From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
skins/larry/ui.js | 144 +++++++++++++++++++++++++++++++++--------------
1 files changed, 101 insertions(+), 43 deletions(-)
diff --git a/skins/larry/ui.js b/skins/larry/ui.js
index c221b86..36b5235 100644
--- a/skins/larry/ui.js
+++ b/skins/larry/ui.js
@@ -21,7 +21,6 @@
dragmessagemenu: { sticky:1 },
groupmenu: { above:1 },
mailboxmenu: { above:1 },
- composeoptionsmenu: { editable:1, overlap:1 },
spellmenu: { callback: spellmenu },
// toggle: #1486823, #1486930
'attachment-form': { editable:1, above:1, toggle:!bw.ie&&!bw.linux },
@@ -44,6 +43,19 @@
this.hide_header_row = hide_header_row;
+ // set minimal mode on small screens (don't wait for document.ready)
+ if (window.$ && document.body) {
+ var minmode = rcmail.get_cookie('minimalmode');
+ if (parseInt(minmode) || (minmode === null && $(window).height() < 850)) {
+ $(document.body).addClass('minimal');
+ }
+
+ if (bw.tablet) {
+ $('#viewport').attr('content', "width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0");
+ }
+ }
+
+
/**
*
*/
@@ -60,6 +72,17 @@
{
rcmail.addEventListener('message', message_displayed);
+ /*** prepare minmode functions ***/
+ $('#taskbar a').each(function(i,elem){
+ $(elem).append('<span class="tooltip">' + $('.button-inner', this).html() + '</span>')
+ });
+
+ $('#taskbar .minmodetoggle').click(function(e){
+ var ismin = $(document.body).toggleClass('minimal').hasClass('minimal');
+ rcmail.set_cookie('minimalmode', ismin?1:0);
+ $(window).resize();
+ });
+
/*** mail task ***/
if (rcmail.env.task == 'mail') {
rcmail.addEventListener('menu-open', show_listoptions);
@@ -73,9 +96,9 @@
}
if (rcmail.env.action == 'show' || rcmail.env.action == 'preview') {
- layout_messageview();
- $('#previewheaderstoggle').click(function(e){ toggle_preview_headers(this); return false; });
- $('#headerstoggleall').click(function(e){ toggle_all_headers(this); return false; });
+ rcmail.addEventListener('aftershow-headers', function() { layout_messageview(); });
+ rcmail.addEventListener('afterhide-headers', function() { layout_messageview(); });
+ $('#previewheaderstoggle').click(function(e){ toggle_preview_headers(this); return false });
}
else if (rcmail.env.action == 'compose') {
rcmail.addEventListener('aftertoggle-editor', function(){ window.setTimeout(function(){ layout_composeview() }, 200); });
@@ -90,12 +113,17 @@
show_header_row(fields[f], true);
}
- $('#composeoptionstoggle').parent().click(function(){
- $('#composeoptionstoggle').toggleClass('enabled');
+ $('#composeoptionstoggle').click(function(){
+ $('#composeoptionstoggle').toggleClass('remove');
$('#composeoptions').toggle();
layout_composeview();
return false;
}).css('cursor', 'pointer');
+
+ // toggle compose options if opened in new window and they were visible before
+ var opener_rc = rcmail.opener();
+ if (opener_rc && opener_rc.env.action == 'compose' && $('#composeoptionstoggle', opener.document).hasClass('remove'))
+ $('#composeoptionstoggle').click();
new rcube_splitter({ id:'composesplitterv', p1:'#composeview-left', p2:'#composeview-right',
orientation:'v', relative:true, start:248, min:170, size:12, render:layout_composeview }).init();
@@ -152,6 +180,8 @@
/*** addressbook task ***/
else if (rcmail.env.task == 'addressbook') {
rcmail.addEventListener('afterupload-photo', show_uploadform);
+ rcmail.addEventListener('beforepushgroup', push_contactgroup);
+ rcmail.addEventListener('beforepopgroup', pop_contactgroup);
if (rcmail.env.action == '') {
new rcube_splitter({ id:'addressviewsplitterd', p1:'#addressview-left', p2:'#addressview-right',
@@ -220,8 +250,13 @@
$('iframe').load(function(e){
// this = iframe
- var doc = this.contentDocument ? this.contentDocument : this.contentWindow ? this.contentWindow.document : null;
- $(doc).mouseup(body_mouseup);
+ try {
+ var doc = this.contentDocument ? this.contentDocument : this.contentWindow ? this.contentWindow.document : null;
+ $(doc).mouseup(body_mouseup);
+ }
+ catch (e) {
+ // catch possible "Permission denied" error in IE
+ };
})
.contents().mouseup(body_mouseup);
@@ -288,14 +323,21 @@
{
// show a popup dialog on errors
if (p.type == 'error' && rcmail.env.task != 'login') {
+ if (me.message_timer) {
+ window.clearTimeout(me.message_timer);
+ }
if (!me.messagedialog) {
- me.messagedialog = $('<div>').addClass('popupdialog');
+ me.messagedialog = $('<div>').addClass('popupdialog').hide();
}
- var pos = $(p.object).offset();
+ var msg = p.message,
+ pos = $(p.object).offset();
pos.top -= (rcmail.env.task == 'login' ? 20 : 160);
- me.messagedialog.dialog('close');
- me.messagedialog.html(p.message)
+
+ if (me.messagedialog.is(':visible'))
+ msg = me.messagedialog.html() + '<p>' + p.message + '</p>';
