non security modules update

2015-04-20 16:32:07 +02:00
parent 6a8d30db08
commit 37fbabab56
466 changed files with 32690 additions and 9652 deletions
--- a/sites/all/modules/contrib/files/imce/imce/imce.info
+++ b/sites/all/modules/contrib/files/imce/imce/imce.info
@@ -4,9 +4,9 @@ core = "7.x"
 package = "Media"
 configure = "admin/config/media/imce"

-; Information added by drupal.org packaging script on 2013-01-29
-version = "7.x-1.7"
+; Information added by Drupal.org packaging script on 2014-05-16
+version = "7.x-1.9"
 core = "7.x"
 project = "imce"
-datestamp = "1359476607"
+datestamp = "1400275428"

--- a/sites/all/modules/contrib/files/imce/imce/imce.install
+++ b/sites/all/modules/contrib/files/imce/imce/imce.install
@@ -101,4 +101,24 @@ function imce_update_7001(&$sandbox) {
    db_drop_table('imce_files');
    return t('Migrated IMCE files.');
  }
+}
+
+/**
+ * Fixes misconfigurations where anonymous user is given User-1 profile
+ */
+function imce_update_7002() {
+  $roles = variable_get('imce_roles_profiles', array());
+  $rid = DRUPAL_ANONYMOUS_RID;
+  if (!empty($roles[$rid])) {
+    $update = FALSE;
+    foreach ($roles[$rid] as $key => $value) {
+      if ($value == 1 && substr($key, -4) == '_pid') {
+        $roles[$rid][$key] = '0';
+        $update = TRUE;
+      }
+    }
+    if ($update) {
+      variable_set('imce_roles_profiles', $roles);
+    }
+  }
 }
--- a/sites/all/modules/contrib/files/imce/imce/inc/imce.admin.inc
+++ b/sites/all/modules/contrib/files/imce/imce/inc/imce.admin.inc
@@ -16,7 +16,8 @@ function imce_admin() {
  $rows = array();

  foreach ($profiles as $pid => $profile) {
-    $rows[] = array($profile['name'],
+    $rows[] = array(
+      check_plain($profile['name']),
      l(t('Edit'), 'admin/config/media/imce/profile/edit/' . $pid),
      $pid == 1 ? '' : l(t('Delete'), 'admin/config/media/imce/profile/delete/' . $pid),
    );
@@ -34,6 +35,18 @@ function imce_admin() {
    '#attributes' => array('id' => 'imce-profiles-list'),
  );
  $output['form'] = drupal_get_form('imce_admin_form');
+
+  // Display security warnings
+  if (empty($_POST)) {
+    $roles = variable_get('imce_roles_profiles', array());
+    if (!empty($roles[DRUPAL_ANONYMOUS_RID]['public_pid']) || !empty($roles[DRUPAL_ANONYMOUS_RID]['private_pid'])) {
+      drupal_set_message(t('Anonymous user role has access to IMCE.') . ' ' . t('Make sure this is not a misconfiguration.'), 'warning');
+    }
+    if (imce_admin_check_wildcard_upload(DRUPAL_AUTHENTICATED_RID, $roles)) {
+      drupal_set_message(t('Authenticated user role is assigned a configuration profile with unrestricted file extensions.') . ' ' . t('Make sure this is not a misconfiguration.'), 'warning');
+    }
+  }
+
  return $output;
 }

@@ -116,7 +129,7 @@ function imce_admin_theme($variables) {
  $swrappers = file_get_stream_wrappers(STREAM_WRAPPERS_VISIBLE);
  foreach ($swrappers as $scheme => $info) {
    $header[] = l($info['name'], 'imce/' . $scheme);
-    $rows[0][] = $profile1['name'];
+    $rows[0][] = check_plain($profile1['name']);
    $keys[] = $scheme . '_pid';
  }

@@ -145,6 +158,17 @@ function imce_admin_theme($variables) {
  return $output;
 }

