From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
skins/larry/templates/message.html | 67 +++++++++++++++++++--------------
1 files changed, 38 insertions(+), 29 deletions(-)
diff --git a/skins/larry/templates/message.html b/skins/larry/templates/message.html
index 9cb5928..0179b6b 100644
--- a/skins/larry/templates/message.html
+++ b/skins/larry/templates/message.html
@@ -4,63 +4,72 @@
<title><roundcube:object name="pagetitle" /></title>
<roundcube:include file="/includes/links.html" />
</head>
-<body>
+<roundcube:if condition="env:extwin" /><body class="noscroll extwin"><roundcube:else /><body class="noscroll"><roundcube:endif />
<roundcube:include file="/includes/header.html" />
<div id="mainscreen">
+<!-- toolbar -->
+<div id="messagetoolbar" class="toolbar fullwidth">
+<roundcube:if condition="!env:extwin" />
+ <roundcube:button command="list" type="link" class="button back disabled" classAct="button back" classSel="button back pressed" label="back" />
+<roundcube:endif />
+ <roundcube:include file="/includes/mailtoolbar.html" />
+ <div class="toolbarselect">
+ <roundcube:object name="mailboxlist" type="select" noSelection="moveto" maxlength="25" onchange="rcmail.command('moveto', this.options[this.selectedIndex].value)" class="mailboxlist decorated" folder_filter="mail" />
+ </div>
+</div>
+
+<roundcube:if condition="!env:extwin" />
+
<div id="mailview-left">
-<roundcube:object name="mailboxlist" type="select" noSelection="moveto" maxlength="25" onchange="rcmail.command('moveto', this.options[this.selectedIndex].value)" class="mailboxlist" folder_filter="mail" />
<!-- folders list -->
<div id="mailboxcontainer" class="uibox listbox">
<div class="scroller">
-<roundcube:object name="mailboxlist" id="mailboxlist"class="listing" folder_filter="mail" />
+<roundcube:object name="mailboxlist" id="mailboxlist" class="treelist listing" folder_filter="mail" unreadwrap="%s" />
</div>
</div>
</div>
-<div id="mailview-right">
+<div id="mailview-right" class="offset uibox">
+<roundcube:else />
-<!-- toolbar -->
-<div id="messagetoolbar" class="fullwidth">
-<roundcube:include file="/includes/mailtoolbar.html" />
+<div id="mailview-right" class="offset fullwidth uibox">
+<roundcube:endif />
+
+<div id="messageheader">
+<span class="moreheaderstoggle"></span>
+
+<h2 class="subject"><roundcube:object name="messageHeaders" valueOf="subject" /></h2>
+<div class="message-headers">
+<roundcube:object name="messageHeaders" class="headers-table" addicon="/images/addcontact.png" exclude="subject" max="20" />
</div>
-
-<div id="mailview-top">
-<div id="messageheader" class="uibox">
-<roundcube:object name="messageHeaders" class="headers-table" addicon="/images/addcontact.png" />
<roundcube:object name="messageFullHeaders" id="full-headers" />
+
+<!-- record navigation -->
+<div id="countcontrols" class="pagenav">
+ <roundcube:object name="messageCountDisplay" class="countdisplay" />
+ <roundcube:button command="previousmessage" type="link" class="button prevpage disabled" classAct="button prevpage" classSel="button prevpage pressed" innerClass="inner" title="previousmessage" content="&lt;" />
+ <roundcube:button command="nextmessage" type="link" class="button nextpage disabled" classAct="button nextpage" classSel="button nextpage pressed" innerClass="inner" title="nextmessage" content="&gt;" />
</div>
-<div id="messagecontent" class="uibox">
+<div id="contactphoto"><roundcube:object name="contactphoto" /></div>
+</div>
+
+<div id="messagecontent">
<div class="rightcol">
-<roundcube:object name="messageAttachments" id="attachment-list" />
+<roundcube:object name="messageAttachments" id="attachment-list" class="attachmentslist" />
</div>
<div class="leftcol">
<roundcube:object name="messageObjects" id="message-objects" />
-<roundcube:object name="messageBody" id="messagebody" />
+<roundcube:object name="messageBody" id="messagebody" headertableclass="message-partheaders headers-table" />
</div>
</div>
-<!-- list footer -->
-<div id="messagelistfooter" class="rightalign">
- <div id="countcontrols" class="pagenav">
- <roundcube:object name="messageCountDisplay" class="countdisplay" />
- <roundcube:button command="firstmessage" type="link" class="button firstpage disabled" classAct="button firstpage" classSel="button firstpage pressed" innerClass="inner" title="firstmessage" content="|&lt;" />
- <roundcube:button command="previousmessage" type="link" class="button prevpage disabled" classAct="button prevpage" classSel="button prevpage pressed" innerClass="inner" title="previousmessage" content="&lt;" />
- <roundcube:button command="nextmessage" type="link" class="button nextpage disabled" classAct="button nextpage" classSel="button nextpage pressed" innerClass="inner" title="nextmessage" content="&gt;" />
- <roundcube:button command="lastmessage" type="link" class="button lastpage disabled" classAct="button lastpage" classSel="button lastpage pressed" innerClass="inner" title="lastmessage" content="&gt;|" />
- </div>
-</div>
-
-</div><!-- end mailview-top -->
-
-<div id="mailview-bottom" class="uibox">
<roundcube:object name="message" id="message" class="statusbar" />
-</div>
</div><!-- end mailview-right -->
--
Gitblit v1.9.1