From 197203727417a03d87053a47e5aa5175a76e3e0b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 17 Oct 2013 04:24:53 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
skins/default/functions.js | 197 ++++++++++++++++++++++++++++++++++---------------
1 files changed, 137 insertions(+), 60 deletions(-)
diff --git a/skins/default/functions.js b/skins/default/functions.js
index 344abd2..2db2c5d 100644
--- a/skins/default/functions.js
+++ b/skins/default/functions.js
@@ -82,14 +82,14 @@
this.popups = {
markmenu: {id:'markmessagemenu'},
replyallmenu: {id:'replyallmenu'},
- forwardmenu: {id:'forwardmenu'},
+ forwardmenu: {id:'forwardmenu', editable:1},
searchmenu: {id:'searchmenu', editable:1},
messagemenu: {id:'messagemenu'},
listmenu: {id:'listmenu', editable:1},
dragmessagemenu:{id:'dragmessagemenu', sticky:1},
groupmenu: {id:'groupoptionsmenu', above:1},
mailboxmenu: {id:'mailboxoptionsmenu', above:1},
- composemenu: {id:'composeoptionsmenu', editable:1},
+ composemenu: {id:'composeoptionsmenu', editable:1, overlap:1},
// toggle: #1486823, #1486930
uploadmenu: {id:'attachment-form', editable:1, above:1, toggle:!bw.ie&&!bw.linux },
uploadform: {id:'upload-form', editable:1, toggle:!bw.ie&&!bw.linux }
@@ -108,8 +108,13 @@
rcube_mail_ui.prototype = {
-show_popup: function(popup, show)
+show_popup: function(popup, show, config)
{
+ var obj;
+ // auto-register menu object
+ if (!this.popups[popup] && (obj = $('#'+popup)) && obj.length)
+ this.popups[popup] = $.extend(config, {id: popup, obj: obj});
+
if (typeof this[popup] == 'function')
return this[popup](show);
else
@@ -141,11 +146,23 @@
}
obj[show?'show':'hide']();
+
+ if (bw.ie6 && this.popups[popup].overlap) {
+ $('select').css('visibility', show?'hidden':'inherit');
+ $('select', obj).css('visibility', 'inherit');
+ }
},
dragmessagemenu: function(show)
{
this.popups.dragmessagemenu.obj[show?'show':'hide']();
+},
+
+forwardmenu: function(show)
+{
+ $("input[name='forwardtype'][value="+(rcmail.env.forward_attachment ? 1 : 0)+"]", this.popups.forwardmenu.obj)
+ .prop('checked', true);
+ this.show_popupmenu('forwardmenu', show);
},
uploadmenu: function(show)
@@ -175,13 +192,32 @@
if (show && ref) {
var pos = $(ref).offset();
- obj.css({ left:pos.left, top:(pos.top + ref.offsetHeight + 2)})
- .find(':checked').attr('checked', false);
+ obj.css({left:pos.left, top:(pos.top + ref.offsetHeight + 2)});
if (rcmail.env.search_mods) {
- var search_mods = rcmail.env.search_mods[rcmail.env.mailbox] ? rcmail.env.search_mods[rcmail.env.mailbox] : rcmail.env.search_mods['*'];
- for (var n in search_mods)
- $('#s_mod_' + n).attr('checked', true);
+ var n, all,
+ list = $('input:checkbox[name="s_mods[]"]', obj),
+ mbox = rcmail.env.mailbox,
+ mods = rcmail.env.search_mods;
+
+ if (rcmail.env.task == 'mail') {
+ mods = mods[mbox] ? mods[mbox] : mods['*'];
+ all = 'text';
+ }
+ else {
+ all = '*';
+ }
+
+ if (mods[all])
+ list.map(function() {
+ this.checked = true;
+ this.disabled = this.value != all;
+ });
+ else {
+ list.prop('disabled', false).prop('checked', false);
+ for (n in mods)
+ $('#s_mod_' + n).prop('checked', true);
+ }
}
}
obj[show?'show':'hide']();
@@ -189,16 +225,47 @@
