From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
skins/larry/mail.css | 496 ++++++++++++++++++++++++++++++++++++++++--------------
1 files changed, 363 insertions(+), 133 deletions(-)
diff --git a/skins/larry/mail.css b/skins/larry/mail.css
index 27cc768..0f7752a 100644
--- a/skins/larry/mail.css
+++ b/skins/larry/mail.css
@@ -2,14 +2,12 @@
* Roundcube webmail styles for the Email section
*
* Copyright (c) 2012, The Roundcube Dev Team
- * Screendesign by FLINT / B�ro f�r Gestaltung, bueroflint.com
+ * Screendesign by FLINT / B�ro f�r Gestaltung, bueroflint.com
*
* The contents are subject to the Creative Commons Attribution-ShareAlike
* License. It is allowed to copy, distribute, transmit and to adapt the work
* by keeping credits to the original autors in the README file.
* See http://creativecommons.org/licenses/by-sa/3.0/ for details.
- *
- * $Id$
*/
#mailview-left {
@@ -18,6 +16,7 @@
left: 0;
width: 220px;
bottom: 0;
+ z-index: 2;
}
#mailview-right {
@@ -26,6 +25,11 @@
left: 232px;
right: 0;
bottom: 0;
+ z-index: 3;
+}
+
+#mailview-right.fullwidth {
+ left: 0;
}
#mailview-top {
@@ -45,7 +49,9 @@
left: 0;
bottom: 0;
width: 100%;
- height: 26px;
+ height: 27px;
+ border-radius: 4px;
+ border-top: none;
}
#folderlist-header {
@@ -135,6 +141,11 @@
background-position: 6px 2px;
}
+#mailboxlist > li:first-child {
+ border-radius: 4px 4px 0 0;
+ border-top: 0;
+}
+
#mailboxlist li.mailbox a {
padding-left: 36px;
white-space: nowrap;
@@ -145,7 +156,7 @@
background-position: 6px 3px;
}
-#mailboxlist li.mailbox.unread a {
+#mailboxlist li.mailbox.unread > a {
padding-right: 36px;
}
@@ -213,6 +224,17 @@
color: #017cb4;
}
+#mailboxlist li.mailbox div.treetoggle {
+ top: 13px;
+ left: 19px;
+}
+
+#mailboxlist li.mailbox ul li:last-child {
+ border-bottom: 0;
+}
+
+/* nested mailboxes */
+
#mailboxlist li.mailbox ul {
list-style: none;
margin: 0;
@@ -220,50 +242,57 @@
border-top: 1px solid #bbd3da;
}
-#mailboxlist li.mailbox ul li {
- padding-left: 26px;
-}
-
#mailboxlist li.mailbox ul li a {
- background-position: 6px -93px;
+ padding-left: 52px; /* 36 + 1 x 16 */
+ background-position: 22px -93px; /* 6 + 1 x 16 */
}
-
#mailboxlist li.mailbox ul li.selected > a {
- background-position: 6px -117px;
+ background-position: 22px -117px;
}
-
-#mailboxlist li.mailbox ul li:last-child {
- border-bottom: 0;
-}
-
-#mailboxlist li.mailbox div.collapsed,
-#mailboxlist li.mailbox div.expanded {
- position: absolute;
- top: 13px;
- left: 19px;
- width: 13px;
- height: 13px;
- background: url(images/listicons.png) -3px -144px no-repeat;
- cursor: pointer;
-}
-
-#mailboxlist li.mailbox div.expanded {
- background-position: -3px -168px;
-}
-
-#mailboxlist li.mailbox.selected > div.collapsed {
- background-position: -23px -144px;
-}
-
-#mailboxlist li.mailbox.selected > div.expanded {
- background-position: -23px -168px;
-}
-
-
-#mailboxlist li.mailbox ul li div.collapsed,
-#mailboxlist li.mailbox ul li div.expanded {