+
+ me.messagedialog.html(msg)
.dialog({
resizable: false,
closeOnEscape: true,
@@ -310,7 +352,7 @@
minHeight: 90
}).show();
- window.setTimeout(function(){ me.messagedialog.dialog('close'); }, Math.max(2000, p.timeout / 2));
+ me.message_timer = window.setTimeout(function(){ me.messagedialog.dialog('close'); }, Math.max(2000, p.timeout / 2));
}
}
@@ -320,6 +362,7 @@
*/
function layout_messageview()
{
+ $('#messagecontent').css('top', ($('#messageheader').outerHeight() + 1) + 'px');
$('#message-objects div a').addClass('button');
if (!$('#attachment-list li').length) {
@@ -346,9 +389,14 @@
var body = $('#composebody'),
form = $('#compose-content'),
bottom = $('#composeview-bottom'),
- w, h;
+ w, h, bh, ovflw, btns = 0,
+ minheight = 300,
- bottom.css('height', (form.height() - bottom.position().top) + 'px');
+ bh = (form.height() - bottom.position().top);
+ ovflw = minheight - bh;
+ btns = ovflw > -100 ? 0 : 40;
+ bottom.css('height', Math.max(minheight, bh) + 'px');
+ form.css('overflow', ovflw > 0 ? 'auto' : 'hidden');
w = body.parent().width() - 5;
h = body.parent().height() - 16;
@@ -357,6 +405,8 @@
$('#composebody_tbl').width((w+8)+'px').height('').css('margin-top', '1px');
$('#composebody_ifr').width((w+8)+'px').height((h-40)+'px');
$('#googie_edit_layer').height(h+'px');
+// $('#composebodycontainer')[(btns ? 'addClass' : 'removeClass')]('buttons');
+// $('#composeformbuttons')[(btns ? 'show' : 'hide')]();
var abooks = $('#directorylist');
$('#compose-contacts .scroller').css('top', abooks.position().top + abooks.outerHeight());
@@ -512,31 +562,13 @@
{
$('#preview-shortheaders').toggle();
var full = $('#preview-allheaders').toggle(),
- button = $('#previewheaderstoggle');
-
- if (!$('#headerstoggleall').length)
- $('#all-headers').toggle();
+ button = $('a#previewheaderstoggle');
// add toggle button to full headers table
- if (full.is(':visible')) {
- button.attr('href', '#hide').removeClass('add').addClass('remove');
- }
- else {
- button.attr('href', '#details').removeClass('remove').addClass('add');
- }
- }
-
-
- /**
- * Show/hide all message headers
- */
- function toggle_all_headers(button)
- {
- rcmail.command('show-headers', '', button);
- $(button).remove();
- $('#previewheaderstoggle span').css({bottom: '5px'});
-
- return false;
+ if (full.is(':visible'))
+ button.attr('href', '#hide').removeClass('add').addClass('remove')
+ else
+ button.attr('href', '#details').removeClass('remove').addClass('add')
}
@@ -639,8 +671,6 @@
$('input[name="sort_col"][value="'+rcmail.env.sort_col+'"]').prop('checked', true);
$('input[name="sort_ord"][value="DESC"]').prop('checked', rcmail.env.sort_order == 'DESC');
$('input[name="sort_ord"][value="ASC"]').prop('checked', rcmail.env.sort_order != 'DESC');
- $('input[name="view"][value="thread"]').prop('checked', rcmail.env.threading ? true : false);
- $('input[name="view"][value="list"]').prop('checked', rcmail.env.threading ? false : true);
// set checkboxes
$('input[name="list_col[]"]').each(function() {
@@ -669,11 +699,10 @@
var sort = $('input[name="sort_col"]:checked').val(),
ord = $('input[name="sort_ord"]:checked').val(),
- thread = $('input[name="view"]:checked').val(),
cols = $('input[name="list_col[]"]:checked')
.map(function(){ return this.value; }).get();
- rcmail.set_list_options(cols, sort, ord, thread == 'thread' ? 1 : 0);
+ rcmail.set_list_options(cols, sort, ord, rcmail.env.threading);
}
@@ -725,6 +754,35 @@
});
}
+ function push_contactgroup(p)
+ {
+ // lets the contacts list swipe to the left, nice!
+ var table = $('#contacts-table'),
+ scroller = table.parent().css('overflow', 'hidden');
+
+ table.clone()
+ .css({ position:'absolute', top:'0', left:'0', width:table.width()+'px', 'z-index':10 })
+ .appendTo(scroller)
+ .animate({ left: -(table.width()+5) + 'px' }, 300, 'swing', function(){
+ $(this).remove();
+ scroller.css('overflow', 'auto')
+ });
+ }
+
+ function pop_contactgroup(p)
+ {
+ // lets the contacts list swipe to the left, nice!
+ var table = $('#contacts-table'),
+ scroller = table.parent().css('overflow', 'hidden'),
+ clone = table.clone().appendTo(scroller);
+
+ table.css({ position:'absolute', top:'0', left:-(table.width()+5) + 'px', width:table.width()+'px', height:table.height()+'px', 'z-index':10 })
+ .animate({ left:'0' }, 300, 'linear', function(){
+ clone.remove();
+ $(this).css({ position:'relative', left:'0', width:'100%', height:'auto', 'z-index':1 });
+ scroller.css('overflow', 'auto')
+ });
+ }
function show_uploadform()
{
@@ -735,7 +793,7 @@
$dialog.dialog('close');
return;
}
-
+
// add icons to clone file input field
if (rcmail.env.action == 'compose' && !$dialog.data('extended')) {
$('<a>')
--
Gitblit v1.9.1