From aba993da6afe0668af1863e58061886c6c996e96 Mon Sep 17 00:00:00 2001 From: Till Krüss Date: Thu, 13 Feb 2014 09:40:17 +0530 Subject: prevent unwanted code execution via CURLOPT_POSTFIELDS (again) --- plugins/password/drivers/domainfactory.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/password/drivers/domainfactory.php b/plugins/password/drivers/domainfactory.php index 6e1219869..3351d2fd3 100644 --- a/plugins/password/drivers/domainfactory.php +++ b/plugins/password/drivers/domainfactory.php @@ -51,7 +51,7 @@ class rcube_domainfactory_password // change password $ch = curl_copy_handle($ch); - curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields); + curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($postfields)); if ($result = curl_exec($ch)) { // did the new password match the requirements? -- cgit v1.2.3 From 8bbb01cb66830cd20d3264d2ec78c911c48d270c Mon Sep 17 00:00:00 2001 From: Thomas Bruederli Date: Thu, 13 Feb 2014 10:06:11 +0100 Subject: Add toolbar icon for message move --- skins/classic/images/mail_toolbar.png | Bin 39276 -> 42820 bytes skins/larry/images/buttons.png | Bin 38715 -> 39327 bytes 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/skins/classic/images/mail_toolbar.png b/skins/classic/images/mail_toolbar.png index 3ef003f23..6406a92d8 100644 Binary files a/skins/classic/images/mail_toolbar.png and b/skins/classic/images/mail_toolbar.png differ diff --git a/skins/larry/images/buttons.png b/skins/larry/images/buttons.png index 8e2560198..e64931278 100644 Binary files a/skins/larry/images/buttons.png and b/skins/larry/images/buttons.png differ -- cgit v1.2.3 From 5e8da2b5c9d69872d17c857e239b1e30e9c23976 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Thu, 13 Feb 2014 14:19:41 +0100 Subject: Added toolbar button to move message in message view --- CHANGELOG | 1 + program/include/rcmail_output_html.php | 2 +- program/js/app.js | 12 +++++++++-- program/lib/Roundcube/html.php | 15 ++++++++++--- skins/classic/includes/messagetoolbar.html | 3 +++ skins/classic/mail.css | 34 ++++++++++++++++++------------ skins/larry/includes/mailtoolbar.html | 3 +++ skins/larry/styles.css | 8 +++++++ 8 files changed, 59 insertions(+), 19 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 0bc760ec8..3dc197ec5 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Added toolbar button to move message in message view - Improve UI integration of ACL settings - Fix directories check in Installer on Windows (#1489576) - Fix issue when default_addressbook option is set to integer value (#1489407) diff --git a/program/include/rcmail_output_html.php b/program/include/rcmail_output_html.php index 17b5b9647..45cb9f0d9 100644 --- a/program/include/rcmail_output_html.php +++ b/program/include/rcmail_output_html.php @@ -1216,7 +1216,7 @@ class rcmail_output_html extends rcmail_output // generate html code for button if ($btn_content) { - $attrib_str = html::attrib_string($attrib, $link_attrib); + $attrib_str = html::attrib_string($attrib, array_merge($link_attrib, array('data-*'))); $out = sprintf('%s', $attrib_str, $btn_content); } diff --git a/program/js/app.js b/program/js/app.js index 1ef341415..eb9b9ced8 100644 --- a/program/js/app.js +++ b/program/js/app.js @@ -6670,8 +6670,9 @@ function rcube_webmail() this.element_position = function(element, obj) { var obj = $(obj), win = $(window), - width = obj.width(), - height = obj.height(), + width = obj.outerWidth(), + height = obj.outerHeight(), + menu_pos = obj.data('menu-pos'), win_height = win.height(), elem_height = $(element).height(), elem_width = $(element).width(), @@ -6679,6 +6680,13 @@ function rcube_webmail() top = pos.top, left = pos.left + width; + if (menu_pos == 'bottom') { + top += height; + left -= width; + } + else + left -= 5; + if (top + elem_height > win_height) { top -= elem_height - height; if (top < 0) diff --git a/program/lib/Roundcube/html.php b/program/lib/Roundcube/html.php index 33517fbcd..64324dd8e 