+/**
+ * Validate admin form.
+ */
+function imce_admin_form_validate($form, &$form_state) {
+  $roles = $form_state['values']['roles'];
+  // Check anonymous profile. Do not allow wildcard upload.
+  if ($key = imce_admin_check_wildcard_upload(DRUPAL_ANONYMOUS_RID, $roles)) {
+    form_error($form['roles'][DRUPAL_ANONYMOUS_RID][$key], t('Anonymous user role can not have a configuration profile with unrestricted file extensions.'));
+  }
+}
+
 /**
 * Submit admin form.
 */
@@ -172,7 +196,7 @@ function imce_profile_operations($op = 'add', $pid = 0) {
    return drupal_get_form('imce_profile_delete_form', $pid);
  }
  //add-edit
-  if ($pid != 1 || $GLOBALS['user']->uid == 1) {
+  if ($op === 'add' || $op === 'edit') {
    return drupal_get_form('imce_profile_form', $pid);
  }
  drupal_access_denied();
@@ -482,7 +506,7 @@ function imce_thumbnails_theme($variables) {
 */
 function imce_role_form($role, $weight = TRUE, $core = TRUE) {
  $form['name'] = array(
-    '#markup' => $role['name'],
+    '#markup' => check_plain($role['name']),
  );
  if ($weight) {
    $form['weight'] = $core ? array(
@@ -687,5 +711,30 @@ function imce_rolesort($r1, $r2) {
  return $r1['weight']-$r2['weight'];
 }

+/**
+ * Checks if the given role can upload all extensions.
+ */
+function imce_admin_check_wildcard_upload($rid, $conf = NULL) {
+  if (!isset($conf)) {
+    $conf = variable_get('imce_roles_profiles', array());
+  }
+  if (!empty($conf[$rid])) {
+    foreach ($conf[$rid] as $key => $pid) {
+      if ($pid && substr($key, -4) == '_pid') {
+        if ($profile = imce_load_profile($pid)) {
+          if ($profile['extensions'] === '*' && !empty($profile['directories'])) {
+            foreach ($profile['directories'] as $dirconf) {
+              if (!empty($dirconf['upload'])) {
+                return $key;
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+  return FALSE;
+}
+
 //Include core profile functions.
 include_once DRUPAL_ROOT . '/' . drupal_get_path('module', 'imce') . '/inc/imce.core.profiles.inc';
--- a/sites/all/modules/contrib/files/imce/imce/inc/imce.page.inc
+++ b/sites/all/modules/contrib/files/imce/imce/inc/imce.page.inc
@@ -116,7 +116,7 @@ function imce_js($user, $scheme, $jsop = '') {
  //disable devel log.
  $GLOBALS['devel_shutdown'] = FALSE;
  //for upload we must return plain text header.
-  drupal_add_http_header('Content-Type', 'text/' . ($jsop == 'upload' ? 'html' : 'javascript') . '; charset=utf-8');
+  drupal_add_http_header('Content-Type', (!empty($_POST['html_response']) ? 'text/html' : 'application/json') . '; charset=utf-8');
  print drupal_json_encode($response);
  exit();
 }
@@ -144,6 +144,7 @@ function imce_upload_form($form, &$form_state, $ref) {
    '#submit' => $imce['perm']['upload'] ? array('imce_upload_submit') : NULL,
  );
  $form = array('fset_upload' => array('#type' => 'fieldset', '#title' => t('Upload file')) + $form);
+  $form['html_response'] = array('#type' => 'hidden', '#default_value' => '1');
  $form['#attributes']['enctype'] = 'multipart/form-data';
  $form['#action'] = $imce['url'];
  return $form;
--- a/sites/all/modules/contrib/files/imce/imce/js/imce.js
+++ b/sites/all/modules/contrib/files/imce/imce/js/imce.js
@@ -1,4 +1,3 @@
-
 (function($) {
 //Global container.
 window.imce = {tree: {}, findex: [], fids: {}, selected: {}, selcount: 0, ops: {}, cache: {}, urlId: {},
@@ -9,6 +8,7 @@ hooks: {load: [], list: [], navigate: [], cache: []},
 initiate: function() {
  imce.conf = Drupal.settings.imce || {};
  if (imce.conf.error != false) return;
+  imce.ie = (navigator.userAgent.match(/msie (\d+)/i) || ['', 0])[1] * 1;
  imce.FLW = imce.el('file-list-wrapper'), imce.SBW = imce.el('sub-browse-wrapper');
  imce.NW = imce.el('navigation-wrapper'), imce.BW = imce.el('browse-wrapper');
  imce.PW = imce.el('preview-wrapper'), imce.FW = imce.el('forms-wrapper');
@@ -19,6 +19,8 @@ initiate: function() {
  imce.initiateList();//process file list
  imce.initiateOps();//prepare operation tabs
  imce.refreshOps();
+  // Bind global error handler
+  $(document).ajaxError(imce.ajaxError);
  imce.invoke('load', window);//run functions set by external applications.
 },

