From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
skins/larry/styles.css | 512 ++++++++++++++++++++++++++++++++++++++++++++++++++++----
1 files changed, 474 insertions(+), 38 deletions(-)
diff --git a/skins/larry/styles.css b/skins/larry/styles.css
index 494a992..39f01f7 100644
--- a/skins/larry/styles.css
+++ b/skins/larry/styles.css
@@ -8,8 +8,6 @@
* License. It is allowed to copy, distribute, transmit and to adapt the work
* by keeping credits to the original autors in the README file.
* See http://creativecommons.org/licenses/by-sa/3.0/ for details.
- *
- * $Id$
*/
body {
@@ -59,6 +57,7 @@
-moz-box-shadow: 0 0 5px 2px rgba(71,135,177, 0.9);
-webkit-box-shadow: 0 0 5px 2px rgba(71,135,177, 0.9);
-o-box-shadow: 0 0 5px 2px rgba(71,135,177, 0.9);
+ outline: none;
}
input.placeholder,
@@ -66,12 +65,14 @@
color: #aaa;
}
-select.selector {
- padding: 2px 4px;
-}
-
.bold {
font-weight: bold;
+}
+
+/* fixes vertical alignment of checkboxes and labels */
+label input,
+label span {
+ vertical-align: middle;
}
/*** buttons ***/
@@ -269,6 +270,7 @@
padding: 1px 3px;
height: 16px;
vertical-align: middle;
+ margin-bottom: 1px;
}
.pagenav a.button span.inner {
@@ -318,7 +320,7 @@
.pagenav .countdisplay {
display: inline-block;
- padding:0 1em;
+ padding: 3px 1em 0 1em;
text-shadow: 0px 1px 1px #fff;
min-width: 16em;
}
@@ -333,7 +335,7 @@
width: 24px;
height: 18px;
text-decoration: none;
- text-indent: -1000px;
+ text-indent: -5000px;
background: url(images/buttons.png) -1000px 0 no-repeat;
}
@@ -429,6 +431,17 @@
background: url(images/ajaxloader.gif) 2px 6px no-repeat;
}
+#message div a,
+#message div span {
+ padding-right: 0.5em;
+ text-decoration: none;
+}
+
+#message div a:hover {
+ text-decoration: underline;
+ cursor: pointer;
+}
+
#message.statusbar {
position: absolute;
bottom: 0;
@@ -495,15 +508,21 @@
/*** basic page layout ***/
+#header {
+ overflow-x: hidden; /* Chrome bug #1488851 */
+}
+
#topline {
height: 18px;
background: url(images/linen_header.jpg) repeat #666;
border-bottom: 1px solid #4f4f4f;
padding: 2px 0 2px 10px;
color: #aaa;
+ text-align: center;
}
#topnav {
+ position: relative;
height: 46px;
margin-bottom: 10px;
padding: 0 0 0 10px;
@@ -527,6 +546,7 @@
#toplogo {
padding-top: 2px;
+ cursor: pointer;
}
.topleft {
@@ -559,8 +579,156 @@
color: #fff;
}
+#taskbar .button-logout {
+ display: none;
+}
+
+#taskbar a.button-logout span.button-inner {
+ background-position: -2px -1791px;
+}
+
+#taskbar a.button-logout:hover span.button-inner {
+ background-position: -2px -1829px;
+}
+
+
+/*** minimal version of the page header ***/
+
+.minimal #topline {
+ position: fixed;
+ top: -18px;
+ background: #444;
+ z-index: 5000;
+ width: 100%;
+ height: 22px;
+ -moz-box-sizing: border-box;
+ box-sizing: border-box;
+}
+
+.minimal #topline:hover {
+ top: 0px;
+ opacity: 0.94;
+ filter: alpha(opacity=94);
+ -webkit-transition: top 0.3s ease-in-out;
+ -moz-transition: top 0.3s ease-in-out;
+ -o-transition: top 0.3s ease-in-out;
+ transition: top 0.3s ease-in-out;
+}
+
+.extwin #topline,
+.extwin #topline:hover {
+ position: static;
+ top: 0px;
+ height: 18px;
+ width: auto;
+ -moz-box-sizing: content-box;
+ box-sizing: content-box;
+ opacity: 0.999;
+}
+
+.partwin #topline {
+ position: absolute;
+ right: 6px;
+ top: 18px;
+ width: auto;
