From 197203727417a03d87053a47e5aa5175a76e3e0b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 17 Oct 2013 04:24:53 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/js/list.js |   19 ++++++++++++++-----
 1 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/program/js/list.js b/program/js/list.js
index f0e1c9b..f6380ad 100644
--- a/program/js/list.js
+++ b/program/js/list.js
@@ -182,8 +182,12 @@
  */
 remove_row: function(uid, sel_next)
 {
-  if (this.rows[uid].obj)
-    this.rows[uid].obj.style.display = 'none';
+  var obj = this.rows[uid] ? this.rows[uid].obj : null;
+
+  if (!obj)
+    return;
+
+  obj.style.display = 'none';
 
   if (sel_next)
     this.select_next();
@@ -954,7 +958,8 @@
  */
 key_press: function(e)
 {
-  if (this.focused != true)
+  var target = e.target || {};
+  if (this.focused != true || target.nodeName == 'INPUT' || target.nodeName == 'TEXTAREA' || target.nodeName == 'SELECT')
     return true;
 
   var keyCode = rcube_event.get_keycode(e),
@@ -1004,13 +1009,17 @@
  */
 key_down: function(e)
 {
+  var target = e.target || {};
+  if (this.focused != true || target.nodeName == 'INPUT' || target.nodeName == 'TEXTAREA' || target.nodeName == 'SELECT')
+    return true;
+  
   switch (rcube_event.get_keycode(e)) {
     case 27:
       if (this.drag_active)
-	    return this.drag_mouse_up(e);
+      return this.drag_mouse_up(e);
       if (this.col_drag_active) {
         this.selected_column = null;
-	    return this.column_drag_mouse_up(e);
+        return this.column_drag_mouse_up(e);
       }
 
     case 40:

--
Gitblit v1.9.1