summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG4
-rw-r--r--installer/check.php7
-rw-r--r--installer/config.php7
-rw-r--r--installer/rcube_install.php7
-rw-r--r--installer/test.php7
-rw-r--r--program/js/app.js2
-rw-r--r--program/lib/washtml.php2
-rw-r--r--program/steps/mail/func.inc2
-rw-r--r--program/steps/mail/get.inc7
-rw-r--r--skins/classic/iehacks.css8
-rw-r--r--skins/larry/iehacks.css6
-rw-r--r--skins/larry/mail.css3
-rw-r--r--skins/larry/styles.css1
13 files changed, 50 insertions, 13 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 981031c58..eb3948c81 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,10 @@
CHANGELOG Roundcube Webmail
===========================
+- Fix #countcontrols issue in IE<=8 when text is very long (#1488890)
+- Fix unwanted horizontal scrollbar in message preview header (#1488866)
+- Add workaround for IE<=8 bug where Content-Disposition:inline was ignored (#1488844)
+- Fix XSS vulnerability in vbscript: and data:text links handling (#1488850)
- Fix absolute positioning in HTML messages (#1488819)
- Fix keybord events on messages list in opera browser (#1488823)
- Fix cache (in)validation after setting \Deleted flag
diff --git a/installer/check.php b/installer/check.php
index 5cb30225e..514ec42a9 100644
--- a/installer/check.php
+++ b/installer/check.php
@@ -1,3 +1,10 @@
+<?php
+
+if (!class_exists('rcube_install') || !is_object($RCI)) {
+ die("Not allowed! Please open installer/index.php instead.");
+}
+
+?>
<form action="index.php" method="get">
<?php
diff --git a/installer/config.php b/installer/config.php
index bd676b12e..41aa36e10 100644
--- a/installer/config.php
+++ b/installer/config.php
@@ -1,3 +1,10 @@
+<?php
+
+if (!class_exists('rcube_install') || !is_object($RCI)) {
+ die("Not allowed! Please open installer/index.php instead.");
+}
+
+?>
<form action="index.php" method="post">
<input type="hidden" name="_step" value="2" />
<?php
diff --git a/installer/rcube_install.php b/installer/rcube_install.php
index 2688bd721..6c6555f91 100644
--- a/installer/rcube_install.php
+++ b/installer/rcube_install.php
@@ -251,7 +251,12 @@ class rcube_install
$seen[$prop] = true;
}
}
-
+
+ // the old default mime_magic reference is obsolete
+ if ($this->config['mime_magic'] == '/usr/share/misc/magic') {
+ $out['obsolete'][] = array('prop' => 'mime_magic', 'explain' => "Set value to null in order to use system default");
+ }
+
// iterate over default config
foreach ($defaults as $prop => $value) {
if (!isset($seen[$prop]) && isset($required[$prop]) && !(is_bool($this->config[$prop]) || strlen($this->config[$prop])))
diff --git a/installer/test.php b/installer/test.php
index 2dd330531..b8b60cf3d 100644
--- a/installer/test.php
+++ b/installer/test.php
@@ -1,3 +1,10 @@
+<?php
+
+if (!class_exists('rcube_install') || !is_object($RCI)) {
+ die("Not allowed! Please open installer/index.php instead.");
+}
+
+?>
<form action="index.php?_step=3" method="post">
<h3>Check config files</h3>
diff --git a/program/js/app.js b/program/js/app.js
index 8fe68bf9e..08411f0e2 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -2541,7 +2541,7 @@ function rcube_webmail()
for (i=0, len=selection.length; i<len; i++) {
uid = selection[i];
if (list.rows[uid].has_children && !list.rows[uid].expanded)
- list.select_childs(uid);
+ list.select_children(uid);
}
// if config is set to flag for deletion
diff --git a/program/lib/washtml.php b/program/lib/washtml.php