+ z-index: 100;
+ background: transparent;
+ background: none;
+ border: 0;
+}
+
+.minimal #topline a.button-logout {
+ display: none;
+}
+
+.minimal #topline span.username {
+ display: inline-block;
+ padding-top: 2px;
+}
+
+.minimal #topnav {
+ position: relative;
+ top: 4px;
+ height: 42px;
+}
+
+.minimal #taskbar a {
+ position: relative;
+ padding: 10px 10px 0 6px;
+ height: 32px;
+}
+
+.minimal #taskbar .button-logout {
+ display: inline-block;
+}
+
+.minimal #taskbar .button-inner {
+ top: -4px;
+ padding: 0;
+ height: 24px !important;
+ width: 27px;
+ text-indent: -5000px;
+}
+
+#taskbar .tooltip {
+ display: none;
+}
+
+.minimal #taskbar .tooltip {
+ position: absolute;
+ top: -500px;
+ right: 2px;
+ display: inline-block;
+ padding: 2px 8px 3px 8px;
+ background: #444;
+ background: -moz-linear-gradient(top, #444 0%, #333 100%);
+ background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#444), color-stop(100%,#333));
+ background: -o-linear-gradient(top, #444 0%, #333 100%);
+ background: -ms-linear-gradient(top, #444 0%, #333 100%);
+ background: linear-gradient(top, #444 0%, #333 100%);
+ color: #eee;
+ font-weight: bold;
+ white-space: nowrap;
+ border: 1px solid #777;
+ box-shadow: 0 1px 5px 0 #333;
+ -moz-box-shadow: 0 1px 5px 0 #333;
+ -webkit-box-shadow: 0 1px 5px 0 #333;
+ -o-box-shadow: 0 1px 5px 0 #333;
+ z-index: 200;
+ white-space: nowrap;
+ text-shadow: 0px 1px 1px #000;
+}
+
+.minimal #taskbar .tooltip:after {
+ content: "";
+ position: absolute;
+ top: -4px;
+ right: 15px;
+ border-style: solid;
+ border-width: 0 4px 4px;
+ border-color: #888 transparent;
+ /* reduce the damage in FF3.0 */
+ display: block;
+ width: 0;
+ z-index: 251;
+}
+
+.ie8 .minimal #taskbar .tooltip:after {
+ top: -6px;
+}
+
+.minimal #taskbar a:hover .tooltip {
+ display: block;
+ top: 39px;
+}
+
/*** taskbar ***/
+
+#taskbar {
+ position: relative;
+ padding-right: 18px;
+}
#taskbar a {
display: inline-block;
@@ -619,6 +787,22 @@
background-position: 0 -168px;
}
+#taskbar .minmodetoggle {
+ position: absolute;
+ top: 0;
+ right: 0;
+ display: block;
+ width: 19px;
+ height: 46px;
+ cursor: pointer;
+ background: url(images/buttons.png) -35px -1778px no-repeat;
+}
+
+.minimal #taskbar .minmodetoggle {
+ height: 42px;
+ background-position: -35px -1820px;
+}
+
#mainscreen {
position: absolute;
top: 88px;
@@ -627,8 +811,24 @@
bottom: 20px;
}
+.minimal #mainscreen {
+ top: 62px;
+}
+
+.minimal #mainscreen.offset {
+ top: 102px;
+}
+
+.partwin #mainscreen {
+ top: 60px
+}
+
+.extwin #mainscreen {
+ top: 40px;
+}
+
#mainscreen.offset {
- top: 130px;
+ top: 132px;
}
#mainscreen .offset {
@@ -638,11 +838,21 @@
.uibox {
border: 1px solid #a3a3a3;
border-radius: 4px;
+ overflow: hidden;
box-shadow: 0 0 2px #999;
-o-box-shadow: 0 0 2px #999;
-webkit-box-shadow: 0 0 2px #999;
-moz-box-shadow: 0 0 2px #999;
background: #fff;
+}
+
+.minwidth {
+ position: absolute;
+ top: 0;
+ left: 0;
+ bottom: 0;
+ width: 100%;
+ min-width: 1024px;
}
.scroller {
@@ -667,6 +877,15 @@
background-repeat: no-repeat;
}
+/* fix scrolling within iframes in webkit browsers on touch devices */
+@media screen and (-webkit-min-device-pixel-ratio:0) and (max-device-width:1024px) {
+ .iframebox {
+ overflow: auto;
+ -webkit-overflow-scrolling: touch;
+ }
+}
+
+
/*** lists ***/
.listbox {