- left: 43px;
+#mailboxlist li.mailbox ul li div.treetoggle {
+ left: 33px;
top: 14px;
+}
+
+#mailboxlist li.mailbox ul ul li.mailbox a {
+ padding-left: 68px; /* 2x */
+ background-position: 38px -93px;
+}
+#mailboxlist li.mailbox ul ul li.selected > a {
+ background-position: 38px -117px;
+}
+#mailboxlist li.mailbox ul ul li div.treetoggle {
+ left: 48px;
+}
+
+#mailboxlist li.mailbox ul ul ul li.mailbox a {
+ padding-left: 84px; /* 3x */
+ background-position: 54px -93px;
+}
+#mailboxlist li.mailbox ul ul ul li.selected > a {
+ background-position: 54px -117px;
+}
+#mailboxlist li.mailbox ul ul ul li div.treetoggle {
+ left: 64px;
+}
+
+#mailboxlist li.mailbox ul ul ul ul li.mailbox a {
+ padding-left: 100px; /* 4x */
+ background-position: 70px -93px;
+}
+#mailboxlist li.mailbox ul ul ul ul li.selected > a {
+ background-position: 70px -117px;
+}
+#mailboxlist li.mailbox ul ul ul ul li div.treetoggle {
+ left: 80px;
+}
+
+/* indent folders on levels > 4 */
+#mailboxlist li.mailbox ul ul ul ul ul li {
+ padding-left: 16px;
+}
+#mailboxlist li.mailbox ul ul ul ul ul li div.treetoggle {
+ left: 96px;
}
#mailboxlist li.mailbox .unreadcount {
@@ -319,7 +348,7 @@
position: absolute;
right: 256px;
width: auto;
- top: 7px;
+ top: 2px;
}
#searchfilter select {
@@ -332,29 +361,30 @@
width: 100%;
}
-#mailboxtoolbar,
#messagetoolbar {
position: absolute;
top: -6px;
- right: 390px;
left: 0;
height: 40px;
white-space: nowrap;
+ z-index: 10;
}
#messagetoolbar.fullwidth {
right: 0;
}
-#mailboxtoolbar {
- right: 0;
+#messagetoolbar .toolbarselect {
+ position: absolute;
+ bottom: 6px;
+ right: 3px;
}
#messagesearchtools {
position: absolute;
right: 0;
top: 0;
- width: 240px;
+ width: 400px;
}
#mailpreviewtoggle {
@@ -375,11 +405,7 @@
/*** message list ***/
#messagelist thead td:first-child {
- border-radius: 4px 0 0 0;
-}
-
-#messagelist thead td:last-child {
- border-radius: 0 4px 0 0;
+ border-radius: 4px 0 0 0; /* for Chrome */
}
#messagelist tr td.attachment,
@@ -412,12 +438,16 @@
border-left: 0;
}
-
#messagelist tr td.size {
width: 60px;
text-align: right;
}
+#messagelist thead tr td.size {
+ text-align: left;
+}
+
+#messagelist tr td.fromto,
#messagelist tr td.from,
#messagelist tr td.to,
#messagelist tr td.cc,
@@ -608,12 +638,12 @@
}
#messagelist tr td div.collapsed {
- background-position: 0 -1136px;
+ background-position: 0 -1137px;
cursor: pointer;
}
#messagelist tr td div.expanded {
- background-position: 0 -1156px;
+ background-position: 0 -1157px;
cursor: pointer;
}
@@ -671,12 +701,11 @@
#messagecontent {
position: absolute;
- top: 140px;
+ top: 110px;
left: 0;
width: 100%;
- bottom: 0;
+ bottom: 27px;
overflow: auto;
- border-radius: 4px 4px 0 0;
}
#messageheader,
@@ -685,11 +714,20 @@
position: relative;
padding: 3px 0;
background: #f9f9f9;
- background: -moz-linear-gradient(top, #fff 0%, #e9e9e9 100%);
- background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#fff), color-stop(100%,#e9e9e9));
