From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
skins/larry/styles.css | 410 ++++++++++++++++++++++++++++++++++++++++++++++++++++------
1 files changed, 368 insertions(+), 42 deletions(-)
diff --git a/skins/larry/styles.css b/skins/larry/styles.css
index 908642c..39f01f7 100644
--- a/skins/larry/styles.css
+++ b/skins/larry/styles.css
@@ -8,8 +8,6 @@
* License. It is allowed to copy, distribute, transmit and to adapt the work
* by keeping credits to the original autors in the README file.
* See http://creativecommons.org/licenses/by-sa/3.0/ for details.
- *
- * $Id$
*/
body {
@@ -69,6 +67,12 @@
.bold {
font-weight: bold;
+}
+
+/* fixes vertical alignment of checkboxes and labels */
+label input,
+label span {
+ vertical-align: middle;
}
/*** buttons ***/
@@ -266,6 +270,7 @@
padding: 1px 3px;
height: 16px;
vertical-align: middle;
+ margin-bottom: 1px;
}
.pagenav a.button span.inner {
@@ -315,7 +320,7 @@
.pagenav .countdisplay {
display: inline-block;
- padding:0 1em;
+ padding: 3px 1em 0 1em;
text-shadow: 0px 1px 1px #fff;
min-width: 16em;
}
@@ -330,7 +335,7 @@
width: 24px;
height: 18px;
text-decoration: none;
- text-indent: -1000px;
+ text-indent: -5000px;
background: url(images/buttons.png) -1000px 0 no-repeat;
}
@@ -503,15 +508,21 @@
/*** basic page layout ***/
+#header {
+ overflow-x: hidden; /* Chrome bug #1488851 */
+}
+
#topline {
height: 18px;
background: url(images/linen_header.jpg) repeat #666;
border-bottom: 1px solid #4f4f4f;
padding: 2px 0 2px 10px;
color: #aaa;
+ text-align: center;
}
#topnav {
+ position: relative;
height: 46px;
margin-bottom: 10px;
padding: 0 0 0 10px;
@@ -535,6 +546,7 @@
#toplogo {
padding-top: 2px;
+ cursor: pointer;
}
.topleft {
@@ -567,8 +579,156 @@
color: #fff;
}
+#taskbar .button-logout {
+ display: none;
+}
+
+#taskbar a.button-logout span.button-inner {
+ background-position: -2px -1791px;
+}
+
+#taskbar a.button-logout:hover span.button-inner {
+ background-position: -2px -1829px;
+}
+
+
+/*** minimal version of the page header ***/
+
+.minimal #topline {
+ position: fixed;
+ top: -18px;
+ background: #444;
+ z-index: 5000;
+ width: 100%;
+ height: 22px;
+ -moz-box-sizing: border-box;
+ box-sizing: border-box;
+}
+
+.minimal #topline:hover {
+ top: 0px;
+ opacity: 0.94;
+ filter: alpha(opacity=94);
+ -webkit-transition: top 0.3s ease-in-out;
+ -moz-transition: top 0.3s ease-in-out;
+ -o-transition: top 0.3s ease-in-out;
+ transition: top 0.3s ease-in-out;
+}
+
+.extwin #topline,
+.extwin #topline:hover {
+ position: static;
+ top: 0px;
+ height: 18px;
+ width: auto;
+ -moz-box-sizing: content-box;
+ box-sizing: content-box;
+ opacity: 0.999;
+}
+
+.partwin #topline {
+ position: absolute;
+ right: 6px;
+ top: 18px;
+ width: auto;
+ z-index: 100;
+ background: transparent;
+ background: none;
+ border: 0;
+}
+
+.minimal #topline a.button-logout {
+ display: none;
+}
+
+.minimal #topline span.username {
+ display: inline-block;
+ padding-top: 2px;
+}
+
+.minimal #topnav {
+ position: relative;
+ top: 4px;
+ height: 42px;
+}
+
+.minimal #taskbar a {
+ position: relative;
+ padding: 10px 10px 0 6px;
+ height: 32px;
+}
+