@@ -79,7 +81,7 @@ dirCollapsible: function (branch) {
    if (branch.ul) {
      $(branch.ul).toggle();
      $(branch.li).toggleClass('expanded');
-      $.browser.msie && $('#navigation-header').css('top', imce.NW.scrollTop);
+      imce.ie && $('#navigation-header').css('top', imce.NW.scrollTop);
    }
    else if (branch.clkbl){
      $(branch.a).click();
@@ -241,12 +243,19 @@ setHtmlOps: function () {

 //convert upload form to an op.
 setUploadOp: function () {
-  var form = imce.el('imce-upload-form');
+  var el, form = imce.el('imce-upload-form');
  if (!form) return;
  $(form).ajaxForm(imce.uploadSettings()).find('fieldset').each(function() {//clean up fieldsets
    this.removeChild(this.firstChild);
    $(this).after(this.childNodes);
  }).remove();
+  // Set html response flag
+  el = form.elements['files[imce]'];
+  if (el && el.files && window.FormData) {
+    if (el = form.elements.html_response) {
+      el.value = 0;
+    }
+  } 
  imce.opAdd({name: 'upload', title: Drupal.t('Upload'), content: form});//add op
 },

@@ -257,7 +266,7 @@ setFileOps: function () {
  $(form.elements.filenames).parent().remove();
  $(form).find('fieldset').each(function() {//remove fieldsets
    var $sbmt = $('input:submit', this);
-    if (!$sbmt.size()) return;
+    if (!$sbmt.length) return;
    var Op = {name: $sbmt.attr('id').substr(5)};
    var func = function() {imce.fopSubmit(Op.name); return false;};
    $sbmt.click(func);
@@ -279,7 +288,7 @@ refreshOps: function() {
 //add a new file operation
 opAdd: function (op) {
  var oplist = imce.el('ops-list'), opcons = imce.el('op-contents');
-  var name = op.name || ('op-'+ $(oplist).children('li').size());
+  var name = op.name || ('op-'+ $(oplist).children('li').length);
  var title = op.title || 'Untitled';
  var Op = imce.ops[name] = {title: title};
  if (op.content) {
@@ -323,7 +332,7 @@ opClick: function(name) {
          var $inputs = $('input', imce.ops[imce.vars.op].div);
          $inputs.eq(0).focus();
          //form inputs become invisible in IE. Solution is as stupid as the behavior.
-          $('html').is('.ie') && $inputs.addClass('dummyie').removeClass('dummyie');
+          $('html').hasClass('ie') && $inputs.addClass('dummyie').removeClass('dummyie');
       }
      });
    });
@@ -432,7 +441,6 @@ uploadValidate: function (data, form, options) {
      return imce.setMessage(Drupal.t('Only files with the following extensions are allowed: %files-allowed.', {'%files-allowed': imce.conf.extensions}), 'error');
    }
  }
-  var sep = path.indexOf('/') == -1 ? '\\' : '/';
  options.url = imce.ajaxURL('upload');//make url contain current dir.
  imce.fopLoading('upload', true);
  return true;
@@ -440,7 +448,19 @@ uploadValidate: function (data, form, options) {