- background: -o-linear-gradient(top, #fff 0%, #e9e9e9 100%);
- background: -ms-linear-gradient(top, #fff 0%, #e9e9e9 100%);
- background: linear-gradient(top, #fff 0%, #e9e9e9 100%);
+ background: -moz-linear-gradient(top, #fff 0%, #f0f0f0 100%);
+ background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#fff), color-stop(100%,#f0f0f0));
+ background: -o-linear-gradient(top, #fff 0%, #f0f0f0 100%);
+ background: -ms-linear-gradient(top, #fff 0%, #f0f0f0 100%);
+ background: linear-gradient(top, #fff 0%, #f0f0f0 100%);
+ border-bottom: 1px solid #dfdfdf;
+}
+
+#mailview-right #messageheader {
+ border-radius: 4px 4px 0 0;
+ padding-left: 78px;
+ /* avoid headers eating up all the vertical space */
+ max-height: 50%;
+ overflow: auto;
}
h2.subject {
@@ -701,9 +739,13 @@
text-overflow: ellipsis;
}
+#mailview-right #messageheader h2.subject {
+ margin-left: -56px;
+}
+
h3.subject {
font-size: 14px;
- margin: 0 8em 0 0;
+ margin: 0 12em 0 0;
padding: 8px 8px 4px 8px;
white-space: nowrap;
overflow: hidden;
@@ -715,16 +757,23 @@
padding: 2px 8px;
}
-.headers-table td.header {
+.headers-table td.header,
+.ui-dialog-content.popup span.adr {
font-weight: bold;
}
-.headers-table td.header a {
+.headers-table td.header-title {
+ white-space: nowrap;
+}
+
+.headers-table td.header a,
+.ui-dialog-content.popup span.adr a {
color: #666;
text-decoration: none;
}
-.headers-table td.header a:hover {
+.headers-table td.header a:hover,
+.ui-dialog-content.popup span.adr a:hover {
text-decoration: underline;
}
@@ -734,8 +783,15 @@
font-weight: bold;
}
-.headers-table td.header span {
+.headers-table td.header span,
+.ui-dialog-content.popup span.adr {
white-space: nowrap;
+}
+
+.headers-table td.header a.morelink {
+ color: #0069a6;
+ white-space: nowrap;
+ font-weight: normal;
}
.rcmaddcontact {
@@ -762,7 +818,7 @@
padding-right: 18px;
}
-#previewheaderstoggle {
+.moreheaderstoggle {
display: block;
position: absolute;
top: 0;
@@ -778,9 +834,10 @@
background: -ms-linear-gradient(left, #fbfbfb 0, #e9e9e9 100%);
background: linear-gradient(left, #fbfbfb 0, #e9e9e9 100%);
border-right: 1px solid #dfdfdf;
+ border-radius: 3px 0 0 0; /* for Opera */
}
-#previewheaderstoggle .iconlink {
+.moreheaderstoggle .iconlink {
display: inline-block;
position: absolute;
top: 8px;
@@ -790,30 +847,42 @@
background: url(images/buttons.png) -27px -242px no-repeat;
}
-#previewheaderstoggle.remove .iconlink {
+.moreheaderstoggle.remove .iconlink {
top: auto;
bottom: 5px;
background-position: -5px -242px;
}
+#full-headers {
+ position: relative;
+}
+
div.more-headers {
- cursor: pointer;
+ position: absolute;
+ top: -12px;
+ right: 10px;
+ width: 12px;
height: 10px;
- background: url(images/buttons.png) center -1619px no-repeat;
+ cursor: pointer;
+ background: url(images/buttons.png) center -1579px no-repeat;
}
div.hide-headers {
- background-position: center -1629px;
+ background-position: center -1589px;
}
#all-headers {
