From 197203727417a03d87053a47e5aa5175a76e3e0b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 17 Oct 2013 04:24:53 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
skins/default/functions.js | 18 +++++++-----------
1 files changed, 7 insertions(+), 11 deletions(-)
diff --git a/skins/default/functions.js b/skins/default/functions.js
index 8482e37..2db2c5d 100644
--- a/skins/default/functions.js
+++ b/skins/default/functions.js
@@ -285,22 +285,18 @@
pos.left = pos.left - menuwidth;
obj.css({ left:pos.left, top:(pos.top + ref.offsetHeight + 2)});
+
// set form values
$('input[name="sort_col"][value="'+rcmail.env.sort_col+'"]').prop('checked', true);
$('input[name="sort_ord"][value="DESC"]').prop('checked', rcmail.env.sort_order == 'DESC');
$('input[name="sort_ord"][value="ASC"]').prop('checked', rcmail.env.sort_order != 'DESC');
$('input[name="view"][value="thread"]').prop('checked', rcmail.env.threading ? true : false);
$('input[name="view"][value="list"]').prop('checked', rcmail.env.threading ? false : true);
- // list columns
- var found, cols = $('input[name="list_col[]"]');
- for (var i=0; i<cols.length; i++) {
- if (cols[i].value != 'from')
- found = jQuery.inArray(cols[i].value, rcmail.env.coltypes) != -1;
- else
- found = (jQuery.inArray('from', rcmail.env.coltypes) != -1
- || jQuery.inArray('to', rcmail.env.coltypes) != -1);
- $(cols[i]).prop('checked', found);
- }
+
+ // set checkboxes
+ $('input[name="list_col[]"]').each(function() {
+ $(this).prop('checked', jQuery.inArray(this.value, rcmail.env.coltypes) != -1);
+ });
}
obj[show?'show':'hide']();
@@ -594,7 +590,7 @@
var list = $('#mailboxlist > li a, #mailboxlist ul:visible > li a');
// it's too slow with really big number of folders, especially on IE
- if (list.length > 500 * (bw.ie ? 0.2 : 1))
+ if (list.length > (bw.ie ? 25 : 100))
return;
list.each(function(){
--
Gitblit v1.9.1