From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
program/js/list.js | 246 ++++++++++++++++++++++++++++--------------------
1 files changed, 142 insertions(+), 104 deletions(-)
diff --git a/program/js/list.js b/program/js/list.js
index 874f8f7..368ee5b 100644
--- a/program/js/list.js
+++ b/program/js/list.js
@@ -4,7 +4,10 @@
| |
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2006-2009, The Roundcube Dev Team |
- | Licensed under the GNU GPL |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
| |
+-----------------------------------------------------------------------+
| Authors: Thomas Bruederli <roundcube@gmail.com> |
@@ -12,8 +15,6 @@
+-----------------------------------------------------------------------+
| Requires: common.js |
+-----------------------------------------------------------------------+
-
- $Id$
*/
@@ -36,7 +37,7 @@
this.colcount = 0;
this.subject_col = -1;
- this.shiftkey = false;
+ this.modkey = 0;
this.multiselect = false;
this.multiexpand = false;
this.multi_selecting = false;
@@ -87,10 +88,8 @@
this.frame = this.list.parentNode;
// set body events
- if (this.keyboard) {
- rcube_event.add_listener({event:bw.opera?'keypress':'keydown', object:this, method:'key_press'});
- rcube_event.add_listener({event:'keydown', object:this, method:'key_down'});
- }
+ if (this.keyboard)
+ rcube_event.add_listener({event:'keydown', object:this, method:'key_press'});
}
},
@@ -111,17 +110,25 @@
row.onmousedown = function(e){ return self.drag_row(e, this.uid); };
row.onmouseup = function(e){ return self.click_row(e, this.uid); };
- if (bw.iphone || bw.ipad) {
+ if (bw.touch) {
row.addEventListener('touchstart', function(e) {
if (e.touches.length == 1) {
- if (!self.drag_row(rcube_event.touchevent(e.touches[0]), this.uid))
- e.preventDefault();
+ self.touchmoved = false;
+ self.drag_row(rcube_event.touchevent(e.touches[0]), this.uid)
}
}, false);
row.addEventListener('touchend', function(e) {
- if (e.changedTouches.length == 1)
- if (!self.click_row(rcube_event.touchevent(e.changedTouches[0]), this.uid))
+ if (e.changedTouches.length == 1) {
+ if (!self.touchmoved && !self.click_row(rcube_event.touchevent(e.changedTouches[0]), this.uid))
e.preventDefault();
+ }
+ }, false);
+ row.addEventListener('touchmove', function(e) {
+ if (e.changedTouches.length == 1) {
+ self.touchmoved = true;
+ if (self.drag_active)
+ e.preventDefault();
+ }
}, false);
}
@@ -182,8 +189,12 @@
*/
remove_row: function(uid, sel_next)
{
- if (this.rows[uid].obj)
- this.rows[uid].obj.style.display = 'none';
+ var obj = this.rows[uid] ? this.rows[uid].obj : null;
+
+ if (!obj)
+ return;
+
+ obj.style.display = 'none';
if (sel_next)
this.select_next();
@@ -226,9 +237,10 @@
}
}
- // Un-focus already focused elements
- $('*:focus', window).blur();
- $('iframe').each(function() { this.blur(); });
+ // Un-focus already focused elements (#1487123, #1487316, #1488600, #1488620)
+ // It looks that window.focus() does the job for all browsers, but not Firefox (#1489058)
+ $(':focus:not(body)').blur();
+ window.focus();
if (e || (e = window.event))
rcube_event.cancel(e);
@@ -245,7 +257,7 @@
for (n in this.selection) {
id = this.selection[n];
if (this.rows[id] && this.rows[id].obj) {
- $(this.rows[id].obj).removeClass('selected').addClass('unfocused');
+ $(this.rows[id].obj).removeClass('selected focused').addClass('unfocused');
}
}
},
@@ -295,7 +307,7 @@
if (rcube_event.get_button(e) == 2)
return true;
- this.in_selection_before = this.in_selection(id) ? id : false;
+ this.in_selection_before = e && e.istouch || this.in_selection(id) ? id : false;
// selects currently unselected row
if (!this.in_selection_before) {
@@ -303,12 +315,12 @@