+.minimal #taskbar .button-logout {
+ display: inline-block;
+}
+
+.minimal #taskbar .button-inner {
+ top: -4px;
+ padding: 0;
+ height: 24px !important;
+ width: 27px;
+ text-indent: -5000px;
+}
+
+#taskbar .tooltip {
+ display: none;
+}
+
+.minimal #taskbar .tooltip {
+ position: absolute;
+ top: -500px;
+ right: 2px;
+ display: inline-block;
+ padding: 2px 8px 3px 8px;
+ background: #444;
+ background: -moz-linear-gradient(top, #444 0%, #333 100%);
+ background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#444), color-stop(100%,#333));
+ background: -o-linear-gradient(top, #444 0%, #333 100%);
+ background: -ms-linear-gradient(top, #444 0%, #333 100%);
+ background: linear-gradient(top, #444 0%, #333 100%);
+ color: #eee;
+ font-weight: bold;
+ white-space: nowrap;
+ border: 1px solid #777;
+ box-shadow: 0 1px 5px 0 #333;
+ -moz-box-shadow: 0 1px 5px 0 #333;
+ -webkit-box-shadow: 0 1px 5px 0 #333;
+ -o-box-shadow: 0 1px 5px 0 #333;
+ z-index: 200;
+ white-space: nowrap;
+ text-shadow: 0px 1px 1px #000;
+}
+
+.minimal #taskbar .tooltip:after {
+ content: "";
+ position: absolute;
+ top: -4px;
+ right: 15px;
+ border-style: solid;
+ border-width: 0 4px 4px;
+ border-color: #888 transparent;
+ /* reduce the damage in FF3.0 */
+ display: block;
+ width: 0;
+ z-index: 251;
+}
+
+.ie8 .minimal #taskbar .tooltip:after {
+ top: -6px;
+}
+
+.minimal #taskbar a:hover .tooltip {
+ display: block;
+ top: 39px;
+}
+
/*** taskbar ***/
+
+#taskbar {
+ position: relative;
+ padding-right: 18px;
+}
#taskbar a {
display: inline-block;
@@ -627,6 +787,22 @@
background-position: 0 -168px;
}
+#taskbar .minmodetoggle {
+ position: absolute;
+ top: 0;
+ right: 0;
+ display: block;
+ width: 19px;
+ height: 46px;
+ cursor: pointer;
+ background: url(images/buttons.png) -35px -1778px no-repeat;
+}
+
+.minimal #taskbar .minmodetoggle {
+ height: 42px;
+ background-position: -35px -1820px;
+}
+
#mainscreen {
position: absolute;
top: 88px;
@@ -635,8 +811,24 @@
bottom: 20px;
}
+.minimal #mainscreen {
+ top: 62px;
+}
+
+.minimal #mainscreen.offset {
+ top: 102px;
+}
+
+.partwin #mainscreen {
+ top: 60px
+}
+
+.extwin #mainscreen {
+ top: 40px;
+}
+
#mainscreen.offset {
- top: 130px;
+ top: 132px;
}
#mainscreen .offset {
@@ -646,11 +838,21 @@
.uibox {
border: 1px solid #a3a3a3;
border-radius: 4px;
+ overflow: hidden;
box-shadow: 0 0 2px #999;
-o-box-shadow: 0 0 2px #999;
-webkit-box-shadow: 0 0 2px #999;
-moz-box-shadow: 0 0 2px #999;
background: #fff;
+}
+
+.minwidth {
+ position: absolute;
+ top: 0;
+ left: 0;
+ bottom: 0;
+ width: 100%;
+ min-width: 1024px;
}
.scroller {
@@ -675,6 +877,15 @@
background-repeat: no-repeat;
}
+/* fix scrolling within iframes in webkit browsers on touch devices */
+@media screen and (-webkit-min-device-pixel-ratio:0) and (max-device-width:1024px) {
+ .iframebox {
+ overflow: auto;
+ -webkit-overflow-scrolling: touch;
+ }
+}
+
+
/*** lists ***/
.listbox {
@@ -688,7 +899,8 @@
left: 0;
width: 100%;
bottom: 0;
- overflow: auto;
+ overflow-x: hidden;
+ overflow-y: auto;
}
.listbox .scroller.withfooter {
@@ -769,6 +981,7 @@
.listing li.selected > a {
color: #004458;
font-weight: bold;
