From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
skins/larry/addressbook.css | 105 +++++++++++++++++++++++++++++++++++++++++++++++-----
1 files changed, 95 insertions(+), 10 deletions(-)
diff --git a/skins/larry/addressbook.css b/skins/larry/addressbook.css
index 46b4949..46d4d10 100644
--- a/skins/larry/addressbook.css
+++ b/skins/larry/addressbook.css
@@ -8,8 +8,6 @@
* License. It is allowed to copy, distribute, transmit and to adapt the work
* by keeping credits to the original autors in the README file.
* See http://creativecommons.org/licenses/by-sa/3.0/ for details.
- *
- * $Id$
*/
#addressview-left {
@@ -18,6 +16,7 @@
left: 0;
width: 220px;
bottom: 0;
+ z-index: 2;
}
#addressview-right {
@@ -26,15 +25,16 @@
left: 232px;
right: 0;
bottom: 0;
+ z-index: 3;
}
#addressbooktoolbar {
position: absolute;
top: -6px;
left: 0;
- right: 0;
height: 40px;
white-space: nowrap;
+ z-index: 10;
}
#directorylistbox {
@@ -67,22 +67,33 @@
#directorylist li a,
#contacts-table .contact td.name {
- background: url(images/listicons.png) -100px 0 no-repeat;
+ background-image: url(images/listicons.png);
+ background-position: -100px 0;
+ background-repeat: no-repeat;
overflow: hidden;
padding-left: 36px;
text-overflow: ellipsis;
-}
-
-#contacts-table .contact.readonly td {
- font-style: italic;
}
#directorylist li.addressbook a {
background-position: 6px -766px;
}
-#directorylist li.addressbook.selected a {
+#directorylist li.addressbook.selected > a {
background-position: 6px -791px;
+}
+
+#directorylist li.addressbook ul li:last-child {
+ border-bottom: 0;
+}
+
+#directorylist li.addressbook ul.groups {
+ margin: 0;
+ padding: 0;
+}
+
+#directorylist li.addressbook ul.groups li {
+ width: 100%;
}
#directorylist li.contactgroup a {
@@ -110,6 +121,34 @@
margin-left: 8px;
}
+#directorylist li.addressbook div.collapsed,
+#directorylist li.addressbook div.expanded {
+ top: 15px;
+ left: 20px;
+}
+
+#contacts-table .contact.readonly td {
+ font-style: italic;
+}
+
+#contacts-table td.name {
+ width: 95%;
+}
+
+#contacts-table td.action {
+ width: 24px;
+ padding: 4px;
+}
+
+#contacts-table td.action a {
+ display: block;
+ width: 16px;
+ height: 14px;
+ text-indent: -5000px;
+ overflow: hidden;
+ background: url(images/listicons.png) -2px -1180px no-repeat;
+}
+
#contacts-table .contact td.name {
background-position: 6px -1603px;
}
@@ -118,6 +157,29 @@
#contacts-table .contact.unfocused td.name {
background-position: 6px -1627px;
font-weight: bold;
+}
+
+#contacts-table .group td.name {
+ background-position: 6px -1555px;
+}
+
+#contacts-table .group.selected td.name,
+#contacts-table .group.unfocused td.name {
+ background-position: 6px -1579px;
+ font-weight: bold;
+}
+
+#addresslist .boxtitle {
+ padding-right: 95px;
+ overflow: hidden;
+ text-overflow: ellipsis;
+}
+
+#addresslist .boxtitle a.poplink {
+ color: #004458;
+ font-size: 14px;
+ line-height: 12px;
+ text-decoration: none;
}
#contact-frame {
@@ -158,6 +220,29 @@
#contactpic img {
width: 112px;
+ visibility: inherit;
+}
+
+#contactpic.droptarget {
+ background-image: url(images/filedrop.png);
+ background-position: center;
+ background-repeat: no-repeat;
+}
+
+#contactpic.droptarget.hover {
+ background-color: #d9ecf4;
+ box-shadow: 0 0 5px 2px rgba(71,135,177, 0.9);
+ -moz-box-shadow: 0 0 5px 2px rgba(71,135,177, 0.9);
+ -webkit-box-shadow: 0 0 5px 2px rgba(71,135,177, 0.9);
+ -o-box-shadow: 0 0 5px 2px rgba(71,135,177, 0.9);
+}
+
+#contactpic.droptarget.active img {
+ opacity: 0.15;
+}
+
+#contactpic.droptarget.hover img {
+ opacity: 0.05;
}
#contacthead {
@@ -289,6 +374,6 @@
width: 24px;
height: 18px;
text-decoration: none;
- text-indent: -1000px;
+ text-indent: -5000px;
background: url(images/buttons.png) -7px -377px no-repeat;
}
--
Gitblit v1.9.1