From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 skins/larry/ui.js |   39 +++++++++++++++++++++++++++++++++++----
 1 files changed, 35 insertions(+), 4 deletions(-)

diff --git a/skins/larry/ui.js b/skins/larry/ui.js
index 19f8a51..36b5235 100644
--- a/skins/larry/ui.js
+++ b/skins/larry/ui.js
@@ -1,7 +1,7 @@
 /**
  * Roundcube functions for default skin interface
  *
- * Copyright (c) 2013, The Roundcube Dev Team
+ * Copyright (c) 2011, The Roundcube Dev Team
  *
  * The contents are subject to the Creative Commons Attribution-ShareAlike
  * License. It is allowed to copy, distribute, transmit and to adapt the work
@@ -180,6 +180,8 @@
     /***  addressbook task  ***/
     else if (rcmail.env.task == 'addressbook') {
       rcmail.addEventListener('afterupload-photo', show_uploadform);
+      rcmail.addEventListener('beforepushgroup', push_contactgroup);
+      rcmail.addEventListener('beforepopgroup', pop_contactgroup);
 
       if (rcmail.env.action == '') {
         new rcube_splitter({ id:'addressviewsplitterd', p1:'#addressview-left', p2:'#addressview-right',
@@ -752,6 +754,35 @@
     });
   }
 
+  function push_contactgroup(p)
+  {
+    // lets the contacts list swipe to the left, nice!
+    var table = $('#contacts-table'),
+      scroller = table.parent().css('overflow', 'hidden');
+
+    table.clone()
+      .css({ position:'absolute', top:'0', left:'0', width:table.width()+'px', 'z-index':10 })
+      .appendTo(scroller)
+      .animate({ left: -(table.width()+5) + 'px' }, 300, 'swing', function(){
+        $(this).remove();
+        scroller.css('overflow', 'auto')
+      });
+  }
+
+  function pop_contactgroup(p)
+  {
+    // lets the contacts list swipe to the left, nice!
+    var table = $('#contacts-table'),
+      scroller = table.parent().css('overflow', 'hidden'),
+      clone = table.clone().appendTo(scroller);
+
+      table.css({ position:'absolute', top:'0', left:-(table.width()+5) + 'px', width:table.width()+'px', height:table.height()+'px', 'z-index':10 })
+        .animate({ left:'0' }, 300, 'linear', function(){
+        clone.remove();
+        $(this).css({ position:'relative', left:'0', width:'100%', height:'auto', 'z-index':1 });
+        scroller.css('overflow', 'auto')
+      });
+  }
 
   function show_uploadform()
   {
@@ -762,7 +793,7 @@
       $dialog.dialog('close');
       return;
     }
-    
+
     // add icons to clone file input field
     if (rcmail.env.action == 'compose' && !$dialog.data('extended')) {
       $('<a>')
@@ -947,11 +978,11 @@
   this.delay = 500;
 
   this.top
-    .mouseenter(function() { if (rcmail.drag_active) ref.ts = window.setTimeout(function() { ref.scroll('down'); }, ref.delay); })
+    .mouseenter(function() { ref.ts = window.setTimeout(function() { ref.scroll('down'); }, ref.delay); })
     .mouseout(function() { if (ref.ts) window.clearTimeout(ref.ts); });
 
   this.bottom
-    .mouseenter(function() { if (rcmail.drag_active) ref.ts = window.setTimeout(function() { ref.scroll('up'); }, ref.delay); })
+    .mouseenter(function() { ref.ts = window.setTimeout(function() { ref.scroll('up'); }, ref.delay); })
     .mouseout(function() { if (ref.ts) window.clearTimeout(ref.ts); });
 
   this.scroll = function(dir)

--
Gitblit v1.9.1