+ background-color: #c7e3ef;
}
ul.listing {
@@ -782,9 +995,17 @@
background-color: #d9ecf4;
}
+ul.listing li ul {
+ border-top: 1px solid #bbd3da;
+}
+
ul.listing li.droptarget,
table.listing tr.droptarget td {
- background-color: #c7e3ef;
+ background-color: #e8e798;
+}
+
+.listbox table.listing {
+ background-color: #d9ecf4;
}
table.listing,
@@ -796,6 +1017,32 @@
table.layout td {
vertical-align: top;
+}
+
+ul.treelist li {
+ position: relative;
+}
+
+ul.treelist li div.treetoggle {
+ position: absolute;
+ top: 13px;
+ left: 19px;
+ width: 13px;
+ height: 13px;
+ background: url(images/listicons.png) -3px -144px no-repeat;
+ cursor: pointer;
+}
+
+ul.treelist li div.treetoggle.expanded {
+ background-position: -3px -168px;
+}
+
+ul.treelist li.selected > div.collapsed {
+ background-position: -23px -144px;
+}
+
+ul.treelist li.selected > div.expanded {
+ background-position: -23px -168px;
}
.listbox .boxfooter {
@@ -813,6 +1060,10 @@
overflow: hidden;
}
+.uibox .boxfooter {
+ border-radius: 0 0 4px 4px;
+}
+
.boxfooter .listbutton {
display: inline-block;
text-decoration: none;
@@ -823,11 +1074,15 @@
margin-top: 1px;
}
+.uibox .boxfooter .listbutton:first-child {
+ border-radius: 0 0 0 4px;
+}
+
.boxfooter .listbutton .inner {
display: inline-block;
width: 48px;
height: 35px;
- text-indent: -1000px;
+ text-indent: -5000px;
background: url(images/buttons.png) -1000px 0 no-repeat;
}
@@ -1034,8 +1289,12 @@
margin: 38px 0 10px 0;
}
-body.iframe.footerbuttons {
- margin-bottom: 42px;
+body.iframe.error {
+ background: #ededed;
+}
+
+body.iframe.floatingbuttons {
+ margin-bottom: 40px;
}
body.iframe.fullheight {
@@ -1062,14 +1321,27 @@
z-index: 100;
}
-body.iframe .footerbuttons {
+body.iframe .footerleft.floating,
+#composeview-bottom .formbuttons.floating {
position: fixed;
left: 0;
bottom: 0;
width: 100%;
z-index: 110;
background: #fff;
- padding: 8px;
+ padding-top: 8px;
+ padding-bottom: 12px;
+}
+
+body.iframe .footerleft.floating:before,
+#composeview-bottom .formbuttons.floating:before {
+ content: " ";
+ position: absolute;
+ top: -6px;
+ left: 0;
+ width: 100%;
+ height: 6px;
+ background: url(images/overflowshadow.png) top center no-repeat;
}
.boxcontent {
@@ -1085,8 +1357,16 @@
overflow: auto;
}
+.iframebox {
+ position: absolute;
+ top: 0;
+ left: 0;
+ right: 0;
+ bottom: 28px;
+}
+
.footerleft {
- padding: 0 12px 10px 12px;
+ padding: 0 12px 4px 12px;
}
.propform fieldset {
@@ -1186,6 +1466,14 @@
padding-top: 10px;
}
+#login-form .noscriptwarning {
+ margin: 0 auto;
+ width: 430px;
+ color: #cf2734;
+ font-size: 110%;
+ font-weight: bold;
+}
+
#login-form td.input {
width: 80%;
padding: 8px;
@@ -1273,26 +1561,37 @@
/*** quicksearch **/
-#quicksearchbar {
- width: 100%;
+.searchbox {
+ position: relative;
}
+#quicksearchbar {
+ position: absolute;
+ right: 1px;
+ top: 2px;
+ width: 240px;
+}
+
+.searchbox input,
#quicksearchbar input {
width: 176px;
margin: 0;
- padding: 5px 26px 2px 38px;
+ padding: 3px 30px 3px 34px;
height: 18px;
background: #f1f1f1;
- border-color: #a3a3a3;
+ border-color: #ababab;
font-weight: bold;
+ font-size: 11px;
}
+.searchbox #searchmenulink,
