From acf633c73bc8df9a5036bc52d7568f4213ab73c7 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 06 May 2016 02:32:01 -0400
Subject: [PATCH] Fix XSS issue in href attribute on area tag (#5240, #5241)

---
 plugins/jqueryui/jqueryui.php |   14 ++++++++++----
 1 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/plugins/jqueryui/jqueryui.php b/plugins/jqueryui/jqueryui.php
index b28631b..73daa5d 100644
--- a/plugins/jqueryui/jqueryui.php
+++ b/plugins/jqueryui/jqueryui.php
@@ -5,9 +5,10 @@
  *
  * Provide the jQuery UI library with according themes.
  *
- * @version 1.8.18
+ * @version 1.9.2
  * @author Cor Bosman <roundcube@wa.ter.net>
  * @author Thomas Bruederli <roundcube@gmail.com>
+ * @license GNU GPLv3+
  */
 class jqueryui extends rcube_plugin
 {
@@ -15,7 +16,7 @@
 
     public function init()
     {
-        $version = '1.8.18';
+        $version = '1.9.2';
 
         $rcmail = rcmail::get_instance();
         $this->load_config();
@@ -39,8 +40,13 @@
             // patch dialog position function in order to fully fit the close button into the window
             $rcmail->output->add_script("jQuery.extend(jQuery.ui.dialog.prototype.options.position, {
                 using: function(pos) {
-                    var topOffset = jQuery(this).css(pos).offset().top - 12;
-                    if (topOffset < 0) jQuery(this).css('top', pos.top - topOffset);
+                    var me = jQuery(this),
+                        offset = me.css(pos).offset(),
+                        topOffset = offset.top - 12;
+                    if (topOffset < 0)
+                        me.css('top', pos.top - topOffset);
+                    if (offset.left + me.outerWidth() + 12 > jQuery(window).width())
+                        me.css('left', pos.left - 12);
                 }
             });", 'foot');
         }

--
Gitblit v1.9.1