From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
program/include/rcmail.php | 16 ++++++++--------
1 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index c9350bd..01f7d1c 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -312,7 +312,7 @@
$list[$id] = array(
'id' => $id,
'name' => html::quote($prop['name']),
- 'groups' => is_array($prop['groups']),
+ 'groups' => !empty($prop['groups']) || !empty($prop['group_filters']),
'readonly' => !$prop['writable'],
'hidden' => $prop['hidden'],
'autocomplete' => in_array($id, $autocomplete)
@@ -1435,6 +1435,7 @@
$js_mailboxlist = array();
$out = html::tag('ul', $attrib, $rcmail->render_folder_tree_html($a_mailboxes, $mbox_name, $js_mailboxlist, $attrib), html::$common_attrib);
+ $rcmail->output->include_script('treelist.js');
$rcmail->output->add_gui_object('mailboxlist', $attrib['id']);
$rcmail->output->set_env('mailboxes', $js_mailboxlist);
$rcmail->output->set_env('unreadwrap', $attrib['unreadwrap']);
@@ -1613,14 +1614,13 @@
'id' => "rcmli".$folder_id,
'class' => join(' ', $classes),
'noclose' => true),
- html::a($link_attrib, $html_name) .
- (!empty($folder['folders']) ? html::div(array(
- 'class' => ($is_collapsed ? 'collapsed' : 'expanded'),
- 'style' => "position:absolute",
- 'onclick' => sprintf("%s.command('collapse-folder', '%s')", rcmail_output::JS_OBJECT_NAME, $js_name)
- ), ' ') : ''));
+ html::a($link_attrib, $html_name));
- $jslist[$folder_id] = array(
+ if (!empty($folder['folders'])) {
+ $out .= html::div('treetoggle ' . ($is_collapsed ? 'collapsed' : 'expanded'), ' ');
+ }
+
+ $jslist[$folder['id']] = array(
'id' => $folder['id'],
'name' => $foldername,
'virtual' => $folder['virtual']
--
Gitblit v1.9.1