From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001 From: Aleksander Machniak <alec@alec.pl> Date: Tue, 22 Oct 2013 08:17:26 -0400 Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382) --- skins/larry/templates/messagepreview.html | 17 ++++++++++------- 1 files changed, 10 insertions(+), 7 deletions(-) diff --git a/skins/larry/templates/messagepreview.html b/skins/larry/templates/messagepreview.html index cd9c234..aef282a 100644 --- a/skins/larry/templates/messagepreview.html +++ b/skins/larry/templates/messagepreview.html @@ -6,24 +6,27 @@ </head> <body class="iframe fullheight"> -<div id="messagepreviewheader"> +<div id="messageheader" class="previewheader"> <h3 class="subject"><roundcube:object name="messageHeaders" valueOf="subject" /></h3> -<a href="#details" id="previewheaderstoggle" class="iconlink add"></a> +<a href="#details" id="previewheaderstoggle" class="moreheaderstoggle"><span class="iconlink" title="<roundcube:label name='togglemoreheaders' />"></span></a> +<div id="contactphoto"><roundcube:object name="contactphoto" /></div> <table class="headers-table" id="preview-shortheaders"><tbody><tr> <roundcube:if condition="env:mailbox == config:drafts_mbox || env:mailbox == config:sent_mbox"> <td class="header-title"><roundcube:label name="to" /></td> - <td class="header from"><roundcube:object name="messageHeaders" valueOf="to" addicon="/images/addcontact.png" /></td> + <td class="header from"><roundcube:object name="messageHeaders" valueOf="to" max="3" addicon="/images/addcontact.png" /></td> <roundcube:else /> <td class="header-title"><roundcube:label name="from" /></td> <td class="header from"><roundcube:object name="messageHeaders" valueOf="from" addicon="/images/addcontact.png" /></td> <roundcube:endif /> <td class="header-title"><roundcube:label name="date" /></td> - <td class="header from"><roundcube:object name="messageHeaders" valueOf="date" /></td> + <td class="header date"><span><roundcube:object name="messageHeaders" valueOf="date" /></span></td> </tr></tbody></table> -<roundcube:object name="messageHeaders" id="preview-allheaders" class="headers-table" addicon="/images/addcontact.png" exclude="subject,replyto" /> +<roundcube:object name="messageHeaders" id="preview-allheaders" class="headers-table" addicon="/images/addcontact.png" max="10" exclude="subject,replyto" /> + +<roundcube:object name="messageFullHeaders" id="full-headers" /> <!-- record navigation --> <div id="countcontrols" class="pagenav"> @@ -33,7 +36,7 @@ <roundcube:button command="forward" type="link" class="button forward" classSel="button forward pressed" innerClass="inner" title="forwardmessage" content="->" /> <roundcube:endif /> - <roundcube:button command="permaurl" type="link" class="button extwin" classSel="button extwin pressed" innerClass="inner" title="openinextwin" content="[]" target="_blank" /> + <roundcube:button command="extwin" type="link" class="button extwin" classSel="button extwin pressed" innerClass="inner" title="openinextwin" content="[]" /> </div> </div> @@ -44,7 +47,7 @@ </div> <div class="leftcol"> <roundcube:object name="messageObjects" id="message-objects" /> -<roundcube:object name="messageBody" id="messagebody" /> +<roundcube:object name="messageBody" id="messagebody" headertableclass="message-partheaders headers-table" /> </div> </div> -- Gitblit v1.9.1