@@ -680,7 +899,8 @@
left: 0;
width: 100%;
bottom: 0;
- overflow: auto;
+ overflow-x: hidden;
+ overflow-y: auto;
}
.listbox .scroller.withfooter {
@@ -761,6 +981,7 @@
.listing li.selected > a {
color: #004458;
font-weight: bold;
+ background-color: #c7e3ef;
}
ul.listing {
@@ -774,9 +995,17 @@
background-color: #d9ecf4;
}
+ul.listing li ul {
+ border-top: 1px solid #bbd3da;
+}
+
ul.listing li.droptarget,
table.listing tr.droptarget td {
- background-color: #c7e3ef;
+ background-color: #e8e798;
+}
+
+.listbox table.listing {
+ background-color: #d9ecf4;
}
table.listing,
@@ -788,6 +1017,32 @@
table.layout td {
vertical-align: top;
+}
+
+ul.treelist li {
+ position: relative;
+}
+
+ul.treelist li div.treetoggle {
+ position: absolute;
+ top: 13px;
+ left: 19px;
+ width: 13px;
+ height: 13px;
+ background: url(images/listicons.png) -3px -144px no-repeat;
+ cursor: pointer;
+}
+
+ul.treelist li div.treetoggle.expanded {
+ background-position: -3px -168px;
+}
+
+ul.treelist li.selected > div.collapsed {
+ background-position: -23px -144px;
+}
+
+ul.treelist li.selected > div.expanded {
+ background-position: -23px -168px;
}
.listbox .boxfooter {
@@ -805,6 +1060,10 @@
overflow: hidden;
}
+.uibox .boxfooter {
+ border-radius: 0 0 4px 4px;
+}
+
.boxfooter .listbutton {
display: inline-block;
text-decoration: none;
@@ -815,11 +1074,15 @@
margin-top: 1px;
}
+.uibox .boxfooter .listbutton:first-child {
+ border-radius: 0 0 0 4px;
+}
+
.boxfooter .listbutton .inner {
display: inline-block;
width: 48px;
height: 35px;
- text-indent: -1000px;
+ text-indent: -5000px;
background: url(images/buttons.png) -1000px 0 no-repeat;
}
@@ -850,6 +1113,10 @@
.boxfooter .listbutton.addbcc .inner {
width: 54px;
background-position: 2px -1502px;
+}
+
+.boxfooter .listbutton.removegroup .inner {
+ background-position: 5px -1540px;
}
.boxfooter .listbutton.disabled .inner {
@@ -943,6 +1210,8 @@
background: linear-gradient(left, #e3f2f6 0, #d6eaf3 14px, #d6eaf3 100%);
border-left: 1px solid #bbd3da;
padding: 8px 7px;
+ overflow: hidden;
+ text-overflow: ellipsis;
}
.records-table.sortheader thead td {
@@ -955,6 +1224,8 @@
padding: 7px 7px;
color: #69939e;
text-decoration: none;
+ overflow: hidden;
+ text-overflow: ellipsis;
}
.records-table tbody td {
@@ -990,7 +1261,7 @@
.records-table tr.unfocused td {
color: #fff !important;
- background: #4db0d2;
+ background: #4db0d2 !important;
}
.records-table tr.unfocused td a,
@@ -1018,8 +1289,12 @@
margin: 38px 0 10px 0;
}
-body.iframe.footerbuttons {
- margin-bottom: 42px;
+body.iframe.error {
+ background: #ededed;
+}
+
+body.iframe.floatingbuttons {
+ margin-bottom: 40px;
}
body.iframe.fullheight {
@@ -1046,14 +1321,27 @@
z-index: 100;
}
-body.iframe .footerbuttons {
+body.iframe .footerleft.floating,
+#composeview-bottom .formbuttons.floating {
position: fixed;
left: 0;
bottom: 0;
width: 100%;
z-index: 110;
background: #fff;
- padding: 8px;
+ padding-top: 8px;
+ padding-bottom: 12px;
+}
+
+body.iframe .footerleft.floating:before,
+#composeview-bottom .formbuttons.floating:before {
+ content: " ";
+ position: absolute;
+ top: -6px;
+ left: 0;
+ width: 100%;
+ height: 6px;
+ background: url(images/overflowshadow.png) top center no-repeat;
}
.boxcontent {
@@ -1069,8 +1357,16 @@
overflow: auto;
}
+.iframebox {
+ position: absolute;
