From f7c50e28dbd637b3b60c6aea0fac3768f8f59f05 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Fri, 25 Jan 2013 11:57:09 -0500
Subject: [PATCH] Merge branch 'release-0.8' of github.com:roundcube/roundcubemail into release-0.8

---
 CHANGELOG                   |    4 ++
 installer/check.php         |    7 +++
 skins/larry/iehacks.css     |    6 +++
 installer/rcube_install.php |    7 +++
 installer/config.php        |    7 +++
 program/steps/mail/func.inc |    2 
 installer/test.php          |    7 +++
 program/steps/mail/get.inc  |    7 +++
 skins/larry/styles.css      |    1 
 skins/classic/iehacks.css   |    8 ---
 program/js/app.js           |    2 
 skins/larry/mail.css        |    3 -
 program/lib/washtml.php     |    2 
 13 files changed, 50 insertions(+), 13 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 981031c..eb3948c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,10 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Fix #countcontrols issue in IE<=8 when text is very long (#1488890)
+- Fix unwanted horizontal scrollbar in message preview header (#1488866)
+- Add workaround for IE<=8 bug where Content-Disposition:inline was ignored (#1488844)
+- Fix XSS vulnerability in vbscript: and data:text links handling (#1488850)
 - Fix absolute positioning in HTML messages (#1488819)
 - Fix keybord events on messages list in opera browser (#1488823)
 - Fix cache (in)validation after setting \Deleted flag
diff --git a/installer/check.php b/installer/check.php
index 5cb3022..514ec42 100644
--- a/installer/check.php
+++ b/installer/check.php
@@ -1,3 +1,10 @@
+<?php
+
+if (!class_exists('rcube_install') || !is_object($RCI)) {
+    die("Not allowed! Please open installer/index.php instead.");
+}
+
+?>
 <form action="index.php" method="get">
 <?php
 
diff --git a/installer/config.php b/installer/config.php
index bd676b1..41aa36e 100644
--- a/installer/config.php
+++ b/installer/config.php
@@ -1,3 +1,10 @@
+<?php
+
+if (!class_exists('rcube_install') || !is_object($RCI)) {
+    die("Not allowed! Please open installer/index.php instead.");
+}
+
+?>
 <form action="index.php" method="post">
 <input type="hidden" name="_step" value="2" />
 <?php
diff --git a/installer/rcube_install.php b/installer/rcube_install.php
index 2688bd7..6c6555f 100644
--- a/installer/rcube_install.php
+++ b/installer/rcube_install.php
@@ -251,7 +251,12 @@
         $seen[$prop] = true;
       }
     }
-    
+
+    // the old default mime_magic reference is obsolete
+    if ($this->config['mime_magic'] == '/usr/share/misc/magic') {
+        $out['obsolete'][] = array('prop' => 'mime_magic', 'explain' => "Set value to null in order to use system default");
+    }
+
     // iterate over default config
     foreach ($defaults as $prop => $value) {
       if (!isset($seen[$prop]) && isset($required[$prop]) && !(is_bool($this->config[$prop]) || strlen($this->config[$prop])))
diff --git a/installer/test.php b/installer/test.php
index 2dd3305..b8b60cf 100644
--- a/installer/test.php
+++ b/installer/test.php
@@ -1,3 +1,10 @@
+<?php
+
+if (!class_exists('rcube_install') || !is_object($RCI)) {
+    die("Not allowed! Please open installer/index.php instead.");
+}
+
+?>
 <form action="index.php?_step=3" method="post">
 
 <h3>Check config files</h3>
diff --git a/program/js/app.js b/program/js/app.js
index 8fe68bf..08411f0 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -2541,7 +2541,7 @@
     for (i=0, len=selection.length; i<len; i++) {
       uid = selection[i];
       if (list.rows[uid].has_children && !list.rows[uid].expanded)
-        list.select_childs(uid);
+        list.select_children(uid);
     }
 
