From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
skins/larry/styles.css | 97 +++++++++++++++++++++++++++++++++++++++++++++---
1 files changed, 90 insertions(+), 7 deletions(-)
diff --git a/skins/larry/styles.css b/skins/larry/styles.css
index 34d7dad..39f01f7 100644
--- a/skins/larry/styles.css
+++ b/skins/larry/styles.css
@@ -8,8 +8,6 @@
* License. It is allowed to copy, distribute, transmit and to adapt the work
* by keeping credits to the original autors in the README file.
* See http://creativecommons.org/licenses/by-sa/3.0/ for details.
- *
- * $Id$
*/
body {
@@ -510,6 +508,10 @@
/*** basic page layout ***/
+#header {
+ overflow-x: hidden; /* Chrome bug #1488851 */
+}
+
#topline {
height: 18px;
background: url(images/linen_header.jpg) repeat #666;
@@ -520,6 +522,7 @@
}
#topnav {
+ position: relative;
height: 46px;
margin-bottom: 10px;
padding: 0 0 0 10px;
@@ -621,6 +624,17 @@
-moz-box-sizing: content-box;
box-sizing: content-box;
opacity: 0.999;
+}
+
+.partwin #topline {
+ position: absolute;
+ right: 6px;
+ top: 18px;
+ width: auto;
+ z-index: 100;
+ background: transparent;
+ background: none;
+ border: 0;
}
.minimal #topline a.button-logout {
@@ -805,6 +819,10 @@
top: 102px;
}
+.partwin #mainscreen {
+ top: 60px
+}
+
.extwin #mainscreen {
top: 40px;
}
@@ -858,6 +876,15 @@
background-position: center;
background-repeat: no-repeat;
}
+
+/* fix scrolling within iframes in webkit browsers on touch devices */
+@media screen and (-webkit-min-device-pixel-ratio:0) and (max-device-width:1024px) {
+ .iframebox {
+ overflow: auto;
+ -webkit-overflow-scrolling: touch;
+ }
+}
+
/*** lists ***/
@@ -968,9 +995,17 @@
background-color: #d9ecf4;
}
+ul.listing li ul {
+ border-top: 1px solid #bbd3da;
+}
+
ul.listing li.droptarget,
table.listing tr.droptarget td {
background-color: #e8e798;
+}
+
+.listbox table.listing {
+ background-color: #d9ecf4;
}
table.listing,
@@ -982,6 +1017,32 @@
table.layout td {
vertical-align: top;
+}
+
+ul.treelist li {
+ position: relative;
+}
+
+ul.treelist li div.treetoggle {
+ position: absolute;
+ top: 13px;
+ left: 19px;
+ width: 13px;
+ height: 13px;
+ background: url(images/listicons.png) -3px -144px no-repeat;
+ cursor: pointer;
+}
+
+ul.treelist li div.treetoggle.expanded {
+ background-position: -3px -168px;
+}
+
+ul.treelist li.selected > div.collapsed {
+ background-position: -23px -144px;
+}
+
+ul.treelist li.selected > div.expanded {
+ background-position: -23px -168px;
}
.listbox .boxfooter {
@@ -1226,6 +1287,10 @@
body.iframe {
background: #fff;
margin: 38px 0 10px 0;
+}
+
+body.iframe.error {
+ background: #ededed;
}
body.iframe.floatingbuttons {
@@ -1496,17 +1561,21 @@
/*** quicksearch **/
+.searchbox {
+ position: relative;
+}
+
#quicksearchbar {
position: absolute;
right: 1px;
- top: 0;
+ top: 2px;
width: 240px;
}
+.searchbox input,
#quicksearchbar input {
width: 176px;
margin: 0;
- margin-top: 7px;
padding: 3px 30px 3px 34px;
height: 18px;
background: #f1f1f1;
@@ -1515,15 +1584,17 @@
font-size: 11px;
}
+.searchbox #searchmenulink,
#quicksearchbar #searchmenulink {
position: absolute;
- top: 12px;
+ top: 5px;
left: 6px;
}
+.searchbox #searchreset,
#quicksearchbar #searchreset {
position: absolute;
- top: 11px;
+ top: 4px;
right: 1px;
}
@@ -1555,6 +1626,7 @@
-o-box-shadow: none;
background: url(images/buttons.png) -100px 0 no-repeat transparent;
border: 0;
+ border-radius: 0;
}
.toolbar a.button.disabled {
@@ -2141,10 +2213,21 @@
background-position: 0 -390px;
}
-.attachmentslist li.html {
+.attachmentslist li.sig,
+.attachmentslist li.pgp-signature,
+.attachmentslist li.pkcs7-signature {
background-position: 0 -442px;
}
+.attachmentslist li.html {
+ background-position: 0 -468px;
+}
+
+.attachmentslist li.eml,
+.attachmentslist li.rfc822 {
+ background-position: 0 -494px;
+}
+
.attachmentslist li a,
#compose-attachments ul li {
display: block;
--
Gitblit v1.9.1