this.select_row(id, mod_key, false);
}
- if (this.draggable && this.selection.length) {
+ if (this.draggable && this.selection.length && this.in_selection(id)) {
this.drag_start = true;
this.drag_mouse_start = rcube_event.get_mouse_pos(e);
rcube_event.add_listener({event:'mousemove', object:this, method:'drag_mouse_move'});
rcube_event.add_listener({event:'mouseup', object:this, method:'drag_mouse_up'});
- if (bw.iphone || bw.ipad) {
+ if (bw.touch) {
rcube_event.add_listener({event:'touchmove', object:this, method:'drag_mouse_move'});
rcube_event.add_listener({event:'touchend', object:this, method:'drag_mouse_up'});
}
@@ -350,8 +362,10 @@
this.in_selection_before = false;
// row was double clicked
- if (this.rows && dblclicked && this.in_selection(id))
+ if (this.rows && dblclicked && this.in_selection(id)) {
this.triggerEvent('dblclick');
+ now = 0;
+ }
else
this.triggerEvent('click');
@@ -410,7 +424,7 @@
collapse: function(row)
{
row.expanded = false;
- this.triggerEvent('expandcollapse', { uid:row.uid, expanded:row.expanded });
+ this.triggerEvent('expandcollapse', { uid:row.uid, expanded:row.expanded, obj:row.obj });
var depth = row.depth;
var new_row = row ? row.obj.nextSibling : null;
var r;
@@ -423,7 +437,7 @@
$(new_row).css('display', 'none');
if (r.expanded) {
r.expanded = false;
- this.triggerEvent('expandcollapse', { uid:r.uid, expanded:r.expanded });
+ this.triggerEvent('expandcollapse', { uid:r.uid, expanded:r.expanded, obj:new_row });
}
}
new_row = new_row.nextSibling;
@@ -441,7 +455,7 @@
depth = row.depth;
new_row = row.obj.nextSibling;
this.update_expando(row.uid, true);
- this.triggerEvent('expandcollapse', { uid:row.uid, expanded:row.expanded });
+ this.triggerEvent('expandcollapse', { uid:row.uid, expanded:row.expanded, obj:row.obj });
}
else {
var tbody = this.list.tBodies[0];
@@ -464,7 +478,7 @@
last_expanded_parent_depth = p.depth;
$(new_row).css('display', '');
r.expanded = true;
- this.triggerEvent('expandcollapse', { uid:r.uid, expanded:r.expanded });
+ this.triggerEvent('expandcollapse', { uid:r.uid, expanded:r.expanded, obj:new_row });
}
}
else
@@ -489,7 +503,7 @@
depth = row.depth;
new_row = row.obj.nextSibling;
this.update_expando(row.uid);
- this.triggerEvent('expandcollapse', { uid:row.uid, expanded:row.expanded });
+ this.triggerEvent('expandcollapse', { uid:row.uid, expanded:row.expanded, obj:row.obj });
// don't collapse sub-root tree in multiexpand mode
if (depth && this.multiexpand)
@@ -511,7 +525,7 @@
if (r.has_children && r.expanded) {
r.expanded = false;
this.update_expando(r.uid, false);
- this.triggerEvent('expandcollapse', { uid:r.uid, expanded:r.expanded });
+ this.triggerEvent('expandcollapse', { uid:r.uid, expanded:r.expanded, obj:new_row });
}
}
}
@@ -520,6 +534,7 @@
return false;
},
+
expand_all: function(row)
{
@@ -530,7 +545,7 @@
depth = row.depth;
new_row = row.obj.nextSibling;
this.update_expando(row.uid, true);
- this.triggerEvent('expandcollapse', { uid:row.uid, expanded:row.expanded });
+ this.triggerEvent('expandcollapse', { uid:row.uid, expanded:row.expanded, obj:row.obj });
}
else {
new_row = this.list.tBodies[0].firstChild;
@@ -547,7 +562,7 @@
if (r.has_children && !r.expanded) {
r.expanded = true;
this.update_expando(r.uid, true);
- this.triggerEvent('expandcollapse', { uid:r.uid, expanded:r.expanded });
+ this.triggerEvent('expandcollapse', { uid:r.uid, expanded:r.expanded, obj:new_row });
}
}
}
@@ -555,6 +570,7 @@
}
return false;
},
+
update_expando: function(uid, expanded)
{
@@ -602,7 +618,7 @@
for (i=0, len=rows.length-1; i<len; i++)
if (rows[i].id && String(rows[i].id).match(/^rcmrow([a-z0-9\-_=\+\/]+)/i) && this.rows[RegExp.$1] != null)
