Added 'changed' col to contacts table and support for 160-bit session hashes

19 years ago · e0ddd4e6c0
parent 317219dafe
commit e0ddd4e6c0
7 changed files with 36 additions and 10 deletions
--- a/4
+++ b/4
@ -60,7 +60,7 @@ CHANGELOG RoundCube Webmail
 - Display folder names with special chars correctly (Bug #1330157)


-2005/10/22
+2005/11/02
 ----------
 - Added Finnish, Romanian and Chinese translation
 - Get IMAP server capabilities in array
@ -69,4 +69,6 @@ CHANGELOG RoundCube Webmail
 - Added sorting patch for message list
 - Make default sort col/order configurable
 - Fixed XSS in address book and identities
+- Added more XSS protection (Bug #1308236)
+- Added tab indexes for compose form

--- a/SQL/mysql.initial.sql
+++ b/SQL/mysql.initial.sql
@ -68,7 +68,7 @@ CREATE TABLE `identities` (
 -- 

 CREATE TABLE `session` (
-  `sess_id` varchar(32) NOT NULL default '',
+  `sess_id` varchar(40) NOT NULL default '',
  `created` datetime NOT NULL default '0000-00-00 00:00:00',
  `changed` datetime NOT NULL default '0000-00-00 00:00:00',
  `ip` VARCHAR(15) NOT NULL default '',
--- a/SQL/mysql.update.sql
+++ b/SQL/mysql.update.sql
@ -4,3 +4,11 @@

 ALTER TABLE session ADD ip VARCHAR(15) NOT NULL AFTER changed;
 ALTER TABLE users ADD alias VARCHAR(128) NOT NULL AFTER mail_host;
+
+
+
+-- RoundCube Webmail update script for MySQL databases
+-- Version 0.1-20051021
+
+ALTER TABLE `session` CHANGE `sess_id` `sess_id` VARCHAR(40) NOT NULL;
+ALTER TABLE `contacts` ADD `changed` DATETIME NOT NULL AFTER `user_id`;
--- a/program/steps/addressbook/save.inc
+++ b/program/steps/addressbook/save.inc
@ -40,7 +40,7 @@ if ($_POST['_cid'])
  if (sizeof($a_write_sql))
    {
    $DB->query("UPDATE ".get_table_name('contacts')."
-                SET    ".join(', ', $a_write_sql)."
+                SET    changed=now(), ".join(', ', $a_write_sql)."
                WHERE  contact_id=?
                AND    user_id=?
                AND    del<>'1'",
@ -109,8 +109,8 @@ else
  if (sizeof($a_insert_cols))
    {
    $DB->query("INSERT INTO ".get_table_name('contacts')."
-                (user_id, ".join(', ', $a_insert_cols).")
-                VALUES (?, ".join(', ', $a_insert_values).")",
+                (user_id, changedm ".join(', ', $a_insert_cols).")
+                VALUES (?, now(), ".join(', ', $a_insert_values).")",
                $_SESSION['user_id']);
                       
    $insert_id = $DB->insert_id();
--- a/program/steps/mail/addcontact.inc
+++ b/program/steps/mail/addcontact.inc
@ -42,8 +42,8 @@ if ($_GET['_address'])
    else if ($contact['mailto'])
      {
      $DB->query("INSERT INTO ".get_table_name('contacts')."
-                  (user_id, name, email)
-                  VALUES (?, ?, ?)",
+                  (user_id, changed, name, email)
+                  VALUES (?, now(), ?, ?)",
                  $_SESSION['user_id'],
                  $contact['name'],
                  $contact['mailto']);
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@ -274,7 +274,8 @@ function rcmail_message_list($attrib)
  $attrib_str = create_attrib_string($attrib, array('style', 'class', 'id', 'cellpadding', 'cellspacing', 'border', 'summary'));

  $out = '<table' . $attrib_str . ">\n";
-  
+
+
  // define list of cols to be displayed
  $a_show_cols = is_array($CONFIG['list_cols']) ? $CONFIG['list_cols'] : array('subject');
  $a_sort_cols = array('subject', 'date', 'from', 'to');
@ -283,6 +284,15 @@ function rcmail_message_list($attrib)
  if (strtolower($IMAP->get_mailbox_name())=='sent' && ($f = array_search('from', $a_show_cols)))
    $a_show_cols[$f] = 'to';

+  // add col definition
+  $out .= '<colgroup>';
+  $out .= '<col class="icon">';
+
+  foreach ($a_show_cols as $col)
+    $out .= sprintf('<col class="%s">', $col);
+
+  $out .= '<col class="icon">';
+  $out .= "</colgroup>\n";

  // add table title
  $out .= "<thead><tr>\n<td class=\"icon\">&nbsp;</td>\n";
--- a/skins/default/mail.css
+++ b/skins/default/mail.css
@ -304,6 +304,7 @@ body.messagelist
 #messagelist
 {
  width: 100%;
+  display: table;
  table-layout: fixed;
  /* css hack for IE */
  width: expression(document.getElementById('mailcontframe').clientWidth);
@ -338,11 +339,18 @@ body.messagelist
  padding: 2px;
  padding-right: 4px;
  font-size: 11px;
+  overflow: hidden;  
  white-space: nowrap;
  border-bottom: 1px solid #EBEBEB;
  cursor: pointer;
 }

+#messagelist col
+{
+  display: table-column;
+  text-align: left;
+}
+
 #messagelist tr td.icon
 {
  width: 16px;
@ -351,7 +359,6 @@ body.messagelist
 #messagelist tr td.subject
 {
  overflow: hidden;
-  text-align: left;
 }

 #messagelist tr td.size
@ -364,7 +371,6 @@ body.messagelist
 #messagelist tr td.to
 {
  width: 180px;
-  overflow: hidden;  
 }

 #messagelist tr td.date