+ top: 0;
+ left: 0;
+ right: 0;
+ bottom: 28px;
+}
+
.footerleft {
- padding: 0 12px;
+ padding: 0 12px 4px 12px;
}
.propform fieldset {
@@ -1170,13 +1466,22 @@
padding-top: 10px;
}
+#login-form .noscriptwarning {
+ margin: 0 auto;
+ width: 430px;
+ color: #cf2734;
+ font-size: 110%;
+ font-weight: bold;
+}
+
#login-form td.input {
+ width: 80%;
padding: 8px;
}
#login-form input[type="text"],
#login-form input[type="password"] {
- width: 24em;
+ width: 100%;
border-color: #666;
}
@@ -1213,7 +1518,13 @@
background: linear-gradient(top, #dcdcdc 0%, #f9f9f9 100%);
}
+#login-form form table {
+ width: 98%;
+}
+
#login-form td.title {
+ width: 20%;
+ white-space: nowrap;
color: #cecece;
text-shadow: 0px 1px 1px black;
text-align: right;
@@ -1232,12 +1543,12 @@
#login-form #message {
min-height: 40px;
padding: 5px 25px;
+ text-align: center;
}
#login-form #message div {
- display: block;
- width: 200px;
- margin: 0 auto;
+ display: inline-block;
+ padding-right: 0;
}
#bottomline {
@@ -1250,33 +1561,52 @@
/*** quicksearch **/
-#quicksearchbar {
- width: 100%;
+.searchbox {
+ position: relative;
}
+#quicksearchbar {
+ position: absolute;
+ right: 1px;
+ top: 2px;
+ width: 240px;
+}
+
+.searchbox input,
#quicksearchbar input {
width: 176px;
margin: 0;
- padding: 5px 26px 5px 38px;
+ padding: 3px 30px 3px 34px;
+ height: 18px;
background: #f1f1f1;
- border-color: #a3a3a3;
+ border-color: #ababab;
font-weight: bold;
+ font-size: 11px;
}
+.searchbox #searchmenulink,
#quicksearchbar #searchmenulink {
position: absolute;
top: 5px;
- left: 8px;
+ left: 6px;
}
+.searchbox #searchreset,
#quicksearchbar #searchreset {
position: absolute;
top: 4px;
- right: 3px;
+ right: 1px;
}
/*** toolbar ***/
+
+.toolbar .spacer {
+ display: inline-block;
+ width: 24px;
+ height: 40px;
+ padding: 0;
+}
.toolbar a.button {
text-align: center;
@@ -1296,6 +1626,7 @@
-o-box-shadow: none;
background: url(images/buttons.png) -100px 0 no-repeat transparent;
border: 0;
+ border-radius: 0;
}
.toolbar a.button.disabled {
@@ -1394,7 +1725,13 @@
}
.toolbar a.button.spellcheck {
- background-position: center -930px;
+ min-width: 64px;
+ background-position: left -930px;
+}
+
+.toolbar a.button.spellcheck.selected {
+ background-position: left -1620px;
+ color: #1978a1;
}
.toolbar a.button.insertsig {
@@ -1413,6 +1750,19 @@
background-position: center -1054px;
}
+.toolbar a.button.send {
+ background-position: center -1660px;
+}
+
+.toolbar a.button.savedraft {
+ background-position: center -1700px;
+}
+
+.toolbar a.button.close {
+ background-position: 0 -1745px;
+}
+
+
a.menuselector {
display: inline-block;
border: 1px solid #ababab;
@@ -1425,12 +1775,15 @@
background: linear-gradient(top, #f8f8f8 0%, #dddddd 100%);
text-decoration: none;
color: #333;
+ cursor: pointer;
+ white-space: nowrap;
}
a.menuselector .handle {
display: inline-block;
- padding: 3px 32px 0 8px;
- min-height: 18px;
+ padding: 0 32px 0 6px;
+ height: 20px;
+ line-height: 19px;
text-shadow: 0px 1px 1px #fff;
background: url(images/selector.png) right center no-repeat;
border-radius: 4px;
@@ -1446,6 +1799,44 @@
text-decoration: none;
}
+select.decorated {
+ position: relative;
+ z-index: 10;
+ opacity: 0;
+ height: 22px;
+ cursor: pointer;
+ filter: alpha(opacity=0);
+ -khtml-appearance: none;
+ -webkit-appearance: none;
+}