- return RegExp.$1;
+ return RegExp.$1;
}
return null;
@@ -648,7 +664,7 @@
case CONTROL_KEY:
if (!with_mouse)
this.highlight_row(id, true);
- break;
+ break;
case CONTROL_SHIFT_KEY:
this.shift_select(id, true);
@@ -728,7 +744,7 @@
/**
- * Select last row
+ * Select last row
*/
select_last: function(mod_key)
{
@@ -749,25 +765,13 @@
/**
* Add all childs of the given row to selection
*/
-select_childs: function(uid)
+select_children: function(uid)
{
- if (!this.rows[uid] || !this.rows[uid].has_children)
- return;
+ var i, children = this.row_children(uid), len = children.length;
- var depth = this.rows[uid].depth,
- row = this.rows[uid].obj.nextSibling;
-
- while (row) {
- if (row.nodeType == 1) {
- if ((r = this.rows[row.uid])) {
- if (!r.depth || r.depth <= depth)
- break;
- if (!this.in_selection(r.uid))
- this.select_row(r.uid, CONTROL_KEY);
- }
- }
- row = row.nextSibling;
- }
+ for (i=0; i<len; i++)
+ if (!this.in_selection(children[i]))
+ this.select_row(children[i], CONTROL_KEY);
},
@@ -779,10 +783,16 @@
if (!this.rows[this.shift_start] || !this.selection.length)
this.shift_start = id;
- var n, from_rowIndex = this.rows[this.shift_start].obj.rowIndex,
- to_rowIndex = this.rows[id].obj.rowIndex,
- i = ((from_rowIndex < to_rowIndex)? from_rowIndex : to_rowIndex),
- j = ((from_rowIndex > to_rowIndex)? from_rowIndex : to_rowIndex);
+ var n, i, j, to_row = this.rows[id],
+ from_rowIndex = this.rows[this.shift_start].obj.rowIndex,
+ to_rowIndex = to_row.obj.rowIndex;
+
+ if (!to_row.expanded && to_row.has_children)
+ if (to_row = this.rows[(this.row_children(id)).pop()])
+ to_rowIndex = to_row.obj.rowIndex;
+
+ i = ((from_rowIndex < to_rowIndex) ? from_rowIndex : to_rowIndex),
+ j = ((from_rowIndex > to_rowIndex) ? from_rowIndex : to_rowIndex);
// iterate through the entire message list
for (n in this.rows) {
@@ -828,7 +838,7 @@
for (n in this.rows) {
if (!filter || this.rows[n][filter] == true) {
this.last_selected = n;
- this.highlight_row(n, true);
+ this.highlight_row(n, true, true);
}
else {
$(this.rows[n].obj).removeClass('selected').removeClass('unfocused');
@@ -923,19 +933,24 @@
/**
* Highlight/unhighlight a row
*/
-highlight_row: function(id, multiple)
+highlight_row: function(id, multiple, norecur)
{
- if (this.rows[id] && !multiple) {
+ if (!this.rows[id])
+ return;
+
+ if (!multiple) {
if (this.selection.length > 1 || !this.in_selection(id)) {
this.clear_selection();
this.selection[0] = id;
$(this.rows[id].obj).addClass('selected');
}
}
- else if (this.rows[id]) {
+ else {
if (!this.in_selection(id)) { // select row
- this.selection[this.selection.length] = id;
+ this.selection.push(id);
$(this.rows[id].obj).addClass('selected');
+ if (!norecur && !this.rows[id].expanded)
+ this.highlight_children(id, true);
}
else { // unselect row
var p = $.inArray(id, this.selection),
@@ -944,7 +959,25 @@
this.selection = a_pre.concat(a_post);
$(this.rows[id].obj).removeClass('selected').removeClass('unfocused');
+ if (!norecur && !this.rows[id].expanded)
+ this.highlight_children(id, false);
}
+ }
+},
+
+
+/**
+ * Highlight/unhighlight all childs of the given row
+ */
+highlight_children: function(id, status)
+{
+ var i, selected,
+ children = this.row_children(id), len = children.length;
+
+ for (i=0; i<len; i++) {
+ selected = this.in_selection(children[i]);
+ if ((status && !selected) || (!status && selected))
+ this.highlight_row(children[i], true, true);
}
},
@@ -954,7 +987,8 @@
*/
key_press: function(e)
{
- if (this.focused != true)
+ var target = e.target || {};
+ if (this.focused != true || target.nodeName == 'INPUT' || target.nodeName == 'TEXTAREA' || target.nodeName == 'SELECT')
return true;
