From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 skins/larry/styles.css |  134 ++++++++++++++++++++++++++++++++++++++------
 1 files changed, 115 insertions(+), 19 deletions(-)

diff --git a/skins/larry/styles.css b/skins/larry/styles.css
index cd6810e..39f01f7 100644
--- a/skins/larry/styles.css
+++ b/skins/larry/styles.css
@@ -8,8 +8,6 @@
  * License. It is allowed to copy, distribute, transmit and to adapt the work
  * by keeping credits to the original autors in the README file.
  * See http://creativecommons.org/licenses/by-sa/3.0/ for details.
- *
- * $Id$
  */
 
 body {
@@ -69,6 +67,12 @@
 
 .bold {
 	font-weight: bold;
+}
+
+/* fixes vertical alignment of checkboxes and labels */
+label input,
+label span {
+	vertical-align: middle;
 }
 
 /*** buttons ***/
@@ -504,6 +508,10 @@
 
 /*** basic page layout ***/
 
+#header {
+	overflow-x: hidden; /* Chrome bug #1488851 */
+}
+
 #topline {
 	height: 18px;
 	background: url(images/linen_header.jpg) repeat #666;
@@ -514,6 +522,7 @@
 }
 
 #topnav {
+	position: relative;
 	height: 46px;
 	margin-bottom: 10px;
 	padding: 0 0 0 10px;
@@ -606,6 +615,28 @@
 	transition: top 0.3s ease-in-out;
 }
 
+.extwin #topline,
+.extwin #topline:hover {
+	position: static;
+	top: 0px;
+	height: 18px;
+	width: auto;
+	-moz-box-sizing: content-box;
+	box-sizing: content-box;
+	opacity: 0.999;
+}
+
+.partwin #topline {
+	position: absolute;
+	right: 6px;
+	top: 18px;
+	width: auto;
+	z-index: 100;
+	background: transparent;
+	background: none;
+	border: 0;
+}
+
 .minimal #topline a.button-logout {
 	display: none;
 }
@@ -619,10 +650,6 @@
 	position: relative;
 	top: 4px;
 	height: 42px;
-}
-
-.minimal #taskbar {
-	height: ;
 }
 
 .minimal #taskbar a {
@@ -784,6 +811,18 @@
 	bottom: 20px;
 }
 
+.minimal #mainscreen {
+	top: 62px;
+}
+
+.minimal #mainscreen.offset {
+	top: 102px;
+}
+
+.partwin #mainscreen {
+	top: 60px
+}
+
 .extwin #mainscreen {
 	top: 40px;
 }
@@ -794,14 +833,6 @@
 
 #mainscreen .offset {
 	margin-top: 42px;
-}
-
-.minimal #mainscreen {
-	top: 62px;
-}
-
-.minimal #mainscreen.offset {
-	top: 102px;
 }
 
 .uibox {
@@ -845,6 +876,15 @@
 	background-position: center;
 	background-repeat: no-repeat;
 }
+
+/* fix scrolling within iframes in webkit browsers on touch devices */
+@media screen and (-webkit-min-device-pixel-ratio:0) and (max-device-width:1024px) {
+	.iframebox {
+		overflow: auto;
+		-webkit-overflow-scrolling: touch;
+	}
+}
+
 
 /*** lists ***/
 
@@ -955,9 +995,17 @@
 	background-color: #d9ecf4;
 }
 
+ul.listing li ul {
+	border-top: 1px solid #bbd3da;
+}
+
 ul.listing li.droptarget,
 table.listing tr.droptarget td {
 	background-color: #e8e798;
+}
+
+.listbox table.listing {
+	background-color: #d9ecf4;
 }
 
 table.listing,
@@ -969,6 +1017,32 @@
 
 table.layout td {
 	vertical-align: top;
+}
+
+ul.treelist li {
+	position: relative;
+}
+
+ul.treelist li div.treetoggle {
+	position: absolute;
+	top: 13px;
+	left: 19px;
+	width: 13px;
+	height: 13px;
+	background: url(images/listicons.png) -3px -144px no-repeat;
+	cursor: pointer;
+}
+
+ul.treelist li div.treetoggle.expanded {
+	background-position: -3px -168px;
+}
+
+ul.treelist li.selected > div.collapsed {
+	background-position: -23px -144px;
+}
+
+ul.treelist li.selected > div.expanded {
+	background-position: -23px -168px;
 }
 
 .listbox .boxfooter {
@@ -1213,6 +1287,10 @@
 body.iframe {
 	background: #fff;
 	margin: 38px 0 10px 0;
+}
+
+body.iframe.error {
+	background: #ededed;
 }
 
 body.iframe.floatingbuttons {
@@ -1483,17 +1561,21 @@
 
 /*** quicksearch **/
 
+.searchbox {
+	position: relative;
+}
+
 #quicksearchbar {
 	position: absolute;
 	right: 1px;
-	top: 0;
+	top: 2px;
 	width: 240px;
 }
 
+.searchbox input,
 #quicksearchbar input {
 	width: 176px;
 	margin: 0;
-	margin-top: 7px;
 	padding: 3px 30px 3px 34px;
 	height: 18px;
 	background: #f1f1f1;
@@ -1502,15 +1584,17 @@
 	font-size: 11px;
 }
 
+.searchbox #searchmenulink,
 #quicksearchbar #searchmenulink {
 	position: absolute;
-	top: 12px;
+	top: 5px;
 	left: 6px;
 }
 
+.searchbox #searchreset,
 #quicksearchbar #searchreset {
 	position: absolute;
-	top: 11px;
+	top: 4px;
 	right: 1px;
 }
 
@@ -1542,6 +1626,7 @@
 	-o-box-shadow: none;
 	background: url(images/buttons.png) -100px 0 no-repeat transparent;
 	border: 0;
+	border-radius: 0;
 }
 
 .toolbar a.button.disabled {
@@ -2128,10 +2213,21 @@
 	background-position: 0 -390px;
 }
 
-.attachmentslist li.html {
+.attachmentslist li.sig,
+.attachmentslist li.pgp-signature,
+.attachmentslist li.pkcs7-signature {
 	background-position: 0 -442px;
 }
 
+.attachmentslist li.html {
+	background-position: 0 -468px;
+}
+
+.attachmentslist li.eml,
+.attachmentslist li.rfc822 {
+	background-position: 0 -494px;
+}
+
 .attachmentslist li a,
 #compose-attachments ul li {
 	display: block;

--
Gitblit v1.9.1