From acf633c73bc8df9a5036bc52d7568f4213ab73c7 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 06 May 2016 02:32:01 -0400
Subject: [PATCH] Fix XSS issue in href attribute on area tag (#5240, #5241)

---
 plugins/jqueryui/jqueryui.php |   20 ++++++++++++++++++--
 1 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/plugins/jqueryui/jqueryui.php b/plugins/jqueryui/jqueryui.php
index f82a149..73daa5d 100644
--- a/plugins/jqueryui/jqueryui.php
+++ b/plugins/jqueryui/jqueryui.php
@@ -5,9 +5,10 @@
  *
  * Provide the jQuery UI library with according themes.
  *
- * @version 1.8.18
+ * @version 1.9.2
  * @author Cor Bosman <roundcube@wa.ter.net>
  * @author Thomas Bruederli <roundcube@gmail.com>
+ * @license GNU GPLv3+
  */
 class jqueryui extends rcube_plugin
 {
@@ -15,7 +16,7 @@
 
     public function init()
     {
-        $version = '1.8.18';
+        $version = '1.9.2';
 
         $rcmail = rcmail::get_instance();
         $this->load_config();
@@ -35,6 +36,21 @@
             $this->include_stylesheet("themes/larry/jquery-ui-$version.custom.css");
         }
 
+        if ($ui_theme == 'larry') {
+            // patch dialog position function in order to fully fit the close button into the window
+            $rcmail->output->add_script("jQuery.extend(jQuery.ui.dialog.prototype.options.position, {
+                using: function(pos) {
+                    var me = jQuery(this),
+                        offset = me.css(pos).offset(),
+                        topOffset = offset.top - 12;
+                    if (topOffset < 0)
+                        me.css('top', pos.top - topOffset);
+                    if (offset.left + me.outerWidth() + 12 > jQuery(window).width())
+                        me.css('left', pos.left - 12);
+                }
+            });", 'foot');
+        }
+
         // jquery UI localization
         $jquery_ui_i18n = $rcmail->config->get('jquery_ui_i18n', array('datepicker'));
         if (count($jquery_ui_i18n) > 0) {

--
Gitblit v1.9.1