var keyCode = rcube_event.get_keycode(e),
@@ -962,7 +996,7 @@
switch (keyCode) {
case 40:
- case 38:
+ case 38:
case 63233: // "down", in safari keypress
case 63232: // "up", in safari keypress
// Stop propagation so that the browser doesn't scroll
@@ -976,7 +1010,9 @@
rcube_event.cancel(e);
var ret = this.use_plusminus_key(keyCode, mod_key);
this.key_pressed = keyCode;
+ this.modkey = mod_key;
this.triggerEvent('keypress');
+ this.modkey = 0;
return ret;
case 36: // Home
this.select_first(mod_key);
@@ -984,46 +1020,22 @@
case 35: // End
this.select_last(mod_key);
return rcube_event.cancel(e);
+ case 27:
+ if (this.drag_active)
+ return this.drag_mouse_up(e);
+ if (this.col_drag_active) {
+ this.selected_column = null;
+ return this.column_drag_mouse_up(e);
+ }
+ return rcube_event.cancel(e);
default:
- this.shiftkey = e.shiftKey;
this.key_pressed = keyCode;
+ this.modkey = mod_key;
this.triggerEvent('keypress');
- // reset shiftkey flag, we need it only for registered events
- this.shiftkey = false;
+ this.modkey = 0;
if (this.key_pressed == this.BACKSPACE_KEY)
return rcube_event.cancel(e);
- }
-
- return true;
-},
-
-/**
- * Handler for keydown events
- */
-key_down: function(e)
-{
- switch (rcube_event.get_keycode(e)) {
- case 27:
- if (this.drag_active)
- return this.drag_mouse_up(e);
- if (this.col_drag_active) {
- this.selected_column = null;
- return this.column_drag_mouse_up(e);
- }
-
- case 40:
- case 38:
- case 63233:
- case 63232:
- case 61:
- case 107:
- case 109:
- case 32:
- if (!rcube_event.get_modifier(e) && this.focused)
- return rcube_event.cancel(e);
-
- default:
}
return true;
@@ -1044,7 +1056,7 @@
new_row = this.get_prev_row();
if (new_row) {
- this.select_row(new_row.uid, mod_key, true);
+ this.select_row(new_row.uid, mod_key, false);
this.scrollto(new_row.uid);
}
@@ -1111,12 +1123,12 @@
{
// convert touch event
if (e.type == 'touchmove') {
- if (e.changedTouches.length == 1)
+ if (e.touches.length == 1 && e.changedTouches.length == 1)
e = rcube_event.touchevent(e.changedTouches[0]);
else
return rcube_event.cancel(e);
}
-
+
if (this.drag_start) {
// check mouse movement, of less than 3 pixels, don't start dragging
var m = rcube_event.get_mouse_pos(e);
@@ -1133,8 +1145,8 @@
var n, uid, selection = $.merge([], this.selection);
for (n in selection) {
uid = selection[n];
- if (this.rows[uid].has_children && !this.rows[uid].expanded)
- this.select_childs(uid);
+ if (!this.rows[uid].expanded)
+ this.select_children(uid);
}
// reset content
@@ -1207,7 +1219,7 @@
drag_mouse_up: function(e)
{
document.onmousemove = null;
-
+
if (e.type == 'touchend') {
if (e.changedTouches.length != 1)
return rcube_event.cancel(e);
@@ -1226,8 +1238,8 @@
rcube_event.remove_listener({event:'mousemove', object:this, method:'drag_mouse_move'});
rcube_event.remove_listener({event:'mouseup', object:this, method:'drag_mouse_up'});
-
- if (bw.iphone || bw.ipad) {
+
+ if (bw.touch) {
rcube_event.remove_listener({event:'touchmove', object:this, method:'drag_mouse_move'});
rcube_event.remove_listener({event:'touchend', object:this, method:'drag_mouse_up'});
}
@@ -1355,6 +1367,32 @@
/**
+ * Returns IDs of all rows in a thread (except root) for specified root
+ */
+row_children: function(uid)
+{
+ if (!this.rows[uid] || !this.rows[uid].has_children)
+ return [];
+
+ var res = [], depth = this.rows[uid].depth,
+ row = this.rows[uid].obj.nextSibling;
+
+ while (row) {
+ if (row.nodeType == 1) {
+ if ((r = this.rows[row.uid])) {
+ if (!r.depth || r.depth <= depth)
+ break;
+ res.push(r.uid);
+ }
+ }
+ row = row.nextSibling;
+ }
+
+ return res;
+},
+
+
+/**
* Creates a layer for drag&drop over iframes
*/
add_dragfix: function()
--
Gitblit v1.9.1