From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001 From: Aleksander Machniak <alec@alec.pl> Date: Tue, 22 Oct 2013 08:17:26 -0400 Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382) --- skins/larry/templates/login.html | 22 ++++++++++++++++++++-- 1 files changed, 20 insertions(+), 2 deletions(-) diff --git a/skins/larry/templates/login.html b/skins/larry/templates/login.html index 745bfef..a605eb7 100644 --- a/skins/larry/templates/login.html +++ b/skins/larry/templates/login.html @@ -14,17 +14,20 @@ <form name="form" action="./" method="post"> <roundcube:object name="loginform" form="form" size="40" /> -<p class="buttons"><input type="submit" class="button mainaction" value="<roundcube:label name='login' />" /></p> +<p class="formbuttons"><input type="submit" class="button mainaction" value="<roundcube:label name='login' />" /></p> </form> </div> <div class="box-bottom"> <roundcube:object name="message" id="message" /> + <noscript> + <p class="noscriptwarning"><roundcube:label name="noscriptwarning" /></p> + </noscript> </div> <div id="bottomline"> - Roundcube Webmail <roundcube:object name="version" /> + <roundcube:var name="config:product_name"> <roundcube:object name="version" condition="config:display_version" /> <roundcube:if condition="config:support_url" /> ● <a href="<roundcube:var name='config:support_url' />" target="_blank" class="support-link"><roundcube:label name="support" /></a> <roundcube:endif /> @@ -32,5 +35,20 @@ </div> </div> +<roundcube:include file="/includes/footer.html" /> + +<roundcube:object name="preloader" images=" + /images/ajaxloader.gif + /images/buttons.png + /images/addcontact.png + /images/filetypes.png + /images/listicons.png + /images/messages.png + /images/quota.png + /images/selector.png + /images/splitter.png + /images/watermark.jpg +" /> + </body> </html> -- Gitblit v1.9.1