From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 skins/larry/templates/mail.html |   71 +++++++++++++++++------------------
 1 files changed, 35 insertions(+), 36 deletions(-)

diff --git a/skins/larry/templates/mail.html b/skins/larry/templates/mail.html
index f6b53f2..2e1ec68 100644
--- a/skins/larry/templates/mail.html
+++ b/skins/larry/templates/mail.html
@@ -21,8 +21,6 @@
 <!-- toolbar -->
 <div id="messagetoolbar" class="toolbar">
 	<roundcube:button command="checkmail" type="link" class="button checkmail disabled" classAct="button checkmail" classSel="button checkmail pressed" label="refresh" title="checkmail" />
-	<roundcube:button command="compose" type="link" class="button compose disabled" classAct="button compose" classSel="button compose pressed" label="compose" title="writenewmessage" />
-	<span class="spacer"></span>
 	<roundcube:include file="/includes/mailtoolbar.html" />
 </div>
 
@@ -32,7 +30,7 @@
 <div id="folderlist-header"></div>
 <div id="mailboxcontainer" class="uibox listbox">
 <div id="folderlist-content" class="scroller withfooter">
-<roundcube:object name="mailboxlist" id="mailboxlist" class="listing" folder_filter="mail" unreadwrap="%s" />
+<roundcube:object name="mailboxlist" id="mailboxlist" class="treelist listing" folder_filter="mail" unreadwrap="%s" />
 </div>
 <div id="folderlist-footer" class="boxfooter">
 	<roundcube:button name="mailboxmenulink" id="mailboxmenulink" type="link" title="folderactions" class="listbutton groupactions" onclick="UI.show_popup('mailboxmenu');return false" innerClass="inner" content="&#9881;" />
@@ -46,10 +44,6 @@
 
 <div id="mailview-right">
 
-<!-- toolbar -->
-<div id="messagetoolbar">
-</div>
-
 <div id="messagesearchtools">
 
 <!-- search filter -->
@@ -58,7 +52,7 @@
 </div>
 
 <!-- search box -->
-<div id="quicksearchbar">
+<div id="quicksearchbar" class="searchbox">
 <roundcube:object name="searchform" id="quicksearchbox" />
 <roundcube:button name="searchmenulink" id="searchmenulink" class="iconbutton searchoptions" onclick="UI.show_popup('searchmenu');return false" title="searchmod" content=" " />
 <roundcube:button command="reset-search" id="searchreset" class="iconbutton reset" title="resetsearch" content=" " />
@@ -118,7 +112,7 @@
 
 <div id="mailview-bottom" class="uibox">
 
-<div id="mailpreviewframe">
+<div id="mailpreviewframe" class="iframebox">
 <roundcube:object name="messagecontentframe" id="messagecontframe" style="width:100%; height:100%" frameborder="0" src="/watermark.html" />
 </div>
 