#quicksearchbar #searchmenulink {
position: absolute;
top: 5px;
- left: 8px;
+ left: 6px;
}
+.searchbox #searchreset,
#quicksearchbar #searchreset {
position: absolute;
top: 4px;
@@ -1301,6 +1600,13 @@
/*** toolbar ***/
+
+.toolbar .spacer {
+ display: inline-block;
+ width: 24px;
+ height: 40px;
+ padding: 0;
+}
.toolbar a.button {
text-align: center;
@@ -1320,6 +1626,7 @@
-o-box-shadow: none;
background: url(images/buttons.png) -100px 0 no-repeat transparent;
border: 0;
+ border-radius: 0;
}
.toolbar a.button.disabled {
@@ -1423,7 +1730,7 @@
}
.toolbar a.button.spellcheck.selected {
- background-position: left -1580px;
+ background-position: left -1620px;
color: #1978a1;
}
@@ -1443,6 +1750,19 @@
background-position: center -1054px;
}
+.toolbar a.button.send {
+ background-position: center -1660px;
+}
+
+.toolbar a.button.savedraft {
+ background-position: center -1700px;
+}
+
+.toolbar a.button.close {
+ background-position: 0 -1745px;
+}
+
+
a.menuselector {
display: inline-block;
border: 1px solid #ababab;
@@ -1455,12 +1775,15 @@
background: linear-gradient(top, #f8f8f8 0%, #dddddd 100%);
text-decoration: none;
color: #333;
+ cursor: pointer;
+ white-space: nowrap;
}
a.menuselector .handle {
display: inline-block;
- padding: 3px 32px 0 8px;
- min-height: 18px;
+ padding: 0 32px 0 6px;
+ height: 20px;
+ line-height: 19px;
text-shadow: 0px 1px 1px #fff;
background: url(images/selector.png) right center no-repeat;
border-radius: 4px;
@@ -1476,18 +1799,6 @@
text-decoration: none;
}
-a.dropdownselector {
- position: absolute;
- padding: 1px 0;
- z-index: 1;
-}
-
-a.dropdownselector .handle {
- margin: -1px 0;
- padding-top: 5px;
- min-height: 20px;
-}
-
select.decorated {
position: relative;
z-index: 10;
@@ -1501,7 +1812,6 @@
html.opera select.decorated {
opacity: 1;
- height: auto;
}
select.decorated option {
@@ -1511,7 +1821,7 @@
border-top: 1px solid #5a5a5a;
border-bottom: 1px solid #333;
text-shadow: 0px 1px 1px #333;
- padding: 6px 10px;
+ padding: 4px 6px;
outline: none;
}
@@ -1889,22 +2199,33 @@
background-position: 0 -338px;
}
-.attachmentslist li.ics,
-.attachmentslist li.calendar {
- background-position: 0 -364px;
-}
-
.attachmentslist li.txt,
.attachmentslist li.text {
background-position: 0 -416px;
+}
+
+.attachmentslist li.ics,
+.attachmentslist li.calendar {
+ background-position: 0 -364px;
}
.attachmentslist li.vcard {
background-position: 0 -390px;
}
-.attachmentslist li.html {
+.attachmentslist li.sig,
+.attachmentslist li.pgp-signature,
+.attachmentslist li.pkcs7-signature {
background-position: 0 -442px;
+}
+
+.attachmentslist li.html {
+ background-position: 0 -468px;
+}
+
+.attachmentslist li.eml,
+.attachmentslist li.rfc822 {
+ background-position: 0 -494px;
}
.attachmentslist li a,
@@ -1941,7 +2262,7 @@
height: 18px;
padding: 0;
text-decoration: none;
- text-indent: -1000px;
+ text-indent: -5000px;
background: url(images/buttons.png) -7px -337px no-repeat;
}
@@ -1956,6 +2277,11 @@
margin-bottom: 12px;
padding-top: 15px;
height: 27px;
+ white-space: nowrap;
+}
+
+.ui-dialog-content .tabsbar {
+ margin-bottom: 0;
}
.tabsbar .tablink {
--
Gitblit v1.9.1