summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG4
-rw-r--r--SQL/mysql.initial.sql2
-rw-r--r--SQL/mysql.update.sql8
-rw-r--r--program/steps/addressbook/save.inc6
-rw-r--r--program/steps/mail/addcontact.inc4
-rw-r--r--program/steps/mail/func.inc12
-rw-r--r--skins/default/mail.css10
7 files changed, 36 insertions, 10 deletions
diff --git a/CHANGELOG b/CHANGELOG
index ebb9d8347..4d98e59e1 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -60,7 +60,7 @@ CHANGELOG RoundCube Webmail
- Display folder names with special chars correctly (Bug #1330157)
-2005/10/22
+2005/11/02
----------
- Added Finnish, Romanian and Chinese translation
- Get IMAP server capabilities in array
@@ -69,4 +69,6 @@ CHANGELOG RoundCube Webmail
- Added sorting patch for message list
- Make default sort col/order configurable
- Fixed XSS in address book and identities
+- Added more XSS protection (Bug #1308236)
+- Added tab indexes for compose form
diff --git a/SQL/mysql.initial.sql b/SQL/mysql.initial.sql
index 7746f123d..73905cab8 100644
--- a/SQL/mysql.initial.sql
+++ b/SQL/mysql.initial.sql
@@ -68,7 +68,7 @@ CREATE TABLE `identities` (
--
CREATE TABLE `session` (
- `sess_id` varchar(32) NOT NULL default '',
+ `sess_id` varchar(40) NOT NULL default '',
`created` datetime NOT NULL default '0000-00-00 00:00:00',
`changed` datetime NOT NULL default '0000-00-00 00:00:00',
`ip` VARCHAR(15) NOT NULL default '',
diff --git a/SQL/mysql.update.sql b/SQL/mysql.update.sql
index 8cd8c5c02..0119225ef 100644
--- a/SQL/mysql.update.sql
+++ b/SQL/mysql.update.sql
@@ -4,3 +4,11 @@
ALTER TABLE session ADD ip VARCHAR(15) NOT NULL AFTER changed;
ALTER TABLE users ADD alias VARCHAR(128) NOT NULL AFTER mail_host;
+
+
+
+-- RoundCube Webmail update script for MySQL databases
+-- Version 0.1-20051021
+
+ALTER TABLE `session` CHANGE `sess_id` `sess_id` VARCHAR(40) NOT NULL;
+ALTER TABLE `contacts` ADD `changed` DATETIME NOT NULL AFTER `user_id`;
diff --git a/program/steps/addressbook/save.inc b/program/steps/addressbook/save.inc
index 3e2cfae8f..c80707fcf 100644
--- a/program/steps/addressbook/save.inc
+++ b/program/steps/addressbook/save.inc
@@ -40,7 +40,7 @@ if ($_POST['_cid'])
if (sizeof($a_write_sql))
{
$DB->query("UPDATE ".get_table_name('contacts')."
- SET ".join(', ', $a_write_sql)."
+ SET changed=now(), ".join(', ', $a_write_sql)."
WHERE contact_id=?
AND user_id=?
AND del<>'1'",
@@ -109,8 +109,8 @@ else
if (sizeof($a_insert_cols))
{
$DB->query("INSERT INTO ".get_table_name('contacts')."
- (user_id, ".join(', ', $a_insert_cols).")
- VALUES (?, ".join(', ', $a_insert_values).")",
+ (user_id, changedm ".join(', ', $a_insert_cols).")
+ VALUES (?, now(), ".join(', ', $a_insert_values).")",
$_SESSION['user_id']);
$insert_id = $DB->insert_id();
diff --git a/program/steps/mail/addcontact.inc b/program/steps/mail/addcontact.inc
index 6ead67812..ad1544e71 100644
--- a/program/steps/mail/addcontact.inc
+++ b/program/steps/mail/addcontact.inc
@@ -42,8 +42,8 @@ if ($_GET['_address'])
else if ($contact['mailto'])
{
$DB->query("INSERT INTO ".get_table_name('contacts')."
- (user_id, name, email)
- VALUES (?, ?, ?)",
+ (user_id, changed, name, email)
+ VALUES (?, now(), ?, ?)",
$_SESSION['user_id'],
$contact['name'],
$contact['mailto']);
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 04196541b..e6c58a7c1 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -274,7 +274,8 @@ function rcmail_message_list($attrib)
$attrib_str = create_attrib_string($attrib, array('style', 'class', 'id', 'cellpadding', 'cellspacing', 'border', 'summary'));
$out = '<table' . $attrib_str . ">\n";
-
+
+
// define list of cols to be displayed
$a_show_cols = is_array($CONFIG['list_cols']) ? $CONFIG['list_cols'] : array('subject');
$a_sort_cols = array('subject', 'date', 'from', 'to');
@@ -283,6 +284,15 @@ function rcmail_message_list($attrib)
if (strtolower($IMAP->get_mailbox_name())=='sent' && ($f = array_search('from', $a_show_cols)))
$a_show_cols[$f] = 'to';
+ // add col definition
+ $out .= '<colgroup>';
+ $out .= '<col class="icon">';
+
+ foreach ($a_show_cols as $col)
+ $out .= sprintf('<col class="%s">', $col);
+
+ $out .= '<col class="icon">';
+ $out .= "</colgroup>\n";
// add table title
$out .= "<thead><tr>\n<td class=\"icon\">&nbsp;</td>\n";
diff --git a/skins/default/mail.css b/skins/default/mail.css
index f5863863f..739bfed10 100644
--- a/skins/default/mail.css
+++ b/skins/default/mail.css
@@ -304,6 +304,7 @@ body.messagelist
#messagelist
{
width: 100%;
+ display: table;
table-layout: fixed;
/* css hack for IE */
width: expression(document.getElementById('mailcontframe').clientWidth);
@@ -338,11 +339,18 @@ body.messagelist
padding: 2px;
padding-right: 4px;
font-size: 11px;
+ overflow: hidden;
white-space: nowrap;
border-bottom: 1px solid #EBEBEB;
cursor: pointer;
}
+#messagelist col
+{
+ display: table-column;
+ text-align: left;
+}
+
#messagelist tr td.icon
{
width: 16px;
@@ -351,7 +359,6 @@ body.messagelist
#messagelist tr td.subject
{
overflow: hidden;
- text-align: left;
}
#messagelist tr td.size
@@ -364,7 +371,6 @@ body.messagelist
#messagelist tr td.to
{
width: 180px;
- overflow: hidden;
}
#messagelist tr td.date