set_searchmod: function(elem)
{
- if (!rcmail.env.search_mods)
- rcmail.env.search_mods = {};
+ var all, m, task = rcmail.env.task,
+ mods = rcmail.env.search_mods,
+ mbox = rcmail.env.mailbox;
- if (!rcmail.env.search_mods[rcmail.env.mailbox])
- rcmail.env.search_mods[rcmail.env.mailbox] = rcube_clone_object(rcmail.env.search_mods['*']);
+ if (!mods)
+ mods = {};
+
+ if (task == 'mail') {
+ if (!mods[mbox])
+ mods[mbox] = rcube_clone_object(mods['*']);
+ m = mods[mbox];
+ all = 'text';
+ }
+ else { //addressbook
+ m = mods;
+ all = '*';
+ }
if (!elem.checked)
- delete(rcmail.env.search_mods[rcmail.env.mailbox][elem.value]);
+ delete(m[elem.value]);
else
- rcmail.env.search_mods[rcmail.env.mailbox][elem.value] = elem.value;
+ m[elem.value] = 1;
+
+ // mark all fields
+ if (elem.value != all)
+ return;
+
+ $('input:checkbox[name="s_mods[]"]').map(function() {
+ if (this == elem)
+ return;
+
+ this.checked = true;
+ if (elem.checked) {
+ this.disabled = true;
+ delete m[this.value];
+ }
+ else {
+ this.disabled = false;
+ m[this.value] = 1;
+ }
+ });
},
listmenu: function(show)
@@ -218,23 +285,18 @@
pos.left = pos.left - menuwidth;
obj.css({ left:pos.left, top:(pos.top + ref.offsetHeight + 2)});
+
// set form values
- $('input[name="sort_col"][value="'+rcmail.env.sort_col+'"]').attr('checked', 1);
- $('input[name="sort_ord"][value="DESC"]').attr('checked', rcmail.env.sort_order=='DESC' ? 1 : 0);
- $('input[name="sort_ord"][value="ASC"]').attr('checked', rcmail.env.sort_order=='DESC' ? 0 : 1);
- $('input[name="view"][value="thread"]').attr('checked', rcmail.env.threading ? 1 : 0);
- $('input[name="view"][value="list"]').attr('checked', rcmail.env.threading ? 0 : 1);
- // list columns
- var cols = $('input[name="list_col[]"]');
- for (var i=0; i<cols.length; i++) {
- var found = 0;
- if (cols[i].value != 'from')
- found = jQuery.inArray(cols[i].value, rcmail.env.coltypes) != -1;
- else
- found = (jQuery.inArray('from', rcmail.env.coltypes) != -1
- || jQuery.inArray('to', rcmail.env.coltypes) != -1);
- $(cols[i]).attr('checked',found ? 1 : 0);
- }
+ $('input[name="sort_col"][value="'+rcmail.env.sort_col+'"]').prop('checked', true);
+ $('input[name="sort_ord"][value="DESC"]').prop('checked', rcmail.env.sort_order == 'DESC');
+ $('input[name="sort_ord"][value="ASC"]').prop('checked', rcmail.env.sort_order != 'DESC');
+ $('input[name="view"][value="thread"]').prop('checked', rcmail.env.threading ? true : false);
+ $('input[name="view"][value="list"]').prop('checked', rcmail.env.threading ? false : true);
+
+ // set checkboxes
+ $('input[name="list_col[]"]').each(function() {
+ $(this).prop('checked', jQuery.inArray(this.value, rcmail.env.coltypes) != -1);
+ });
}
obj[show?'show':'hide']();
@@ -283,7 +345,7 @@
&& (!this.popups[i].editable || !this.target_overlaps(target, this.popups[i].id))
&& (!this.popups[i].sticky || !rcube_mouse_is_over(evt, rcube_find_object(this.popups[i].id)))
) {
- window.setTimeout('$("#'+this.popups[i].id+'").hide()', 50);
+ window.setTimeout('rcmail_ui.show_popup("'+i+'",false);', 50);
}
}
},
@@ -348,7 +410,8 @@
rcmail.env.contentframe = null;
rcmail.show_contentframe(false);
}
