diff options
| -rw-r--r-- | CHANGELOG | 4 | ||||
| -rw-r--r-- | SQL/mysql.initial.sql | 2 | ||||
| -rw-r--r-- | SQL/mysql.update.sql | 8 | ||||
| -rw-r--r-- | program/steps/addressbook/save.inc | 6 | ||||
| -rw-r--r-- | program/steps/mail/addcontact.inc | 4 | ||||
| -rw-r--r-- | program/steps/mail/func.inc | 12 | ||||
| -rw-r--r-- | skins/default/mail.css | 10 |
7 files changed, 36 insertions, 10 deletions
@@ -60,7 +60,7 @@ CHANGELOG RoundCube Webmail - Display folder names with special chars correctly (Bug #1330157) -2005/10/22 +2005/11/02 ---------- - Added Finnish, Romanian and Chinese translation - Get IMAP server capabilities in array @@ -69,4 +69,6 @@ CHANGELOG RoundCube Webmail - Added sorting patch for message list - Make default sort col/order configurable - Fixed XSS in address book and identities +- Added more XSS protection (Bug #1308236) +- Added tab indexes for compose form diff --git a/SQL/mysql.initial.sql b/SQL/mysql.initial.sql index 7746f123d..73905cab8 100644 --- a/SQL/mysql.initial.sql +++ b/SQL/mysql.initial.sql @@ -68,7 +68,7 @@ CREATE TABLE `identities` ( -- CREATE TABLE `session` ( - `sess_id` varchar(32) NOT NULL default '', + `sess_id` varchar(40) NOT NULL default '', `created` datetime NOT NULL default '0000-00-00 00:00:00', `changed` datetime NOT NULL default '0000-00-00 00:00:00', `ip` VARCHAR(15) NOT NULL default '', diff --git a/SQL/mysql.update.sql b/SQL/mysql.update.sql index 8cd8c5c02..0119225ef 100644 --- a/SQL/mysql.update.sql +++ b/SQL/mysql.update.sql @@ -4,3 +4,11 @@ ALTER TABLE session ADD ip VARCHAR(15) NOT NULL AFTER changed; ALTER TABLE users ADD alias VARCHAR(128) NOT NULL AFTER mail_host; + + + +-- RoundCube Webmail update script for MySQL databases +-- Version 0.1-20051021 + +ALTER TABLE `session` CHANGE `sess_id` `sess_id` VARCHAR(40) NOT NULL; +ALTER TABLE `contacts` ADD `changed` DATETIME NOT NULL AFTER `user_id`; diff --git a/program/steps/addressbook/save.inc b/program/steps/addressbook/save.inc index 3e2cfae8f..c80707fcf 100644 --- a/program/steps/addressbook/save.inc +++ b/program/steps/addressbook/save.inc @@ -40,7 +40,7 @@ if ($_POST['_cid']) if (sizeof($a_write_sql)) { $DB->query("UPDATE ".get_table_name('contacts')." - SET ".join(', ', $a_write_sql)." + SET changed=now(), ".join(', ', $a_write_sql)." WHERE contact_id=? AND user_id=? AND del<>'1'", @@ -109,8 +109,8 @@ else if (sizeof($a_insert_cols)) { $DB->query("INSERT INTO ".get_table_name('contacts')." - (user_id, ".join(', ', $a_insert_cols).") - VALUES (?, ".join(', ', $a_insert_values).")", + (user_id, changedm ".join(', ', $a_insert_cols).") + VALUES (?, now(), ".join(', ', $a_insert_values).")", $_SESSION['user_id']); $insert_id = $DB->insert_id(); diff --git a/program/steps/mail/addcontact.inc b/program/steps/mail/addcontact.inc index 6ead67812..ad1544e71 100644 --- a/program/steps/mail/addcontact.inc +++ b/program/steps/mail/addcontact.inc @@ -42,8 +42,8 @@ if ($_GET['_address']) else if ($contact['mailto']) { $DB->query("INSERT INTO ".get_table_name('contacts')." - (user_id, name, email) - VALUES (?, ?, ?)", + (user_id, changed, name, email) + VALUES (?, now(), ?, ?)", $_SESSION['user_id'], $contact['name'], $contact['mailto']); diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 04196541b..e6c58a7c1 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -274,7 +274,8 @@ function rcmail_message_list($attrib) $attrib_str = create_attrib_string($attrib, array('style', 'class', 'id', 'cellpadding', 'cellspacing', 'border', 'summary')); $out = '<table' . $attrib_str . ">\n"; - + + // define list of cols to be displayed $a_show_cols = is_array($CONFIG['list_cols']) ? $CONFIG['list_cols'] : array('subject'); $a_sort_cols = array('subject', 'date', 'from', 'to'); @@ -283,6 +284,15 @@ function rcmail_message_list($attrib) if (strtolower($IMAP->get_mailbox_name())=='sent' && ($f = array_search('from', $a_show_cols))) $a_show_cols[$f] = 'to'; + // add col definition + $out .= '<colgroup>'; + $out .= '<col class="icon">'; + + foreach ($a_show_cols as $col) + $out .= sprintf('<col class="%s">', $col); + + $out .= '<col class="icon">'; + $out .= "</colgroup>\n"; // add table title $out .= "<thead><tr>\n<td class=\"icon\"> </td>\n"; diff --git a/skins/default/mail.css b/skins/default/mail.css index f5863863f..739bfed10 100644 --- a/skins/default/mail.css +++ b/skins/default/mail.css @@ -304,6 +304,7 @@ body.messagelist #messagelist { width: 100%; + display: table; table-layout: fixed; /* css hack for IE */ width: expression(document.getElementById('mailcontframe').clientWidth); @@ -338,11 +339,18 @@ body.messagelist padding: 2px; padding-right: 4px; font-size: 11px; + overflow: hidden; white-space: nowrap; border-bottom: 1px solid #EBEBEB; cursor: pointer; } +#messagelist col +{ + display: table-column; + text-align: left; +} + #messagelist tr td.icon { width: 16px; @@ -351,7 +359,6 @@ body.messagelist #messagelist tr td.subject { overflow: hidden; - text-align: left; } #messagelist tr td.size @@ -364,7 +371,6 @@ body.messagelist #messagelist tr td.to { width: 180px; - overflow: hidden; } #messagelist tr td.date |