From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 skins/larry/mail.css |  259 ++++++++++++++++++++++++++++++++++++++-------------
 1 files changed, 194 insertions(+), 65 deletions(-)

diff --git a/skins/larry/mail.css b/skins/larry/mail.css
index b95be00..0f7752a 100644
--- a/skins/larry/mail.css
+++ b/skins/larry/mail.css
@@ -2,14 +2,12 @@
  * Roundcube webmail styles for the Email section
  *
  * Copyright (c) 2012, The Roundcube Dev Team
- * Screendesign by FLINT / B�ro f�r Gestaltung, bueroflint.com
+ * Screendesign by FLINT / B�ro f�r Gestaltung, bueroflint.com
  *
  * The contents are subject to the Creative Commons Attribution-ShareAlike
  * License. It is allowed to copy, distribute, transmit and to adapt the work
  * by keeping credits to the original autors in the README file.
  * See http://creativecommons.org/licenses/by-sa/3.0/ for details.
- *
- * $Id$
  */
 
 #mailview-left {
@@ -51,7 +49,9 @@
 	left: 0;
 	bottom: 0;
 	width: 100%;
-	height: 26px;
+	height: 27px;
+	border-radius: 4px;
+	border-top: none;
 }
 
 #folderlist-header {
@@ -141,8 +141,9 @@
 	background-position: 6px 2px;
 }
 
-#mailboxlist li:first-child {
+#mailboxlist > li:first-child {
 	border-radius: 4px 4px 0 0;
+	border-top: 0;
 }
 
 #mailboxlist li.mailbox a {
@@ -155,7 +156,7 @@
 	background-position: 6px 3px;
 }
 
-#mailboxlist li.mailbox.unread a {
+#mailboxlist li.mailbox.unread > a {
 	padding-right: 36px;
 }
 
@@ -223,6 +224,17 @@
 	color: #017cb4;
 }
 
+#mailboxlist li.mailbox div.treetoggle {
+	top: 13px;
+	left: 19px;
+}
+
+#mailboxlist li.mailbox ul li:last-child {
+	border-bottom: 0;
+}
+
+/* nested mailboxes */
+
 #mailboxlist li.mailbox ul {
 	list-style: none;
 	margin: 0;
@@ -230,50 +242,57 @@
 	border-top: 1px solid #bbd3da;
 }
 
-#mailboxlist li.mailbox ul li {
-	padding-left: 26px;
-}
-
 #mailboxlist li.mailbox ul li a {
-	background-position: 6px -93px;
+	padding-left: 52px;  /* 36 + 1 x 16 */
+	background-position: 22px -93px;  /* 6 + 1 x 16 */
 }
-
 #mailboxlist li.mailbox ul li.selected > a {
-	background-position: 6px -117px;
+	background-position: 22px -117px;
 }
-
-#mailboxlist li.mailbox ul li:last-child {
-	border-bottom: 0;
-}
-
-#mailboxlist li.mailbox div.collapsed,
-#mailboxlist li.mailbox div.expanded {
-	position: absolute;
-	top: 13px;
-	left: 19px;
-	width: 13px;
-	height: 13px;
-	background: url(images/listicons.png) -3px -144px no-repeat;
-	cursor: pointer;
-}
-
-#mailboxlist li.mailbox div.expanded {
-	background-position: -3px -168px;
-}
-
-#mailboxlist li.mailbox.selected > div.collapsed {
-	background-position: -23px -144px;
-}
-
-#mailboxlist li.mailbox.selected > div.expanded {
-	background-position: -23px -168px;
-}
-
-
-#mailboxlist li.mailbox ul li div.collapsed,
-#mailboxlist li.mailbox ul li div.expanded {
-	left: 43px;
+#mailboxlist li.mailbox ul li div.treetoggle {
+	left: 33px;
 	top: 14px;
+}
+
+#mailboxlist li.mailbox ul ul li.mailbox a {
+	padding-left: 68px;  /* 2x */
+	background-position: 38px -93px;
+}
+#mailboxlist li.mailbox ul ul li.selected > a {
+	background-position: 38px -117px;
+}
+#mailboxlist li.mailbox ul ul li div.treetoggle {
+	left: 48px;
+}
+
+#mailboxlist li.mailbox ul ul ul li.mailbox a {
+	padding-left: 84px;  /* 3x */
+	background-position: 54px -93px;
+}
+#mailboxlist li.mailbox ul ul ul li.selected > a {
+	background-position: 54px -117px;
+}
+#mailboxlist li.mailbox ul ul ul li div.treetoggle {
+	left: 64px;
+}
+
+#mailboxlist li.mailbox ul ul ul ul li.mailbox a {
+	padding-left: 100px;  /* 4x */
+	background-position: 70px -93px;
+}
+#mailboxlist li.mailbox ul ul ul ul li.selected > a {
+	background-position: 70px -117px;
+}
+#mailboxlist li.mailbox ul ul ul ul li div.treetoggle {
+	left: 80px;
+}
+
+/* indent folders on levels > 4 */
+#mailboxlist li.mailbox ul ul ul ul ul li {
+	padding-left: 16px;
+}
+#mailboxlist li.mailbox ul ul ul ul ul li div.treetoggle {
+	left: 96px;
 }
 
