z-index: 2;
 }
 
 #addressview-right {
@@ -26,15 +25,16 @@
 	left: 232px;
 	right: 0;
 	bottom: 0;
+	z-index: 3;
 }
 
 #addressbooktoolbar {
 	position: absolute;
 	top: -6px;
 	left: 0;
-	right: 0;
 	height: 40px;
 	white-space: nowrap;
+	z-index: 10;
 }
 
 #directorylistbox {
@@ -67,7 +67,9 @@
 
 #directorylist li a,
 #contacts-table .contact td.name {
-	background: url(images/listicons.png) -100px 0 no-repeat;
+	background-image: url(images/listicons.png);
+	background-position: -100px 0;
+	background-repeat: no-repeat;
 	overflow: hidden;
 	padding-left: 36px;
 	text-overflow: ellipsis;
@@ -77,8 +79,21 @@
 	background-position: 6px -766px;
 }
 
-#directorylist li.addressbook.selected a {
+#directorylist li.addressbook.selected > a {
 	background-position: 6px -791px;
+}
+
+#directorylist li.addressbook ul li:last-child {
+	border-bottom: 0;
+}
+
+#directorylist li.addressbook ul.groups {
+	margin: 0;
+	padding: 0;
+}
+
+#directorylist li.addressbook ul.groups li {
+	width: 100%;
 }
 
 #directorylist li.contactgroup a {
@@ -88,6 +103,50 @@
 
 #directorylist li.contactgroup.selected a {
 	background-position: 32px -1579px;
+}
+
+#directorylist li.contactgroup input {
+	margin-left: 36px;
+}
+
+#directorylist li.contactsearch a {
+	background-position: 6px -1651px;
+}
+
+#directorylist li.contactsearch.selected a {
+	background-position: 6px -1675px;
+}
+
+#directorylist li.contactsearch input {
+	margin-left: 8px;
+}
+
+#directorylist li.addressbook div.collapsed,
+#directorylist li.addressbook div.expanded {
+	top: 15px;
+	left: 20px;
+}
+
+#contacts-table .contact.readonly td {
+	font-style: italic;
+}
+
+#contacts-table td.name {
+	width: 95%;
+}
+
+#contacts-table td.action {
+	width: 24px;
+	padding: 4px;
+}
+
+#contacts-table td.action a {
+	display: block;
+	width: 16px;
+	height: 14px;
+	text-indent: -5000px;
+	overflow: hidden;
+	background: url(images/listicons.png) -2px -1180px no-repeat;
 }
 
 #contacts-table .contact td.name {
@@ -100,6 +159,29 @@
 	font-weight: bold;
 }
 
+#contacts-table .group td.name {
+	background-position: 6px -1555px;
+}
+
+#contacts-table .group.selected td.name,
+#contacts-table .group.unfocused td.name {
+	background-position: 6px -1579px;
+	font-weight: bold;
+}
+
+#addresslist .boxtitle {
+	padding-right: 95px;
+	overflow: hidden;
+	text-overflow: ellipsis;
+}
+
+#addresslist .boxtitle a.poplink {
+	color: #004458;
+	font-size: 14px;
+	line-height: 12px;
+	text-decoration: none;
+}
+
 #contact-frame {
 	position: absolute;
 	top: 0;
@@ -107,6 +189,7 @@
 	right: 0;
 	bottom: 28px;
 	border: 0;
+	border-radius: 4px;
 }
 
 #headerbuttons {
@@ -137,14 +220,41 @@
 
 #contactpic img {
 	width: 112px;
+	visibility: inherit;
+}
+
+#contactpic.droptarget {
+	background-image: url(images/filedrop.png);
+	background-position: center;
+	background-repeat: no-repeat;
+}
+
+#contactpic.droptarget.hover {
+	background-color: #d9ecf4;
+	box-shadow: 0 0 5px 2px rgba(71,135,177, 0.9);
+	-moz-box-shadow: 0 0 5px 2px rgba(71,135,177, 0.9);
+	-webkit-box-shadow: 0 0 5px 2px rgba(71,135,177, 0.9);
+	-o-box-shadow: 0 0 5px 2px rgba(71,135,177, 0.9);
+}
+
+#contactpic.droptarget.active img {
+	opacity: 0.15;
+}
+
+#contactpic.droptarget.hover img {
+	opacity: 0.05;
 }
 