 //settings for upload
 uploadSettings: function () {
-  return {beforeSubmit: imce.uploadValidate, success: function (response) {imce.processResponse($.parseJSON(response));}, complete: function () {imce.fopLoading('upload', false);}, resetForm: true};
+  return {
+    beforeSubmit: imce.uploadValidate,
+    success: function (response) {
+      try{
+        imce.processResponse($.parseJSON(response));
+      } catch(e) {}
+    },
+    complete: function () {
+      imce.fopLoading('upload', false);
+    },
+    resetForm: true,
+    dataType: 'text'
+  };
 },

 //validate default ops(delete, thumb, resize)
@@ -450,7 +470,7 @@ fopValidate: function(fop) {
    case 'delete':
      return confirm(Drupal.t('Delete selected files?'));
    case 'thumb':
-      if (!$('input:checked', imce.ops['thumb'].div).size()) {
+      if (!$('input:checked', imce.ops['thumb'].div).length) {
        return imce.setMessage(Drupal.t('Please select a thumbnail.'), 'error');
      }
      return imce.validateImage();
@@ -487,7 +507,7 @@ commonSubmit: function(fop) {

 //settings for default file operations
 fopSettings: function (fop) {
-  return {url: imce.ajaxURL(fop), type: 'POST', dataType: 'json', success: imce.processResponse, complete: function (response) {imce.fopLoading(fop, false);}, data: imce.vars.opform +'&filenames='+ imce.serialNames() +'&jsop='+ fop + (imce.ops[fop].div ? '&'+ $('input, select, textarea', imce.ops[fop].div).serialize() : '')};
+  return {url: imce.ajaxURL(fop), type: 'POST', dataType: 'json', success: imce.processResponse, complete: function (response) {imce.fopLoading(fop, false);}, data: imce.vars.opform +'&filenames='+ encodeURIComponent(imce.serialNames()) +'&jsop='+ fop + (imce.ops[fop].div ? '&'+ $('input, select, textarea', imce.ops[fop].div).serialize() : '')};
 },

 //toggle loading state
@@ -537,7 +557,7 @@ prepareMsgs: function () {
    $('>div', msgs).each(function (){
      var type = this.className.split(' ')[1];
      var li = $('>ul li', this);
-      if (li.size()) li.each(function () {imce.setMessage(this.innerHTML, type);});
+      if (li.length) li.each(function () {imce.setMessage(this.innerHTML, type);});
      else imce.setMessage(this.innerHTML, type);
    });
    $(msgs).remove();
@@ -704,7 +724,10 @@ processRow: function (row) {

 //decode urls. uses unescape. can be overridden to use decodeURIComponent
 decode: function (str) {
-  return unescape(str);
+  try {
+    return decodeURIComponent(str);
+  } catch(e) {}
+  return str;
 },

 //decode and convert to plain text
@@ -772,7 +795,7 @@ updateUI: function() {
    return false;
  }).appendTo('#op-contents')[0];
  //navigation-header
-  if (!$('#navigation-header').size()) {
+  if (!$('#navigation-header').length) {
    $(imce.NW).children('.navigation-text').attr('id', 'navigation-header').wrapInner('<span></span>');
  }
  //log
@@ -789,7 +812,7 @@ updateUI: function() {
    imce.opAdd({name: 'help', title: $('#help-box-title').remove().text(), content: $('#help-box').show()});
  });
  //add ie classes
-  $.browser.msie && $('html').addClass('ie') && parseFloat($.browser.version) < 8 && $('html').addClass('ie-7');
+  imce.ie && $('html').addClass('ie') && imce.ie < 8 && $('html').addClass('ie-7');
  // enable box view for file list
  imce.vars.boxW && imce.boxView();
  //scrolling file list
@@ -802,6 +825,6 @@ updateUI: function() {
 };