- rcmail.http_post('save-pref', '_name=preview_pane&_value='+(elem.checked?1:0));
+
+ rcmail.command('save-pref', {name: 'preview_pane', value: (elem.checked?1:0)});
},
/* Message composing */
@@ -503,7 +566,6 @@
rcmail.addEventListener('responseaftergetunread', rcube_render_mailboxlist);
rcmail.addEventListener('responseaftercheck-recent', rcube_render_mailboxlist);
rcmail.addEventListener('aftercollapse-folder', rcube_render_mailboxlist);
- rcube_render_mailboxlist();
}
if (rcmail.env.action == 'compose')
@@ -525,12 +587,16 @@
// Abbreviate mailbox names to fit width of the container
function rcube_render_mailboxlist()
{
- if (bw.ie6) // doesn't work well on IE6
+ var list = $('#mailboxlist > li a, #mailboxlist ul:visible > li a');
+
+ // it's too slow with really big number of folders, especially on IE
+ if (list.length > (bw.ie ? 25 : 100))
return;
- $('#mailboxlist > li a, #mailboxlist ul:visible > li a').each(function(){
- var elem = $(this);
- var text = elem.data('text');
+ list.each(function(){
+ var elem = $(this),
+ text = elem.data('text');
+
if (!text) {
text = elem.text().replace(/\s+\(.+$/, '');
elem.data('text', text);
@@ -548,34 +614,45 @@
// inspired by https://gist.github.com/24261/7fdb113f1e26111bd78c0c6fe515f6c0bf418af5
function fit_string_to_size(str, elem, len)
{
- var result = str;
- var ellip = '...';
- var span = $('<b>').css({ visibility:'hidden', padding:'0px' }).appendTo(elem).get(0);
+ var w, span, result = str, ellip = '...';
- // on first run, check if string fits into the length already.
- span.innerHTML = result;
- if (span.offsetWidth > len) {
- var cut = Math.max(1, Math.floor(str.length * ((span.offsetWidth - len) / span.offsetWidth) / 2)),
- mid = Math.floor(str.length / 2);
- var offLeft = mid, offRight = mid;
- while (true) {
- offLeft = mid - cut;
- offRight = mid + cut;
- span.innerHTML = str.substring(0,offLeft) + ellip + str.substring(offRight);
+ if (!rcmail.env.tmp_span) {
+ // it should be appended to elem to use the same css style
+ // but for performance reasons we'll append it to body (once)
+ span = $('<b>').css({visibility: 'hidden', padding: '0px'})
+ .appendTo($('body', document)).get(0);
+ rcmail.env.tmp_span = span;
+ }
+ else {
+ span = rcmail.env.tmp_span;
+ }
+ span.innerHTML = result;
- // break loop if string fits size
- if (span.offsetWidth <= len || offLeft < 3)
- break;
+ // on first run, check if string fits into the length already.
+ w = span.offsetWidth;
+ if (w > len) {
+ var cut = Math.max(1, Math.floor(str.length * ((w - len) / w) / 2)),
+ mid = Math.floor(str.length / 2),
+ offLeft = mid,
+ offRight = mid;
- cut++;
- }
+ while (true) {
+ offLeft = mid - cut;
+ offRight = mid + cut;
+ span.innerHTML = str.substring(0,offLeft) + ellip + str.substring(offRight);
- // build resulting string
- result = str.substring(0,offLeft) + ellip + str.substring(offRight);
+ // break loop if string fits size
+ if (offLeft < 3 || span.offsetWidth)
+ break;
+
+ cut++;
}
-
- span.parentNode.removeChild(span);
- return result;
+
+ // build resulting string
+ result = str.substring(0,offLeft) + ellip + str.substring(offRight);
+ }
+
+ return result;
}
// Optional parameters used by TinyMCE
--
Gitblit v1.9.1