100644 --- a/program/lib/Roundcube/html.php +++ b/program/lib/Roundcube/html.php @@ -269,19 +269,28 @@ class html return ''; } - $allowed_f = array_flip((array)$allowed); + $allowed_f = array_flip((array)$allowed); $attrib_arr = array(); + foreach ($attrib as $key => $value) { // skip size if not numeric if ($key == 'size' && !is_numeric($value)) { continue; } - // ignore "internal" or not allowed attributes - if ($key == 'nl' || ($allowed && !isset($allowed_f[$key])) || $value === null) { + // ignore "internal" or empty attributes + if ($key == 'nl' || $value === null) { continue; } + // ignore not allowed attributes + if (!empty($allowed)) { + $is_data_attr = substr_compare($key, 'data-', 0, 5) === 0; + if (!isset($allowed_f[$key]) && (!$is_data_attr || !isset($allowed_f['data-*']))) { + continue; + } + } + // skip empty eventhandlers if (preg_match('/^on[a-z]+/', $key) && !$value) { continue; diff --git a/skins/classic/includes/messagetoolbar.html b/skins/classic/includes/messagetoolbar.html index 6936c7def..639557da6 100644 --- a/skins/classic/includes/messagetoolbar.html +++ b/skins/classic/includes/messagetoolbar.html @@ -20,6 +20,9 @@ + + +
diff --git a/skins/classic/mail.css b/skins/classic/mail.css index 10efd350f..e80ad4e6a 100644 --- a/skins/classic/mail.css +++ b/skins/classic/mail.css @@ -116,51 +116,59 @@ } #messagetoolbar a.markmessage { - background-position: -256px 0; + background-position: -288px 0; } #messagetoolbar a.messagemenu { - background-position: -288px 0; + background-position: -322px 0; } #messagetoolbar a.spellcheck { - background-position: -384px 0; + background-position: -418px 0; } #messagetoolbar a.spellcheckSel { - background-position: -384px -32px; + background-position: -418px -32px; } #messagetoolbar a.attach { - background-position: -352px 0; + background-position: -386px 0; } #messagetoolbar a.attachSel { - background-position: -352px -32px; + background-position: -386px -32px; } #messagetoolbar a.insertsig { - background-position: -448px 0; + background-position: -482px 0; } #messagetoolbar a.insertsigSel { - background-position: -448px -32px; + background-position: -482px -32px; } #messagetoolbar a.savedraft { - background-position: -322px 0; + background-position: -354px 0; } #messagetoolbar a.savedraftSel { - background-position: -322px -32px; + background-position: -354px -32px; } #messagetoolbar a.send { - background-position: -416px 0; + background-position: -450px 0; } #messagetoolbar a.sendSel { - background-position: -416px -32px; + background-position: -450px -32px; +} + +#messagetoolbar a.move { + background-position: -578px 0; +} + +#messagetoolbar a.moveSel { + background-position: -578px -32px; } #messagetoolbar a.download { @@ -172,7 +180,7 @@ } #messagetoolbar a.responses { - background-position: -512px 0; + background-position: -548px 0; } #messagemenu li a.active:hover, diff --git a/skins/larry/includes/mailtoolbar.html b/skins/larry/includes/mailtoolbar.html index 5708a94f1..912cac6e2 100644 --- a/skins/larry/includes/mailtoolbar.html +++ b/skins/larry/includes/mailtoolbar.html @@ -15,6 +15,9 @@ + + +
diff --git a/skins/larry/styles.css b/skins/larry/styles.css index e1a813373..96ffbb272 100644 --- a/skins/larry/styles.css +++ b/skins/larry/styles.css @@ -1895,6 +1895,10 @@ ul.proplist li { background-position: center -1094px; } +.toolbar a.button.move { + background-position: center -1972px; +} + .toolbar a.button.more { background-position: center -850px; } @@ -2339,6 +2343,10 @@ ul.toolbarmenu li span.copy { /*** folder selector ***/ +#folder-selector { + z-index: 1000; +} + #folder-selector li a span { background: url("images/listicons.png") 4px -2021px no-repeat; display: block; -- cgit v1.2.3 From 7c23451eec050d533d049ee306c1221118e79690 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Fri, 14 Feb 2014 12:19:31 +0100 Subject: Added tests for html::attrib_string() method --- tests/Framework/Html.php | 57 