index 0d4ffdb4b..d13d66404 100644
--- a/program/lib/washtml.php
+++ b/program/lib/washtml.php
@@ -214,7 +214,7 @@ class washtml
$key = strtolower($key);
$value = $node->getAttribute($key);
if (isset($this->_html_attribs[$key]) ||
- ($key == 'href' && !preg_match('!^javascript!i', $value)
+ ($key == 'href' && !preg_match('!^(javascript|vbscript|data:text)!i', $value)
&& preg_match('!^([a-z][a-z0-9.+-]+:|//|#).+!i', $value))
) {
$t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 5fa5ad6e4..e486cc6e6 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -1414,7 +1414,7 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null,
if ($addicon && $_SESSION['writeable_abook']) {
$address .= html::a(array(
'href' => "#add",
- 'onclick' => sprintf("return %s.command('add-contact','%s',this)", JS_OBJECT_NAME, $string),
+ 'onclick' => sprintf("return %s.command('add-contact','%s',this)", JS_OBJECT_NAME, JQ($string)),
'title' => rcube_label('addtoaddressbook'),
'class' => 'rcmaddcontact',
),
diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc
index 924433df3..2cc2f12ca 100644
--- a/program/steps/mail/get.inc
+++ b/program/steps/mail/get.inc
@@ -150,6 +150,13 @@ else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) {
$disposition = !empty($plugin['download']) ? 'attachment' : 'inline';
+ // Workaround for nasty IE bug (#1488844)
+ // If Content-Disposition header contains string "attachment" e.g. in filename
+ // IE handles data as attachment not inline
+ if ($disposition == 'inline' && $browser->ie && $browser->ver < 9) {
+ $filename = str_ireplace('attachment', 'attach', $filename);
+ }
+
header("Content-Disposition: $disposition; filename=\"$filename\"");
// do content filtering to avoid XSS through fake images
diff --git a/skins/classic/iehacks.css b/skins/classic/iehacks.css
index 2bd3ce865..c8b9b3740 100644
--- a/skins/classic/iehacks.css
+++ b/skins/classic/iehacks.css
@@ -184,13 +184,7 @@ body.iframe div.messageheaderbox
overflow: hidden;
}
-#countcontrols
-{
- width: 24em;
- padding-right: 10px;
-}
-
-body.iframe
+body.iframe
{
width: expression((parseInt(document.documentElement.clientWidth))+'px');
}
diff --git a/skins/larry/iehacks.css b/skins/larry/iehacks.css
index 93f483c11..c10ad2306 100644
--- a/skins/larry/iehacks.css
+++ b/skins/larry/iehacks.css
@@ -65,6 +65,12 @@ input.button:active {
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#404040', endColorstr='#060606', GradientType=0);
}
+#toplogo {
+ position: absolute;
+ top: 0px;
+ left: 10px;
+}
+
.records-table tr.selected td {
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#019bc6', endColorstr='#017cb4', GradientType=0);
}
diff --git a/skins/larry/mail.css b/skins/larry/mail.css
index e2702cff1..9eda4a3e5 100644
--- a/skins/larry/mail.css
+++ b/skins/larry/mail.css
@@ -717,7 +717,7 @@ h2.subject {
h3.subject {
font-size: 14px;
- margin: 0 8em 0 0;
+ margin: 0 12em 0 0;
padding: 8px 8px 4px 8px;
white-space: nowrap;
overflow: hidden;
@@ -885,7 +885,6 @@ div.hide-headers {
position: absolute;
top: 8px;
right: 8px;
- width: 18em;
text-align: right;
white-space: nowrap;
}
diff --git a/skins/larry/styles.css b/skins/larry/styles.css
index 199969810..c0e0e5a53 100644
--- a/skins/larry/styles.css
+++ b/skins/larry/styles.css
@@ -513,6 +513,7 @@ a.iconlink.upload {
}
#topnav {
+ position: relative;
height: 46px;
margin-bottom: 10px;
padding: 0 0 0 10px;