 #contacthead {
 	border: 0;
-	margin: 0 20em 1em 0;
+	margin: 0 16em 1em 0;
 	padding: 0;
 	line-height: 1.5em;
 	font-size: 12px;
+}
+
+form #contacthead {
+	margin-right: 0;
 }
 
 #contacthead .names span.namefield,
@@ -159,9 +269,7 @@
 }
 
 #contacthead span.nickname:before,
-#contacthead span.nickname:after,
-#contacthead input.ff_nickname:before,
-#contacthead input.ff_nickname:after {
+#contacthead span.nickname:after {
 	content: '"';
 }
 
@@ -180,6 +288,84 @@
 	width: 90px;
 }
 
+.contactfieldgroup {
+	border: 0;
+	border-radius: 5px;
+	background: #f7f7f7;
+	background: -moz-linear-gradient(top, #f7f7f7 0%, #eee 100%);
+	background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#f7f7f7), color-stop(100%,#eee));
+	background: -o-linear-gradient(top, #f7f7f7 0%, #eee 100%);
+	background: -ms-linear-gradient(top, #f7f7f7 0%, #eee 100%);
+	background: linear-gradient(top, #f7f7f7 0%, #eee 100%);
+	margin: 0 0 12px 0;
+	padding: 8px;
+}
+
+.contactfieldgroup legend {
+	display: block;
+	margin: 0 -8px;
+	width: 100%;
+	font-weight: bold;
+	text-shadow: 0px 1px 1px #fff;
+	padding: 6px 8px 3px 8px;
+	background: #f0f0f0;
+	background: -moz-linear-gradient(top, #f0f0f0 0%, #d6d6d6 100%);
+	background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#f0f0f0), color-stop(100%,#d6d6d6));
+	background: -o-linear-gradient(top, #f0f0f0 0%, #d6d6d6 100%);
+	background: -ms-linear-gradient(top, #f0f0f0 0%, #d6d6d6 100%);
+	background: linear-gradient(top, #f0f0f0 0%, #d6d6d6 100%);
+	border-bottom: 1px solid #cfcfcf;
+	border-radius: 5px 5px 0 0;
+}
+
+.contactfieldgroup .row {
+	position: relative;
+	margin: 0.2em 0;
+}
+
+.contactfieldgroup .contactfieldlabel {
+	position: absolute;
+	top: 0;
+	left: 2px;
+	width: 110px;
+	white-space: nowrap;
+	overflow: hidden;
+	text-overflow: ellipsis;
+	color: #666;
+}
+
+.contactfieldgroup .contactfieldlabel select {
+	width: 100%;
+	color: #666;
+}
+
+.contactfieldgroup .contactfieldcontent {
+	padding-left: 120px;
+	min-height: 1em;
+	line-height: 1.3em;
+}
+
+.contactfieldgroup .contactfield {
+	line-height: 1.3em;
+}
+
+.contactcontrolleraddress .contactfieldcontent input {
+	margin-bottom: 0.1em;
+}
+
+.contactfieldcontent.composite {
+	padding-bottom: 8px;
+}
+
+.contactfieldcontent .contactfieldbutton {
+	vertical-align: middle;
+	margin-left: 0.5em;
+}
+
+.contactfield .ff_notes {
+	width: 99%;
+}
+
 a.deletebutton {
 	position: relative;
 	left: 5px;
@@ -188,6 +374,6 @@
 	width: 24px;
 	height: 18px;
 	text-decoration: none;
-	text-indent: -1000px;
-	background: url(images/buttons.png) -7px -337px no-repeat;
+	text-indent: -5000px;
+	background: url(images/buttons.png) -7px -377px no-repeat;
 }

--
Gitblit v1.9.1