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/tests/Framework/Html.php b/tests/Framework/Html.php index 60284deef..d9466e601 100644 --- a/tests/Framework/Html.php +++ b/tests/Framework/Html.php @@ -18,6 +18,63 @@ class Framework_Html extends PHPUnit_Framework_TestCase $this->assertInstanceOf('html', $object, "Class constructor"); } + /** + * Data for test_attrib_string() + */ + function data_attrib_string() + { + return array( + array( + array(), null, '', + ), + array( + array('test' => 'test'), null, ' test="test"', + ), + array( + array('test' => 'test'), array('test'), ' test="test"', + ), + array( + array('test' => 'test'), array('other'), '', + ), + array( + array('checked' => true), null, ' checked="checked"', + ), + array( + array('checked' => ''), null, '', + ), + array( + array('onclick' => ''), null, '', + ), + array( + array('size' => 5), null, ' size="5"', + ), + array( + array('size' => 'test'), null, '', + ), + array( + array('data-test' => 'test'), null, ' data-test="test"', + ), + array( + array('data-test' => 'test'), array('other'), '', + ), + array( + array('data-test' => 'test'), array('data-test'), ' data-test="test"', + ), + array( + array('data-test' => 'test'), array('data-*'), ' data-test="test"', + ), + ); + } + + /** + * Test for attrib_string() + * @dataProvider data_attrib_string + */ + function test_attrib_string($arg1, $arg2, $result) + { + $this->assertEquals(html::attrib_string($arg1, $arg2), $result); + } + /** * Data for test_quote() */ -- cgit v1.2.3 From 80102a2dde8d2870ee7d8c4ad8e8626a555ecc2f Mon Sep 17 00:00:00 2001 From: Thomas Bruederli Date: Fri, 14 Feb 2014 13:50:18 +0100 Subject: Re-locate the move-message toolbar button to be next to the related delete icon; synchronize toolbars in larry and classic skin --- skins/classic/images/mail_toolbar.png | Bin 42820 -> 42883 bytes skins/classic/includes/messagetoolbar.html | 7 ++++--- skins/classic/mail.css | 11 ++++++----- skins/larry/includes/mailtoolbar.html | 4 +--- skins/larry/styles.css | 2 +- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/skins/classic/images/mail_toolbar.png b/skins/classic/images/mail_toolbar.png index 6406a92d8..357357795 100644 Binary files a/skins/classic/images/mail_toolbar.png and b/skins/classic/images/mail_toolbar.png differ diff --git a/skins/classic/includes/messagetoolbar.html b/skins/classic/includes/messagetoolbar.html index 639557da6..b6b16d635 100644 --- a/skins/classic/includes/messagetoolbar.html +++ b/skins/classic/includes/messagetoolbar.html @@ -17,12 +17,13 @@ + + + + - - -
diff --git a/skins/classic/mail.css b/skins/classic/mail.css index e80ad4e6a..b1c8a0ea9 100644 --- a/skins/classic/mail.css +++ b/skins/classic/mail.css @@ -108,11 +108,11 @@ } #messagetoolbar a.print { - background-position: -224px 0; + background-position: -256px 0; } #messagetoolbar a.printSel { - background-position: -224px -32px; + background-position: -256px -32px; } #messagetoolbar a.markmessage { @@ -120,7 +120,8 @@ } #messagetoolbar a.messagemenu { - background-position: -322px 0; + background-position: -320px 0; + width: 34px; } #messagetoolbar a.spellcheck { @@ -164,11 +165,11 @@ } #messagetoolbar a.move { - background-position: -578px 0; + background-position: -580px 0; } #messagetoolbar a.moveSel { - background-position: -578px -32px; + background-position: -580px -32px; } #messagetoolbar a.download { diff --git a/skins/larry/includes/mailtoolbar.html b/skins/larry/includes/mailtoolbar.html index 912cac6e2..ac08a3200 100644 --- a/skins/larry/includes/mailtoolbar.html +++ b/skins/larry/includes/mailtoolbar.html @@ -11,13 +11,11 @@ + - - -
diff --git a/skins/larry/styles.css b/skins/larry/styles.css index 96ffbb272..18ba49ae2 100644 --- a/skins/larry/styles.css +++ b/skins/larry/styles.css @@ -1896,7 +1896,7 @@ ul.proplist li { } .toolbar a.button.move { - background-position: center -1972px; + background-position: center -1971px; } .toolbar a.button.more { -- cgit v1.2.3