From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 skins/larry/templates/message.html |    9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/skins/larry/templates/message.html b/skins/larry/templates/message.html
index 92bb358..0179b6b 100644
--- a/skins/larry/templates/message.html
+++ b/skins/larry/templates/message.html
@@ -14,7 +14,6 @@
 <div id="messagetoolbar" class="toolbar fullwidth">
 <roundcube:if condition="!env:extwin" />
 	<roundcube:button command="list" type="link" class="button back disabled" classAct="button back" classSel="button back pressed" label="back" />
-	<span class="spacer"></span>
 <roundcube:endif />
 	<roundcube:include file="/includes/mailtoolbar.html" />
 	<div class="toolbarselect">
@@ -29,7 +28,7 @@
 <!-- folders list -->
 <div id="mailboxcontainer" class="uibox listbox">
 <div class="scroller">
-<roundcube:object name="mailboxlist" id="mailboxlist" class="listing" folder_filter="mail" unreadwrap="%s" />
+<roundcube:object name="mailboxlist" id="mailboxlist" class="treelist listing" folder_filter="mail" unreadwrap="%s" />
 </div>
 </div>
 
@@ -42,10 +41,12 @@
 <roundcube:endif />
 
 <div id="messageheader">
-<span id="previewheaderstoggle"></span>
+<span class="moreheaderstoggle"></span>
 
 <h2 class="subject"><roundcube:object name="messageHeaders" valueOf="subject" /></h2>
+<div class="message-headers">
 <roundcube:object name="messageHeaders" class="headers-table" addicon="/images/addcontact.png" exclude="subject" max="20" />
+</div>
 <roundcube:object name="messageFullHeaders" id="full-headers" />
 
 <!-- record navigation -->
@@ -64,7 +65,7 @@
 </div>
 <div class="leftcol">
 <roundcube:object name="messageObjects" id="message-objects" />
-<roundcube:object name="messageBody" id="messagebody" />
+<roundcube:object name="messageBody" id="messagebody" headertableclass="message-partheaders headers-table" />
 </div>
 </div>
 

--
Gitblit v1.9.1