- position: relative;
- margin: 0 10px;
+ position: relative;
+ margin: 4px 10px;
padding: 0;
height: 180px;
- border: 1px solid #bbb;
+ border: 1px solid #ccc;
border-radius: 4px;
- background: #fff;
+ background: #fdfdfd;
+ -moz-box-shadow: inset 0 0 1px 1px rgba(0,0,0, 0.1);
+ -webkit-box-shadow: inset 0 0 1px 1px rgba(0,0,0, 0.1);
+ -o-box-shadow: inset 0 0 1px 1px rgba(0,0,0, 0.1);
+ box-shadow: inset 0 0 1px 1px rgba(0,0,0, 0.1);
}
#headers-source {
@@ -823,30 +892,72 @@
left: 0;
right: 0;
bottom: 0;
- padding: 2px 5px;
+ padding: 3px 6px;
overflow: auto;
text-align: left;
color: #333;
}
-#messagepreviewheader {
- position: relative;
- height: auto;
- margin: 0 8px 0 0;
- padding: 0 0 6px 26px;
- border-bottom: 2px solid #f0f0f0;
+#messageheader.previewheader #all-headers {
+ margin-left: 0;
}
-#messagepreviewheader h3.subject {
+#messageheader.previewheader {
+ position: relative;
+ height: auto;
+ min-height: 52px;
+ padding: 0 0 3px 72px;
+}
+
+#messageheader.previewheader h3.subject {
padding: 8px 8px 2px 0;
}
-#messagepreviewheader #countcontrols,
+#messageheader.previewheader #contactphoto {
+ display: block;
+ position: absolute;
+ top: 11px;
+ left: 30px;
+ width: 32px;
+ height: 32px;
+ overflow: hidden;
+ background: url(images/contactpic_32px.png) center center no-repeat #fff;
+ border-radius: 3px;
+}
+
+#messageheader.previewheader #contactphoto img {
+ width: 32px;
+ height: auto;
+ border-radius: 3px;
+}
+
+#messageheader .message-headers {
+ min-height: 60px;
+}
+
+#messageheader #contactphoto {
+ display: block;
+ position: absolute;
+ top: 34px;
+ left: 30px;
+ width: 48px;
+ height: 48px;
+ overflow: hidden;
+ border-radius: 4px;
+ border: 1px solid #e6e6e6;
+ background: url(images/contactpic_48px.png) center center no-repeat #fff;
+}
+
+#messageheader #contactphoto img {
+ width: 48px;
+ height: auto;
+ border-radius: 4px;
+}
+
#messageheader #countcontrols {
position: absolute;
top: 8px;
right: 8px;
- width: 18em;
text-align: right;
white-space: nowrap;
}
@@ -877,9 +988,11 @@
min-height: 200px;
background: #f0f0f0;
padding: 8px;
+ border-radius: 4px;
}
#messagebody {
+ position: relative;
margin: 8px;
}
@@ -894,7 +1007,7 @@
color: #960;
border: 1px solid #ffdf0e;
background-color: #fef893;
- background-position: 5px -85px;
+ background-position: 5px -83px;
padding: 6px 12px 4px 30px;
white-space: normal;
}
@@ -905,12 +1018,14 @@
}
div.message-part,
-div.message-htmlpart {
- padding: 0 2px 10px 2px;
- border-top: 2px solid #f0f0f0;
+div.message-htmlpart,
+div.message-partheaders {
+ padding: 10px 2px;
+ border-top: 1px solid #ccc;
}
#messagebody div:first-child {
+ padding-top: 0;
border-top: 0;
}
@@ -951,6 +1066,24 @@
border-right: 2px solid #bb0000;
}
+div.message-partheaders {
+ margin-top: 8px;
+ padding: 8px 0;
+}
+
+div.message-partheaders .headers-table {
+ width: 100%;
+}
+
+div.message-partheaders .headers-table td.header-title {
+ width: auto;
+ padding-left: 0;