@@ -130,16 +124,17 @@
 
 </div><!-- end mainscreen -->
 
-<div><!-- end minwidth -->
+</div><!-- end minwidth -->
 
 <div id="searchmenu" class="popupmenu">
 	<ul class="toolbarmenu">
-		<li><label><input type="checkbox" name="s_mods[]" value="subject" id="s_mod_subject" onclick="UI.set_searchmod(this)" /> <roundcube:label name="subject" /></label></li>
-		<li><label><input type="checkbox" name="s_mods[]" value="from" id="s_mod_from" onclick="UI.set_searchmod(this)" /> <roundcube:label name="from" /></label></li>
-		<li><label><input type="checkbox" name="s_mods[]" value="to" id="s_mod_to" onclick="UI.set_searchmod(this)" /> <roundcube:label name="to" /></label></li>
-		<li><label><input type="checkbox" name="s_mods[]" value="cc" id="s_mod_cc" onclick="UI.set_searchmod(this)" /> <roundcube:label name="cc" /></label></li>
-		<li><label><input type="checkbox" name="s_mods[]" value="bcc" id="s_mod_bcc" onclick="UI.set_searchmod(this)" /> <roundcube:label name="bcc" /></label></li>
-		<li><label><input type="checkbox" name="s_mods[]" value="text" id="s_mod_text" onclick="UI.set_searchmod(this)" /> <roundcube:label name="msgtext" /></label></li>
+		<li><label><input type="checkbox" name="s_mods[]" value="subject" id="s_mod_subject" onclick="UI.set_searchmod(this)" /> <span><roundcube:label name="subject" /></span></label></li>
+		<li><label><input type="checkbox" name="s_mods[]" value="from" id="s_mod_from" onclick="UI.set_searchmod(this)" /> <span><roundcube:label name="from" /></span></label></li>
+		<li><label><input type="checkbox" name="s_mods[]" value="to" id="s_mod_to" onclick="UI.set_searchmod(this)" /> <span><roundcube:label name="to" /></span></label></li>
+		<li><label><input type="checkbox" name="s_mods[]" value="cc" id="s_mod_cc" onclick="UI.set_searchmod(this)" /> <span><roundcube:label name="cc" /></span></label></li>
+		<li><label><input type="checkbox" name="s_mods[]" value="bcc" id="s_mod_bcc" onclick="UI.set_searchmod(this)" /> <span><roundcube:label name="bcc" /></span></label></li>
+		<li><label><input type="checkbox" name="s_mods[]" value="body" id="s_mod_body" onclick="UI.set_searchmod(this)" /> <span><roundcube:label name="body" /></span></label></li>
+		<li><label><input type="checkbox" name="s_mods[]" value="text" id="s_mod_text" onclick="UI.set_searchmod(this)" /> <span><roundcube:label name="msgtext" /></span></label></li>
 	</ul>
 </div>
 
