From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 skins/larry/templates/contactedit.html |    8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/skins/larry/templates/contactedit.html b/skins/larry/templates/contactedit.html
index 562e6d2..f849366 100644
--- a/skins/larry/templates/contactedit.html
+++ b/skins/larry/templates/contactedit.html
@@ -18,11 +18,15 @@
 
 	<div id="contactphoto">
 		<roundcube:object name="contactphoto" id="contactpic" placeholder="/images/contactpic.png" />
+		<roundcube:if condition="env:photocol" />
+		<roundcube:object name="fileDropArea" id="contactpic" />
 		<div class="formlinks">
 			<roundcube:button command="upload-photo" id="uploadformlink" type="link" label="replacephoto" class="iconlink upload disabled" classAct="iconlink upload active" onclick="UI.show_uploadform();return false" condition="env:photocol" /><br/>
 			<roundcube:button command="delete-photo" type="link" label="delete" class="iconlink delete disabled" classAct="iconlink delete active" condition="env:photocol" />
 		</div>
+		<roundcube:endif />
 	</div>
+
 	<roundcube:object name="contactedithead" id="contacthead" size="16" form="editform" />
 	<br style="clear:both" />
 
@@ -32,13 +36,13 @@
 
 </form>
 
-<div id="headerbuttons" class="formbuttons">
+<div class="footerleft formbuttons">
 	<roundcube:button command="save" type="input" class="button mainaction" label="save" />
 	<roundcube:button command="show" type="input" class="button" label="cancel" condition="env:action=='edit'" />
 	<roundcube:button name="cancel" type="input" class="button" label="cancel" onclick="history.back()" condition="env:action=='add'" />
 </div>
 
-<div id="upload-dialog" class="propform popupdialog">
+<div id="upload-dialog" class="propform popupdialog" title="<roundcube:label name='uploadphoto' />">
 	<roundcube:object name="photoUploadForm" id="upload-form" size="30" buttons="no" />
 	<div class="formbuttons">
 		<roundcube:button command="upload-photo" type="input" class="button mainaction" label="upload" />

--
Gitblit v1.9.1