From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 skins/larry/settings.css |  264 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 260 insertions(+), 4 deletions(-)

diff --git a/skins/larry/settings.css b/skins/larry/settings.css
index 736c3d4..1734b55 100644
--- a/skins/larry/settings.css
+++ b/skins/larry/settings.css
@@ -1,13 +1,269 @@
 /**
  * Roundcube webmail styles for the Settings section
  *
- * Copyright (c) 2011, The Roundcube Dev Team
+ * Copyright (c) 2012, The Roundcube Dev Team
  * Screendesign by FLINT / B�ro f�r Gestaltung, bueroflint.com
  *
  * The contents are subject to the Creative Commons Attribution-ShareAlike
  * License. It is allowed to copy, distribute, transmit and to adapt the work
  * by keeping credits to the original autors in the README file.
  * See http://creativecommons.org/licenses/by-sa/3.0/ for details.
- *
- * $Id$
- */
\ No newline at end of file
+ */
+
+#settings-sections {
+	position: absolute;
+	top: 0;
+	left: 0;
+	width: 200px;
+	bottom: 0;
+}
+
+#pluginbody,
+#settings-right {
+	position: absolute;
+	top: 0;
+	left: 212px;
+	right: 0;
+	bottom: 0;
+}
+
+#sectionslist {
+	position: absolute;
+	top: 0;
+	left: 0;
+	width: 260px;
+	bottom: 0;
+}
+
+#preferences-box {
+	position: absolute;
+	top: 0;
+	left: 272px;
+	right: 0;
+	bottom: 0;
+}
+
+#preferences-frame {
+	border: 0;
+	border-radius: 4px 4px 0 0;
+}
+
+#sections-table tbody td.section,
+#settings-sections span.listitem a,
+#settings-sections span.tablink a {
+	padding-left: 36px;
+	background-image: url(images/listicons.png);
+	background-position: -100px 0;
+	background-repeat: no-repeat;
+}
+
+/* note: support span.tablink because this is used by plugins */
+#settings-sections span.listitem a,
+#settings-sections span.tablink a {
+	background-position: 6px -862px;
+}
+
+#settings-sections span.selected a,
+#settings-sections span.tablink.selected a {
+	background-position: 6px -887px;
+}
+
+#settings-sections span.preferences a {
+	background-position: 6px -431px;
+}
+
+#settings-sections span.preferences.selected a {
+	background-position: 6px -455px;
+}
+
+#settings-sections span.folders a,
+#sections-table #rcmrowfolders td.section {
+	background-position: 6px 2px;
+}
+
+#settings-sections span.folders.selected a,
+#sections-table #rcmrowfolders.selected td.section {
+	background-position: 6px -22px;
+}
+
+#settings-sections span.identities a {
+	background-position: 6px -478px;
+}
+
+#settings-sections span.identities.selected a {
+	background-position: 6px -502px;
+}
+
+#settings-sections span.filter a {
+	background-position: 6px -1746px;
+}
+
+#settings-sections span.filter.selected a {
+	background-position: 6px -1770px;
+}
+
+#settings-sections span.password a {
+	background-position: 6px -1795px;
+}
+
+#settings-sections span.password.selected a {
+	background-position: 6px -1819px;
+}
+
+#sections-table #rcmrowgeneral td.section {
+	background-position: 6px -573px;
+}
+
+#sections-table #rcmrowgeneral.selected td.section {
+	background-position: 6px -598px;
+}
+
+#sections-table #rcmrowmailbox td.section {
+	background-position: 6px -621px;
+}
+
+#sections-table #rcmrowmailbox.selected td.section {
+	background-position: 6px -646px;
+}
+
+#sections-table #rcmrowcompose td.section {
+	background-position: 6px -670px;
+}
+
+#sections-table #rcmrowcompose.selected td.section {
+	background-position: 6px -695px;
+}
+
+#sections-table #rcmrowmailview td.section {
+	background-position: 6px -718px;
+}
+
+#sections-table #rcmrowmailview.selected td.section {
+	background-position: 6px -742px;
+}
+
+#sections-table #rcmrowaddressbook td.section {
+	background-position: 6px -766px;
+}
+
+#sections-table #rcmrowaddressbook.selected td.section {
+	background-position: 6px -791px;
+}
+
+#sections-table #rcmrowserver td.section {
+	background-position: 6px -814px;
+}
+
+#sections-table #rcmrowserver.selected td.section {
+	background-position: 6px -838px;
+}
+
+#sections-table #rcmrowcalendar td.section {
+	background-position: 6px -526px;
+}
+
+#sections-table #rcmrowcalendar.selected td.section {
+	background-position: 6px -550px;
+}
+
+#folderslist,
+#identitieslist {
+	position: absolute;
+	top: 0;
+	left: 0;
+	width: 260px;
+	bottom: 0;
+}
+
+#identities-table {
+	width: 100%;
+	table-layout: fixed;
+}
+
+#identities-table tbody td.mail {
+	width: 100%;
+	overflow: hidden;
+	text-overflow: ellipsis;
+}
+
+#folder-details,
+#identity-details {
+	position: absolute;
+	top: 0;
+	left: 272px;
+	right: 0;
+	bottom: 0;
+}
+
+#subscription-table {
+	table-layout: fixed;
+}
+
+#subscription-table tr.root td {
+	font-size: 5%;
+	height: 5px;
+	padding: 2px;
+}
+
+#subscription-table td.name {
+	width: 85%;
+	overflow: hidden;
+	text-overflow: ellipsis;
+}
+
+#subscription-table td.subscribed {
+	min-width: 30px;
+	padding: 3px 12px 3px 3px;
+	text-align: right;
+}
+
+.skinselection {
+	display: block;
+}
+
+.skinselection span {
+	display: inline-block;
+	vertical-align: middle;
+	padding-right: 1em;
+}
+
+.skinselection .skinname {
+	font-weight: bold;
+}
+
+.skinselection .skinlicense,
+.skinselection .skinlicense a {
+	font-style: italic;
+	color: #666;
+	text-decoration: none;
+}
+
+.skinselection .skinlicense a:hover {
+	text-decoration: underline;
+}
+
+img.skinthumbnail {
+	width: 64px;
+	height: 64px;
+	border: 1px solid #ccc;
+	background: #fff;
+	border-radius: 4px;
+}
+
+#pluginlist td.version {
+	width: 5em;
+}
+
+.webkit #pluginlist td.version {
+	width: 6em;
+}
+
+#pluginlist td.license,
+#pluginlist td.source {
+	width: 8em;
+}
+
+.webkit #pluginlist td.license,
+.webkit #pluginlist td.source {
+	width: 9em;
+}

--
Gitblit v1.9.1