     // if config is set to flag for deletion
diff --git a/program/lib/washtml.php b/program/lib/washtml.php
index 0d4ffdb..d13d664 100644
--- a/program/lib/washtml.php
+++ b/program/lib/washtml.php
@@ -214,7 +214,7 @@
       $key = strtolower($key);
       $value = $node->getAttribute($key);
       if (isset($this->_html_attribs[$key]) ||
-         ($key == 'href' && !preg_match('!^javascript!i', $value)
+         ($key == 'href' && !preg_match('!^(javascript|vbscript|data:text)!i', $value)
            && preg_match('!^([a-z][a-z0-9.+-]+:|//|#).+!i', $value))
       ) {
         $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 5fa5ad6..e486cc6 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -1414,7 +1414,7 @@
       if ($addicon && $_SESSION['writeable_abook']) {
         $address .= html::a(array(
             'href' => "#add",
-            'onclick' => sprintf("return %s.command('add-contact','%s',this)", JS_OBJECT_NAME, $string),
+            'onclick' => sprintf("return %s.command('add-contact','%s',this)", JS_OBJECT_NAME, JQ($string)),
             'title' => rcube_label('addtoaddressbook'),
             'class' => 'rcmaddcontact',
           ),
diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc
index 924433d..2cc2f12 100644
--- a/program/steps/mail/get.inc
+++ b/program/steps/mail/get.inc
@@ -150,6 +150,13 @@
 
       $disposition = !empty($plugin['download']) ? 'attachment' : 'inline';
 
+      // Workaround for nasty IE bug (#1488844)
+      // If Content-Disposition header contains string "attachment" e.g. in filename
+      // IE handles data as attachment not inline
+      if ($disposition == 'inline' && $browser->ie && $browser->ver < 9) {
+        $filename = str_ireplace('attachment', 'attach', $filename);
+      }
+
       header("Content-Disposition: $disposition; filename=\"$filename\"");
 
       // do content filtering to avoid XSS through fake images
diff --git a/skins/classic/iehacks.css b/skins/classic/iehacks.css
index 2bd3ce8..c8b9b37 100644
--- a/skins/classic/iehacks.css
+++ b/skins/classic/iehacks.css
@@ -184,13 +184,7 @@
   overflow: hidden;
 }
 
-#countcontrols
-{
-  width: 24em;
-  padding-right: 10px;
-}
-
-body.iframe 
+body.iframe
 {
   width: expression((parseInt(document.documentElement.clientWidth))+'px');
 }
diff --git a/skins/larry/iehacks.css b/skins/larry/iehacks.css
index 93f483c..c10ad23 100644
--- a/skins/larry/iehacks.css
+++ b/skins/larry/iehacks.css
@@ -65,6 +65,12 @@
 	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#404040', endColorstr='#060606', GradientType=0);
 }
 
+#toplogo {
+	position: absolute;
+	top: 0px;
+	left: 10px;
+}
+
 .records-table tr.selected td {
 	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#019bc6', endColorstr='#017cb4', GradientType=0);
 }
diff --git a/skins/larry/mail.css b/skins/larry/mail.css
index e2702cf..9eda4a3 100644
--- a/skins/larry/mail.css
+++ b/skins/larry/mail.css
@@ -717,7 +717,7 @@
 
 h3.subject {
 	font-size: 14px;
-	margin: 0 8em 0 0;
+	margin: 0 12em 0 0;
 	padding: 8px 8px 4px 8px;
 	white-space: nowrap;
 	overflow: hidden;
@@ -885,7 +885,6 @@
 	position: absolute;
 	top: 8px;
 	right: 8px;
-	width: 18em;
 	text-align: right;
 	white-space: nowrap;
 }
diff --git a/skins/larry/styles.css b/skins/larry/styles.css
index 1999698..c0e0e5a 100644
--- a/skins/larry/styles.css
+++ b/skins/larry/styles.css
@@ -513,6 +513,7 @@
 }
 
 #topnav {
+	position: relative;
 	height: 46px;
 	margin-bottom: 10px;
 	padding: 0 0 0 10px;

--
Gitblit v1.9.1