From caffe4d317b22c61881e48aebe85a9e5b334affd Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 27 Nov 2012 18:07:42 +0100
Subject: Fix deleting of collapsed threads, broken in
 2b55d4f4204bdb8c97865e01b960c1d1f23ac0b7 (#1488772)

---
 program/js/app.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'program')

diff --git a/program/js/app.js b/program/js/app.js
index 8fe68bf9e..08411f0e2 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -2541,7 +2541,7 @@ function rcube_webmail()
     for (i=0, len=selection.length; i<len; i++) {
       uid = selection[i];
       if (list.rows[uid].has_children && !list.rows[uid].expanded)
-        list.select_childs(uid);
+        list.select_children(uid);
     }
 
     // if config is set to flag for deletion
-- 
cgit v1.2.3


From 9019025222470462ea075560c287af4f260cdd8f Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 4 Dec 2012 09:17:08 +0100
Subject: - Fix XSS vulnerability in vbscript: and data:text links handling
 (#1488850)

Conflicts:

	CHANGELOG
	tests/MailFunc.php
---
 CHANGELOG               | 1 +
 program/lib/washtml.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

(limited to 'program')

diff --git a/CHANGELOG b/CHANGELOG
index 981031c58..bc8b902e5 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Fix XSS vulnerability in vbscript: and data:text links handling (#1488850)
 - Fix absolute positioning in HTML messages (#1488819)
 - Fix keybord events on messages list in opera browser (#1488823)
 - Fix cache (in)validation after setting \Deleted flag
diff --git a/program/lib/washtml.php b/program/lib/washtml.php
index 0d4ffdb4b..d13d66404 100644
--- a/program/lib/washtml.php
+++ b/program/lib/washtml.php
@@ -214,7 +214,7 @@ class washtml
       $key = strtolower($key);
       $value = $node->getAttribute($key);
       if (isset($this->_html_attribs[$key]) ||
-         ($key == 'href' && !preg_match('!^javascript!i', $value)
+         ($key == 'href' && !preg_match('!^(javascript|vbscript|data:text)!i', $value)
            && preg_match('!^([a-z][a-z0-9.+-]+:|//|#).+!i', $value))
       ) {
         $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';
-- 
cgit v1.2.3


From 4163511314f54462e0786916bd8683f894fa1885 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Wed, 5 Dec 2012 09:46:03 +0100
Subject: Add workaround for IE<=8 bug where Content-Disposition:inline was
 ignored (#1488844)

---
 CHANGELOG                  | 1 +
 program/steps/mail/get.inc | 7 +++++++
 2 files changed, 8 insertions(+)

(limited to 'program')

diff --git a/CHANGELOG b/CHANGELOG
index bc8b902e5..5eceea611 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Add workaround for IE<=8 bug where Content-Disposition:inline was ignored (#1488844)
 - Fix XSS vulnerability in vbscript: and data:text links handling (#1488850)
 - Fix absolute positioning in HTML messages (#1488819)
 - Fix keybord events on messages list in opera browser (#1488823)
diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc
index 924433df3..2cc2f12ca 100644
--- a/program/steps/mail/get.inc
+++ b/program/steps/mail/get.inc
@@ -150,6 +150,13 @@ else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) {
 
       $disposition = !empty($plugin['download']) ? 'attachment' : 'inline';
 
+      // Workaround for nasty IE bug (#1488844)
+      // If Content-Disposition header contains string "attachment" e.g. in filename
+      // IE handles data as attachment not inline
+      if ($disposition == 'inline' && $browser->ie && $browser->ver < 9) {
+        $filename = str_ireplace('attachment', 'attach', $filename);
+      }
+
       header("Content-Disposition: $disposition; filename=\"$filename\"");
 
       // do content filtering to avoid XSS through fake images
-- 
cgit v1.2.3


From c3a3531b36c074c2b30fe207ab315a4de09d645d Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sat, 15 Dec 2012 18:32:42 +0100
Subject: Fix escaping of add-contact arguments - fixes JS error in IE

---
 program/steps/mail/func.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'program')

diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 5fa5ad6e4..e486cc6e6 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -1414,7 +1414,7 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null,
       if ($addicon && $_SESSION['writeable_abook']) {
         $address .= html::a(array(
             'href' => "#add",
-            'onclick' => sprintf("return %s.command('add-contact','%s',this)", JS_OBJECT_NAME, $string),
+            'onclick' => sprintf("return %s.command('add-contact','%s',this)", JS_OBJECT_NAME, JQ($string)),
             'title' => rcube_label('addtoaddressbook'),
             'class' => 'rcmaddcontact',
           ),
-- 
cgit v1.2.3