@@ -183,17 +178,19 @@
 	<fieldset class="floating">
 		<legend><roundcube:label name="listcolumns" /></legend>
 		<ul class="proplist">
-			<li><label class="disabled"><input type="checkbox" name="list_col[]" value="threads" checked="checked" disabled="disabled" /> <roundcube:label name="threads" /></label></li>
-			<li><label class="disabled"><input type="checkbox" name="list_col[]" value="subject" checked="checked" disabled="disabled" /> <roundcube:label name="subject" /></label></li>
-			<li><label><input type="checkbox" name="list_col[]" value="from" /> <roundcube:label name="fromto" /></label></li>
-			<li><label><input type="checkbox" name="list_col[]" value="replyto" /> <roundcube:label name="replyto" /></label></li>
-			<li><label><input type="checkbox" name="list_col[]" value="cc" /> <roundcube:label name="cc" /></label></li>
-			<li><label><input type="checkbox" name="list_col[]" value="date" /> <roundcube:label name="date" /></label></li>
-			<li><label><input type="checkbox" name="list_col[]" value="size" /> <roundcube:label name="size" /></label></li>
-			<li><label><input type="checkbox" name="list_col[]" value="status" /> <roundcube:label name="readstatus" /></label></li>
-			<li><label><input type="checkbox" name="list_col[]" value="attachment" /> <roundcube:label name="attachment" /></label></li>
-			<li><label><input type="checkbox" name="list_col[]" value="flag" /> <roundcube:label name="flag" /></label></li>
-			<li><label><input type="checkbox" name="list_col[]" value="priority" /> <roundcube:label name="priority" /></label></li>
+			<li><label class="disabled"><input type="checkbox" name="list_col[]" value="threads" checked="checked" disabled="disabled" /> <span><roundcube:label name="threads" /></span></label></li>
+			<li><label class="disabled"><input type="checkbox" name="list_col[]" value="subject" checked="checked" disabled="disabled" /> <span><roundcube:label name="subject" /></span></label></li>
+			<li><label><input type="checkbox" name="list_col[]" value="fromto" /> <span><roundcube:label name="fromto" /></span></label></li>
+			<li><label><input type="checkbox" name="list_col[]" value="from" /> <span><roundcube:label name="from" /></span></label></li>
+			<li><label><input type="checkbox" name="list_col[]" value="to" /> <span><roundcube:label name="to" /></span></label></li>
+			<li><label><input type="checkbox" name="list_col[]" value="replyto" /> <span><roundcube:label name="replyto" /></span></label></li>
+			<li><label><input type="checkbox" name="list_col[]" value="cc" /> <span><roundcube:label name="cc" /></span></label></li>
+			<li><label><input type="checkbox" name="list_col[]" value="date" /> <span><roundcube:label name="date" /></span></label></li>
+			<li><label><input type="checkbox" name="list_col[]" value="size" /> <span><roundcube:label name="size" /></span></label></li>
+			<li><label><input type="checkbox" name="list_col[]" value="status" /> <span><roundcube:label name="readstatus" /></span></label></li>
+			<li><label><input type="checkbox" name="list_col[]" value="attachment" /> <span><roundcube:label name="attachment" /></span></label></li>
+			<li><label><input type="checkbox" name="list_col[]" value="flag" /> <span><roundcube:label name="flag" /></span></label></li>
+			<li><label><input type="checkbox" name="list_col[]" value="priority" /> <span><roundcube:label name="priority" /></span></label></li>
 		</ul>
 	</fieldset>
 	<roundcube:endif />
@@ -201,13 +198,15 @@
 	<fieldset class="floating">
 		<legend><roundcube:label name="listsorting" /></legend>
 		<ul class="proplist">
-			<li><label><input type="radio" name="sort_col" value="" /> <roundcube:label name="nonesort" /></label></li>
-			<li><label><input type="radio" name="sort_col" value="arrival" /> <roundcube:label name="arrival" /></label></li>
-			<li><label><input type="radio" name="sort_col" value="date" /> <roundcube:label name="sentdate" /></label></li>
-			<li><label><input type="radio" name="sort_col" value="subject" /> <roundcube:label name="subject" /></label></li>
-			<li><label><input type="radio" name="sort_col" value="from" /> <roundcube:label name="fromto" /></label></li>
-			<li><label><input type="radio" name="sort_col" value="cc" /> <roundcube:label name="cc" /></label></li>
-			<li><label><input type="radio" name="sort_col" value="size" /> <roundcube:label name="size" /></label></li>
+			<li><label><input type="radio" name="sort_col" value="" /> <span><roundcube:label name="nonesort" /></span></label></li>
+			<li><label><input type="radio" name="sort_col" value="arrival" /> <span><roundcube:label name="arrival" /></span></label></li>
+			<li><label><input type="radio" name="sort_col" value="date" /> <span><roundcube:label name="sentdate" /></span></label></li>
+			<li><label><input type="radio" name="sort_col" value="subject" /> <span><roundcube:label name="subject" /></span></label></li>
+			<li><label><input type="radio" name="sort_col" value="fromto" /> <span><roundcube:label name="fromto" /></span></label></li>
+			<li><label><input type="radio" name="sort_col" value="from" /> <span><roundcube:label name="from" /></span></label></li>
+			<li><label><input type="radio" name="sort_col" value="to" /> <span><roundcube:label name="to" /></span></label></li>
+			<li><label><input type="radio" name="sort_col" value="cc" /> <span><roundcube:label name="cc" /></span></label></li>
+			<li><label><input type="radio" name="sort_col" value="size" /> <span><roundcube:label name="size" /></span></label></li>
 		</ul>
 	</fieldset>
 	<roundcube:endif />
@@ -215,8 +214,8 @@
 	<fieldset class="floating">
 		<legend><roundcube:label name="listorder" /></legend>
 		<ul class="proplist">
-			<li><label><input type="radio" name="sort_ord" value="ASC" /> <roundcube:label name="asc" /></label></li>
-			<li><label><input type="radio" name="sort_ord" value="DESC" /> <roundcube:label name="desc" /></label></li>
+			<li><label><input type="radio" name="sort_ord" value="ASC" /> <span><roundcube:label name="asc" /></span></label></li>
+			<li><label><input type="radio" name="sort_ord" value="DESC" /> <span><roundcube:label name="desc" /></span></label></li>
 		</ul>
 	</fieldset>
 	<roundcube:endif />

--
Gitblit v1.9.1