 #mailboxlist li.mailbox .unreadcount {
@@ -329,7 +348,7 @@
 	position: absolute;
 	right: 256px;
 	width: auto;
-	top: 7px;
+	top: 2px;
 }
 
 #searchfilter select {
@@ -419,10 +438,13 @@
 	border-left: 0;
 }
 
-
 #messagelist tr td.size {
 	width: 60px;
 	text-align: right;
+}
+
+#messagelist thead tr td.size {
+	text-align: left;
 }
 
 #messagelist tr td.fromto,
@@ -616,12 +638,12 @@
 }
 
 #messagelist tr td div.collapsed {
-	background-position: 0 -1136px;
+	background-position: 0 -1137px;
 	cursor: pointer;
 }
 
 #messagelist tr td div.expanded {
-	background-position: 0 -1156px;
+	background-position: 0 -1157px;
 	cursor: pointer;
 }
 
@@ -723,7 +745,7 @@
 
 h3.subject {
 	font-size: 14px;
-	margin: 0 8em 0 0;
+	margin: 0 12em 0 0;
 	padding: 8px 8px 4px 8px;
 	white-space: nowrap;
 	overflow: hidden;
@@ -909,6 +931,10 @@
 	border-radius: 3px;
 }
 
+#messageheader .message-headers {
+	min-height: 60px;
+}
+
 #messageheader #contactphoto {
 	display: block;
 	position: absolute;
@@ -932,7 +958,6 @@
 	position: absolute;
 	top: 8px;
 	right: 8px;
-	width: 20em;
 	text-align: right;
 	white-space: nowrap;
 }
@@ -967,6 +992,7 @@
 }
 
 #messagebody {
+	position: relative;
 	margin: 8px;
 }
 
@@ -981,7 +1007,7 @@
 	color: #960;
 	border: 1px solid #ffdf0e;
 	background-color: #fef893;
-	background-position: 5px -85px;
+	background-position: 5px -83px;
 	padding: 6px 12px 4px 30px;
 	white-space: normal;
 }
@@ -992,12 +1018,14 @@
 }
 
 div.message-part,
-div.message-htmlpart {
-	padding: 0 2px 10px 2px;
-	border-top: 2px solid #f0f0f0;
+div.message-htmlpart,
+div.message-partheaders {
+	padding: 10px 2px;
+	border-top: 1px solid #ccc;
 }
 
 #messagebody div:first-child {
+	padding-top: 0;
 	border-top: 0;
 }
 
@@ -1038,6 +1066,24 @@
 	border-right: 2px solid #bb0000;
 }
 
+div.message-partheaders {
+	margin-top: 8px;
+	padding: 8px 0;
+}
+
+div.message-partheaders .headers-table {
+	width: 100%;
+}
+
+div.message-partheaders .headers-table td.header-title {
+	width: auto;
+	padding-left: 0;
+}
+
+div.message-partheaders .headers-table td.header {
+	width: 88%;
+}
+
 #messagebody > hr {
 	color: #fff;
 	background: #fff;
@@ -1045,8 +1091,49 @@
 	border-bottom: 2px solid #f0f0f0;
 }
 