+
+html.opera select.decorated {
+ opacity: 1;
+}
+
+select.decorated option {
+ color: #fff;
+ background: #444;
+ border: 0;
+ border-top: 1px solid #5a5a5a;
+ border-bottom: 1px solid #333;
+ text-shadow: 0px 1px 1px #333;
+ padding: 4px 6px;
+ outline: none;
+}
+
+
+/*** quota indicator ***/
+
+#quotadisplay {
+ left: 6px;
+ font-size: 12px;
+ font-weight: bold;
+ text-shadow: 0px 1px 1px #fff;
+ padding-left: 30px;
+ height: 18px;
+ background: url(images/quota.png) -100px 0 no-repeat;
+}
/*** popup menus ***/
@@ -1490,12 +1881,14 @@
}
.googie_list tr:first-child td,
-ul.toolbarmenu li:first-child {
+ul.toolbarmenu li:first-child,
+select.decorated option:first-child {
border-top: 0;
}
.googie_list tr:last-child td,
-ul.toolbarmenu li:last-child {
+ul.toolbarmenu li:last-child,
+select.decorated option:last-child {
border-bottom: 0;
}
@@ -1521,7 +1914,9 @@
.googie_list td.googie_list_onhover,
ul.toolbarmenu li a.active:hover,
-#rcmKSearchpane ul li.selected {
+#rcmKSearchpane ul li.selected,
+select.decorated option:hover,
+select.decorated option[selected='selected'] {
background-color: #00aad6;
background: -moz-linear-gradient(top, #00aad6 0%, #008fc9 100%);
background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#00aad6), color-stop(100%,#008fc9));
@@ -1530,8 +1925,13 @@
background: linear-gradient(top, #00aad6 0%, #008fc9 100%);
}
-ul.toolbarmenu.iconized li a {
+ul.toolbarmenu.iconized li a,
+ul.toolbarmenu.selectable li a {
padding-left: 30px;
+}
+
+ul.toolbarmenu.selectable li a.selected {
+ background: url(images/messages.png) 4px -27px no-repeat;
}
ul.toolbarmenu li label {
@@ -1630,6 +2030,7 @@
min-height: 14px;
padding: 6px 10px 6px 10px;
border: 0;
+ cursor: default;
}
.popupdialog {
@@ -1744,6 +2145,7 @@
}
.attachmentslist li.doc,
+.attachmentslist li.docx,
.attachmentslist li.msword {
background-position: 0 -52px;
}
@@ -1753,6 +2155,7 @@
}
.attachmentslist li.xls,
+.attachmentslist li.xlsx,
.attachmentslist li.msexcel {
background-position: 0 -104px;
}
@@ -1796,9 +2199,33 @@
background-position: 0 -338px;
}
+.attachmentslist li.txt,
+.attachmentslist li.text {
+ background-position: 0 -416px;
+}
+
.attachmentslist li.ics,
.attachmentslist li.calendar {
background-position: 0 -364px;
+}
+
+.attachmentslist li.vcard {
+ background-position: 0 -390px;
+}
+
+.attachmentslist li.sig,
+.attachmentslist li.pgp-signature,
+.attachmentslist li.pkcs7-signature {
+ background-position: 0 -442px;
+}
+
+.attachmentslist li.html {
+ background-position: 0 -468px;
+}
+
+.attachmentslist li.eml,
+.attachmentslist li.rfc822 {
+ background-position: 0 -494px;
}
.attachmentslist li a,
@@ -1810,6 +2237,12 @@
text-shadow: 0px 1px 1px #fff;
text-decoration: none;
white-space: nowrap;
+ overflow: hidden;
+ text-overflow: ellipsis;
+}
+
+#compose-attachments ul li {
+ padding-right: 28px;
}
.attachmentslist li a:hover {
@@ -1829,7 +2262,7 @@
height: 18px;
padding: 0;
text-decoration: none;
- text-indent: -1000px;
+ text-indent: -5000px;
background: url(images/buttons.png) -7px -337px no-repeat;
}
@@ -1844,6 +2277,11 @@
margin-bottom: 12px;
padding-top: 15px;
height: 27px;
+ white-space: nowrap;
+}
+
+.ui-dialog-content .tabsbar {
+ margin-bottom: 0;
}
.tabsbar .tablink {
@@ -1890,5 +2328,3 @@
padding: 0;
margin-left: 0;
}
-
-
--
Gitblit v1.9.1