+}
+
+div.message-partheaders .headers-table td.header {
+ width: 88%;
+}
+
#messagebody > hr {
color: #fff;
background: #fff;
@@ -958,8 +1091,49 @@
border-bottom: 2px solid #f0f0f0;
}
-#messagebody > p > img {
+#messagebody fieldset.image-attachment {
+ border: 0;
+ border-top: 1px solid #ccc;
+ margin-top: 1em;
+}
+
+#messagebody fieldset.image-attachment p > img {
max-width: 80%;
+}
+
+#messagebody legend.image-filename {
+ color: #999;
+ font-size: 0.9em;
+ margin: 0 1em;
+}
+
+#messagebody p.image-attachment {
+ position: relative;
+ padding: 1em;
+ border-top: 1px solid #ccc;
+}
+
+#messagebody p.image-attachment a.image-link {
+ float: left;
+ display: block;
+ margin-right: 2em;
+ min-width: 160px;
+ min-height: 60px;
+ text-align: center;
+}
+
+#messagebody p.image-attachment .image-filename {
+ display: block;
+ font-weight: bold;
+ line-height: 1.6em;
+}
+
+#messagebody p.image-attachment .image-filesize {
+ padding-right: 1em;
+}
+
+#messagebody p.image-attachment .attachment-links a {
+ margin-right: 0.6em;
}
#messagepartcontainer {
@@ -972,6 +1146,8 @@
#messagepartframe {
border: 0;
+ width: 100%;
+ height: 100%;
}
/*** message composition ***/
@@ -1000,6 +1176,23 @@
bottom: 0;
}
+#composequicksearch {
+ position: relative;
+ padding: 4px;
+ background: #c7e3ef;
+}
+
+#composequicksearch .searchbox input {
+ width: 100%;
+ height: 26px;
+ -moz-box-sizing: border-box;
+ box-sizing: border-box;
+}
+
+#composequicksearch #searchmenulink {
+ width: 15px;
+}
+
#compose-contacts #directorylist {
border-bottom: 4px solid #c7e3ef;
}
@@ -1021,11 +1214,31 @@
display: block;
}
+#contacts-table td span.email {
+ display: inline;
+ color: #69939e;
+ font-style: italic;
+ margin-left: 0.5em;
+}
+
#compose-contacts li a, #contacts-table td {
background: url(images/listicons.png) -100px 0 no-repeat;
overflow: hidden;
padding-left: 36px;
text-overflow: ellipsis;
+}
+
+#contacts-table td.contactgroup a {
+ color: #376572;
+ text-decoration: none;
+}
+
+#contacts-table td.contactgroup a span {
+ display: inline-block;
+ font-size: 16px;
+ font-weight: bold;
+ line-height: 11px;
+ margin-left: 0.3em;
}
#contacts-table tr:first-child td {
@@ -1058,46 +1271,48 @@
background-position: 6px -1627px;
}
-
#compose-content {
position: absolute;
top: 42px;
left: 0;
width: 100%;
bottom: 28px;
- border-bottom-left-radius: 0;
- border-bottom-right-radius: 0;
+ border-radius: 4px 4px 0 0;
+ border-bottom: none;
overflow: hidden;
}
#composeheaders {
border-radius: 4px 4px 0 0;
- -webkit-box-shadow: 0 2px 3px 0 #999;
- -moz-box-shadow: 0 2px 3px 0 #999;
- box-shadow: 0 2px 3px 0 #999;
+ padding-left: 19px;
}
#composebuttons {
position: absolute;
- top: 8px;
- right: 8px;
+ top: 6px;
+ right: 6px;
width: auto;
white-space: nowrap;
z-index: 100;
}
+#composebuttons a.button.extwin {
+ padding: 2px 3px;
+}
+
.compose-headers {
width: 99%;
- margin: 4px 0;
+ margin-bottom: 2px;
}
.compose-headers td {