-#messagebody > p > img {
+#messagebody fieldset.image-attachment {
+	border: 0;
+	border-top: 1px solid #ccc;
+	margin-top: 1em;
+}
+
+#messagebody fieldset.image-attachment p > img {
 	max-width: 80%;
+}
+
+#messagebody legend.image-filename {
+	color: #999;
+	font-size: 0.9em;
+	margin: 0 1em;
+}
+
+#messagebody p.image-attachment {
+	position: relative;
+	padding: 1em;
+	border-top: 1px solid #ccc;
+}
+
+#messagebody p.image-attachment a.image-link {
+	float: left;
+	display: block;
+	margin-right: 2em;
+	min-width: 160px;
+	min-height: 60px;
+	text-align: center;
+}
+
+#messagebody p.image-attachment .image-filename {
+	display: block;
+	font-weight: bold;
+	line-height: 1.6em;
+}
+
+#messagebody p.image-attachment .image-filesize {
+	padding-right: 1em;
+}
+
+#messagebody p.image-attachment .attachment-links a {
+	margin-right: 0.6em;
 }
 
 #messagepartcontainer {
@@ -1059,6 +1146,8 @@
 
 #messagepartframe {
 	border: 0;
+	width: 100%;
+	height: 100%;
 }
 
 /*** message composition ***/
@@ -1087,6 +1176,23 @@
 	bottom: 0;
 }
 
+#composequicksearch {
+	position: relative;
+	padding: 4px;
+	background: #c7e3ef;
+}
+
+#composequicksearch .searchbox input {
+	width: 100%;
+	height: 26px;
+	-moz-box-sizing: border-box;
+	box-sizing: border-box;
+}
+
+#composequicksearch #searchmenulink {
+	width: 15px;
+}
+
 #compose-contacts #directorylist {
 	border-bottom: 4px solid #c7e3ef;
 }
@@ -1108,11 +1214,31 @@
 	display: block;
 }
 
+#contacts-table td span.email {
+	display: inline;
+	color: #69939e;
+	font-style: italic;
+	margin-left: 0.5em;
+}
+
 #compose-contacts li a, #contacts-table td {
 	background: url(images/listicons.png) -100px 0 no-repeat;
 	overflow: hidden;
 	padding-left: 36px;
 	text-overflow: ellipsis;
+}
+
+#contacts-table td.contactgroup a {
+	color: #376572;
+	text-decoration: none;
+}
+
+#contacts-table td.contactgroup a span {
+	display: inline-block;
+	font-size: 16px;
+	font-weight: bold;
+	line-height: 11px;
+	margin-left: 0.3em;
 }
 
 #contacts-table tr:first-child td {
@@ -1145,24 +1271,19 @@
 	background-position: 6px -1627px;
 }
 
-
 #compose-content {
 	position: absolute;
 	top: 42px;
 	left: 0;
 	width: 100%;
 	bottom: 28px;
-	border-bottom-left-radius: 0;
-	border-bottom-right-radius: 0;
+	border-radius: 4px 4px 0 0;
+	border-bottom: none;
 	overflow: hidden;
 }
 
 #composeheaders {
 	border-radius: 4px 4px 0 0;
-	-webkit-box-shadow: 0 2px 3px 0 #999;
-	-moz-box-shadow: 0 2px 3px 0 #999;
-	box-shadow: 0 2px 3px 0 #999;
-	border-bottom: 0;
 	padding-left: 19px;
 }
 
@@ -1262,6 +1383,10 @@
 	padding-right: 4px;
 }
 
+.mozilla .composeoption input {
+	vertical-align: -3px;
+}
+
 #composeview-bottom {
 	position: relative;
 	width: 100%;
@@ -1282,7 +1407,7 @@
 
 #composebody {
 	position: absolute;
-	top: 1px;
+	top: 0;
 	left: 0;
 	bottom: 0;
 	width: 99%;
@@ -1357,8 +1482,12 @@
 	border: 0 !important;
 }
 
+.defaultSkin td.mceToolbar {
+	border: 0 !important;
+}
+
 .defaultSkin table.mceLayout tr.mceFirst td {
-	background: #dfdfdf;
+	background: #f0f0f0;
 }
 
 #composebody_toolbargroup {

--
Gitblit v1.9.1