From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 skins/larry/ui.js |   48 ++++++++++++++++++++++++++++++++++++++++--------
 1 files changed, 40 insertions(+), 8 deletions(-)

diff --git a/skins/larry/ui.js b/skins/larry/ui.js
index 4485a21..36b5235 100644
--- a/skins/larry/ui.js
+++ b/skins/larry/ui.js
@@ -1,7 +1,7 @@
 /**
  * Roundcube functions for default skin interface
  *
- * Copyright (c) 2013, The Roundcube Dev Team
+ * Copyright (c) 2011, The Roundcube Dev Team
  *
  * The contents are subject to the Creative Commons Attribution-ShareAlike
  * License. It is allowed to copy, distribute, transmit and to adapt the work
@@ -48,6 +48,10 @@
     var minmode = rcmail.get_cookie('minimalmode');
     if (parseInt(minmode) || (minmode === null && $(window).height() < 850)) {
       $(document.body).addClass('minimal');
+    }
+
+    if (bw.tablet) {
+      $('#viewport').attr('content', "width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0");
     }
   }
 
@@ -176,6 +180,8 @@
     /***  addressbook task  ***/
     else if (rcmail.env.task == 'addressbook') {
       rcmail.addEventListener('afterupload-photo', show_uploadform);
+      rcmail.addEventListener('beforepushgroup', push_contactgroup);
+      rcmail.addEventListener('beforepopgroup', pop_contactgroup);
 
       if (rcmail.env.action == '') {
         new rcube_splitter({ id:'addressviewsplitterd', p1:'#addressview-left', p2:'#addressview-right',
@@ -665,8 +671,6 @@
     $('input[name="sort_col"][value="'+rcmail.env.sort_col+'"]').prop('checked', true);
     $('input[name="sort_ord"][value="DESC"]').prop('checked', rcmail.env.sort_order == 'DESC');
     $('input[name="sort_ord"][value="ASC"]').prop('checked', rcmail.env.sort_order != 'DESC');
-    $('input[name="view"][value="thread"]').prop('checked', rcmail.env.threading ? true : false);
-    $('input[name="view"][value="list"]').prop('checked', rcmail.env.threading ? false : true);
 
     // set checkboxes
     $('input[name="list_col[]"]').each(function() {
@@ -695,11 +699,10 @@
 
     var sort = $('input[name="sort_col"]:checked').val(),
       ord = $('input[name="sort_ord"]:checked').val(),
-      thread = $('input[name="view"]:checked').val(),
       cols = $('input[name="list_col[]"]:checked')
         .map(function(){ return this.value; }).get();
 
-    rcmail.set_list_options(cols, sort, ord, thread == 'thread' ? 1 : 0);
+    rcmail.set_list_options(cols, sort, ord, rcmail.env.threading);
   }
 
 
@@ -751,6 +754,35 @@
     });
   }
 
+  function push_contactgroup(p)
+  {
+    // lets the contacts list swipe to the left, nice!
+    var table = $('#contacts-table'),
+      scroller = table.parent().css('overflow', 'hidden');
+
+    table.clone()
+      .css({ position:'absolute', top:'0', left:'0', width:table.width()+'px', 'z-index':10 })
+      .appendTo(scroller)
+      .animate({ left: -(table.width()+5) + 'px' }, 300, 'swing', function(){
+        $(this).remove();
+        scroller.css('overflow', 'auto')
+      });
+  }
+
+  function pop_contactgroup(p)
+  {
+    // lets the contacts list swipe to the left, nice!
+    var table = $('#contacts-table'),
+      scroller = table.parent().css('overflow', 'hidden'),
+      clone = table.clone().appendTo(scroller);
+
+      table.css({ position:'absolute', top:'0', left:-(table.width()+5) + 'px', width:table.width()+'px', height:table.height()+'px', 'z-index':10 })
+        .animate({ left:'0' }, 300, 'linear', function(){
+        clone.remove();
+        $(this).css({ position:'relative', left:'0', width:'100%', height:'auto', 'z-index':1 });
+        scroller.css('overflow', 'auto')
+      });
+  }
 
   function show_uploadform()
   {
@@ -761,7 +793,7 @@
       $dialog.dialog('close');
       return;
     }
-    
+
     // add icons to clone file input field
     if (rcmail.env.action == 'compose' && !$dialog.data('extended')) {
       $('<a>')
@@ -946,11 +978,11 @@
   this.delay = 500;
 
   this.top
-    .mouseenter(function() { if (rcmail.drag_active) ref.ts = window.setTimeout(function() { ref.scroll('down'); }, ref.delay); })
+    .mouseenter(function() { ref.ts = window.setTimeout(function() { ref.scroll('down'); }, ref.delay); })
     .mouseout(function() { if (ref.ts) window.clearTimeout(ref.ts); });
 
   this.bottom
-    .mouseenter(function() { if (rcmail.drag_active) ref.ts = window.setTimeout(function() { ref.scroll('up'); }, ref.delay); })
+    .mouseenter(function() { ref.ts = window.setTimeout(function() { ref.scroll('up'); }, ref.delay); })
     .mouseout(function() { if (ref.ts) window.clearTimeout(ref.ts); });
 
   this.scroll = function(dir)

--
Gitblit v1.9.1