From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
program/js/list.js | 30 ++++++++++++++++++++----------
1 files changed, 20 insertions(+), 10 deletions(-)
diff --git a/program/js/list.js b/program/js/list.js
index 9db7b7a..368ee5b 100644
--- a/program/js/list.js
+++ b/program/js/list.js
@@ -110,17 +110,25 @@
row.onmousedown = function(e){ return self.drag_row(e, this.uid); };
row.onmouseup = function(e){ return self.click_row(e, this.uid); };
- if (bw.mobile) {
+ if (bw.touch) {
row.addEventListener('touchstart', function(e) {
if (e.touches.length == 1) {
- if (!self.drag_row(rcube_event.touchevent(e.touches[0]), this.uid))
- e.preventDefault();
+ self.touchmoved = false;
+ self.drag_row(rcube_event.touchevent(e.touches[0]), this.uid)
}
}, false);
row.addEventListener('touchend', function(e) {
- if (e.changedTouches.length == 1)
- if (!self.click_row(rcube_event.touchevent(e.changedTouches[0]), this.uid))
+ if (e.changedTouches.length == 1) {
+ if (!self.touchmoved && !self.click_row(rcube_event.touchevent(e.changedTouches[0]), this.uid))
e.preventDefault();
+ }
+ }, false);
+ row.addEventListener('touchmove', function(e) {
+ if (e.changedTouches.length == 1) {
+ self.touchmoved = true;
+ if (self.drag_active)
+ e.preventDefault();
+ }
}, false);
}
@@ -230,7 +238,9 @@
}
// Un-focus already focused elements (#1487123, #1487316, #1488600, #1488620)
+ // It looks that window.focus() does the job for all browsers, but not Firefox (#1489058)
$(':focus:not(body)').blur();
+ window.focus();
if (e || (e = window.event))
rcube_event.cancel(e);
@@ -297,7 +307,7 @@
if (rcube_event.get_button(e) == 2)
return true;
- this.in_selection_before = this.in_selection(id) ? id : false;
+ this.in_selection_before = e && e.istouch || this.in_selection(id) ? id : false;
// selects currently unselected row
if (!this.in_selection_before) {
@@ -305,12 +315,12 @@
this.select_row(id, mod_key, false);
}
- if (this.draggable && this.selection.length) {
+ if (this.draggable && this.selection.length && this.in_selection(id)) {
this.drag_start = true;
this.drag_mouse_start = rcube_event.get_mouse_pos(e);
rcube_event.add_listener({event:'mousemove', object:this, method:'drag_mouse_move'});
rcube_event.add_listener({event:'mouseup', object:this, method:'drag_mouse_up'});
- if (bw.mobile) {
+ if (bw.touch) {
rcube_event.add_listener({event:'touchmove', object:this, method:'drag_mouse_move'});
rcube_event.add_listener({event:'touchend', object:this, method:'drag_mouse_up'});
}
@@ -1113,7 +1123,7 @@
{
// convert touch event
if (e.type == 'touchmove') {
- if (e.changedTouches.length == 1)
+ if (e.touches.length == 1 && e.changedTouches.length == 1)
e = rcube_event.touchevent(e.changedTouches[0]);
else
return rcube_event.cancel(e);
@@ -1229,7 +1239,7 @@
rcube_event.remove_listener({event:'mousemove', object:this, method:'drag_mouse_move'});
rcube_event.remove_listener({event:'mouseup', object:this, method:'drag_mouse_up'});
- if (bw.mobile) {
+ if (bw.touch) {
rcube_event.remove_listener({event:'touchmove', object:this, method:'drag_mouse_move'});
rcube_event.remove_listener({event:'touchend', object:this, method:'drag_mouse_up'});
}
--
Gitblit v1.9.1