- padding: 4px 4px 4px 8px;
+ padding: 2px 4px;
}
.compose-headers td.title {
width: 11%;
white-space: nowrap;
+ padding-left: 6px;
}
.compose-headers td.title label {
@@ -1133,55 +1348,43 @@
.compose-headers td input {
width: 100%;
resize: none;
+ font-family: "Lucida Grande", Verdana, Arial, Helvetica, sans-serif;
+ font-size: 11px;
}
#compose-cc, #compose-bcc, #compose-replyto, #compose-followupto {
display: none;
}
-#composeoptionsbox {
- padding: 4px 8px 0 8px;
- background: #d2d2d2;
- border-bottom: 1px solid #e8e8e8;
- -webkit-box-shadow: 0 2px 3px 0 #999;
- -moz-box-shadow: 0 2px 3px 0 #999;
- box-shadow: 0 2px 3px 0 #999;
- white-space: nowrap;
-}
-
#composeoptions {
display: none;
- padding: 2px 0;
+ padding: 2px 0 0 8px;
white-space: normal;
+ border-top: 1px solid #dfdfdf;
+ box-shadow: inset 0 1px 0 0 #fff;
+ -o-box-shadow: inset 0 1px 0 0 #fff;
+ -webkit-box-shadow: inset 0 1px 0 0 #fff;
+ -moz-box-shadow: inset 0 1px 0 0 #fff;
+
}
.composeoption {
+ color: #666;
padding-right: 22px;
white-space: nowrap;
}
#composeoptions .composeoption {
display: inline-block;
- padding: 4px 28px 4px 0;
+ padding: 4px 22px 4px 0;
}
#composeoptions .composeoption:last-child {
padding-right: 4px;
}
-#composeoptionstoggle {
- display: inline-block;
- position: relative;
- top: -1px;
- left: 6px;
- width: 20px;
- height: 18px;
- background: url(images/buttons.png) -3px -1640px no-repeat;
- text-decoration: none;
-}
-
-#composeoptionstoggle.enabled {
- background-position: -28px -1640px;
+.mozilla .composeoption input {
+ vertical-align: -3px;
}
#composeview-bottom {
@@ -1198,24 +1401,35 @@
bottom: 0;
}
+#composebodycontainer.buttons {
+ bottom: 42px;
+}
+
#composebody {
position: absolute;
- top: 1px;
+ top: 0;
left: 0;
bottom: 0;
width: 99%;
border: 0;
border-radius: 0;
padding: 8px 0 8px 8px;
- box-shadow: none;
resize: none;
font-family: monospace;
font-size: 9pt;
outline: none;
+ box-shadow: inset 0 0 2px 1px rgba(0,0,0, 0.2);
+ -moz-box-shadow: inset 0 0 2px 1px rgba(0,0,0, 0.2);
+ -webkit-box-shadow: inset 0 0 2px 1px rgba(0,0,0, 0.2);
+ -o-box-shadow: inset 0 0 2px 1px rgba(0,0,0, 0.2);
}
#composebody:active,
#composebody:focus {
+ box-shadow: inset 0 0 3px 2px rgba(71,135,177, 0.9);
+ -moz-box-shadow: inset 0 0 3px 2px rgba(71,135,177, 0.9);
+ -webkit-box-shadow: inset 0 0 3px 2px rgba(71,135,177, 0.9);
+ -o-box-shadow: inset 0 0 3px 2px rgba(71,135,177, 0.9);
}
#compose-attachments {
@@ -1255,11 +1469,27 @@
-o-box-shadow: 0 0 5px 2px rgba(71,135,177, 0.9);
}
+#composeview-bottom .formbuttons.floating {
+ position: absolute;
+ width: auto;
+ right: 260px;
+ z-index: 200;
+ padding-bottom: 8px;
+}
+
.defaultSkin table.mceLayout,
.defaultSkin table.mceLayout tr.mceLast td {
border: 0 !important;
}
+.defaultSkin td.mceToolbar {
+ border: 0 !important;
+}
+
+.defaultSkin table.mceLayout tr.mceFirst td {
+ background: #f0f0f0;
+}
+
#composebody_toolbargroup {
border-bottom: 1px solid #ddd;
}
--
Gitblit v1.9.1