From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
skins/larry/templates/message.html | 45 ++++++++++++++++++++++++++++-----------------
1 files changed, 28 insertions(+), 17 deletions(-)
diff --git a/skins/larry/templates/message.html b/skins/larry/templates/message.html
index 2509662..0179b6b 100644
--- a/skins/larry/templates/message.html
+++ b/skins/larry/templates/message.html
@@ -4,35 +4,49 @@
<title><roundcube:object name="pagetitle" /></title>
<roundcube:include file="/includes/links.html" />
</head>
-<body class="noscroll">
+<roundcube:if condition="env:extwin" /><body class="noscroll extwin"><roundcube:else /><body class="noscroll"><roundcube:endif />
<roundcube:include file="/includes/header.html" />
<div id="mainscreen">
+<!-- toolbar -->
+<div id="messagetoolbar" class="toolbar fullwidth">
+<roundcube:if condition="!env:extwin" />
+ <roundcube:button command="list" type="link" class="button back disabled" classAct="button back" classSel="button back pressed" label="back" />
+<roundcube:endif />
+ <roundcube:include file="/includes/mailtoolbar.html" />
+ <div class="toolbarselect">
+ <roundcube:object name="mailboxlist" type="select" noSelection="moveto" maxlength="25" onchange="rcmail.command('moveto', this.options[this.selectedIndex].value)" class="mailboxlist decorated" folder_filter="mail" />
+ </div>
+</div>
+
+<roundcube:if condition="!env:extwin" />
+
<div id="mailview-left">
-<roundcube:object name="mailboxlist" type="select" noSelection="moveto" maxlength="25" onchange="rcmail.command('moveto', this.options[this.selectedIndex].value)" class="mailboxlist" folder_filter="mail" />
<!-- folders list -->
<div id="mailboxcontainer" class="uibox listbox">
<div class="scroller">
-<roundcube:object name="mailboxlist" id="mailboxlist" class="listing" folder_filter="mail" unreadwrap="%s" />
+<roundcube:object name="mailboxlist" id="mailboxlist" class="treelist listing" folder_filter="mail" unreadwrap="%s" />
</div>
</div>
</div>
-<div id="mailview-right">
+<div id="mailview-right" class="offset uibox">
+<roundcube:else />
-<!-- toolbar -->
-<div id="messagetoolbar" class="fullwidth">
-<roundcube:include file="/includes/mailtoolbar.html" />
-</div>
+<div id="mailview-right" class="offset fullwidth uibox">
+<roundcube:endif />
-<div id="mailview-top">
-<div id="messageheader" class="uibox">
+<div id="messageheader">
+<span class="moreheaderstoggle"></span>
+
<h2 class="subject"><roundcube:object name="messageHeaders" valueOf="subject" /></h2>
-<roundcube:object name="messageHeaders" class="headers-table" addicon="/images/addcontact.png" exclude="subject" />
+<div class="message-headers">
+<roundcube:object name="messageHeaders" class="headers-table" addicon="/images/addcontact.png" exclude="subject" max="20" />
+</div>
<roundcube:object name="messageFullHeaders" id="full-headers" />
<!-- record navigation -->
@@ -42,23 +56,20 @@
<roundcube:button command="nextmessage" type="link" class="button nextpage disabled" classAct="button nextpage" classSel="button nextpage pressed" innerClass="inner" title="nextmessage" content="&gt;" />
</div>
+<div id="contactphoto"><roundcube:object name="contactphoto" /></div>
</div>
-<div id="messagecontent" class="uibox">
+<div id="messagecontent">
<div class="rightcol">
<roundcube:object name="messageAttachments" id="attachment-list" class="attachmentslist" />
</div>
<div class="leftcol">
<roundcube:object name="messageObjects" id="message-objects" />
-<roundcube:object name="messageBody" id="messagebody" />
+<roundcube:object name="messageBody" id="messagebody" headertableclass="message-partheaders headers-table" />
</div>
</div>
-</div><!-- end mailview-top -->
-
-<div id="mailview-bottom" class="uibox">
<roundcube:object name="message" id="message" class="statusbar" />
-</div>
</div><!-- end mailview-right -->
--
Gitblit v1.9.1