 //initiate
-$(document).ready(imce.initiate).ajaxError(imce.ajaxError);
+$(document).ready(imce.initiate);

 })(jQuery);
--- a/sites/all/modules/contrib/files/imce/imce/js/imce_extras.js
+++ b/sites/all/modules/contrib/files/imce/imce/js/imce_extras.js
@@ -180,7 +180,7 @@ imce.setResizer = function (resizer, axis, area1, area2, Min, callback) {
 //get&set area dimensions of the last session from the cookie
 imce.recallDimensions = function() {
  var $body = $(document.body);
-  if (!$body.is('.imce')) return;
+  if (!$body.hasClass('imce')) return;
  //row heights
  imce.recallHeights(imce.cookie('imcebwh') * 1);
  $(window).resize(function(){imce.recallHeights()});
@@ -192,7 +192,7 @@ imce.recallDimensions = function() {
 //set row heights with respect to window height
 imce.recallHeights = function(bwFixedHeight) {
  //window & body dimensions
-  var winHeight = $.browser.opera ? window.innerHeight : $(window).height();
+  var winHeight = window.opera ? window.innerHeight : $(window).height();
  var bodyHeight = $(document.body).outerHeight(true);
  var diff = winHeight - bodyHeight;
  var bwHeight = $(imce.BW).height(), pwHeight = $(imce.PW).height();
@@ -214,9 +214,9 @@ imce.recallHeights = function(bwFixedHeight) {
 //cookie get & set
 imce.cookie = function (name, value) {
  if (typeof(value) == 'undefined') {//get
-    return unescape((document.cookie.match(new RegExp('(^|;) *'+ name +'=([^;]*)(;|$)')) || ['', '', ''])[2]);
+    return document.cookie ? imce.decode((document.cookie.match(new RegExp('(?:^|;) *' + name + '=([^;]*)(?:;|$)')) || ['', ''])[1].replace(/\+/g, '%20')) : '';
  }
-  document.cookie = name +'='+ escape(value) +'; expires='+ (new Date(new Date() * 1 + 15 * 86400000)).toGMTString() +'; path=' + Drupal.settings.basePath + 'imce';//set
+  document.cookie = name +'='+ encodeURIComponent(value) +'; expires='+ (new Date(new Date() * 1 + 15 * 86400000)).toUTCString() +'; path=' + Drupal.settings.basePath + 'imce';//set
 };

 //view thumbnails(smaller than tMaxW x tMaxH) inside the rows.
@@ -259,12 +259,12 @@ imce.imagestyleURL = function (url, stylename) {
 // replace table view with box view for file list
 imce.boxView = function () {
  var w = imce.vars.boxW, h = imce.vars.boxH;
-  if (!w || !h || $.browser.msie && parseFloat($.browser.version) < 8) return;
+  if (!w || !h || imce.ie && imce.ie < 8) return;
  var $body = $(document.body);
  var toggle = function() {
    $body.toggleClass('box-view');
    // refresh dom. required by all except FF.
-    !$.browser.mozilla && $('#file-list').appendTo(imce.FW).appendTo(imce.FLW);
+    $('#file-list').appendTo(imce.FW).appendTo(imce.FLW);
  };
  $body.append('<style type="text/css">.box-view #file-list td.name {width: ' + w + 'px;height: ' + h + 'px;} .box-view #file-list td.name span {width: ' + w + 'px;word-wrap: normal;text-overflow: ellipsis;}</style>');
  imce.hooks.load.push(function() {
--- a/sites/all/modules/contrib/files/imce/imce/js/imce_set_app.js
+++ b/sites/all/modules/contrib/files/imce/imce/js/imce_set_app.js
@@ -53,7 +53,7 @@ imce.hooks.load.push(function(win) {
    if (appFields.url.indexOf(',') > -1) {
      var arr = appFields.url.split(',');
      for (var i in arr) {
-        if ($('#'+ arr[i], appWindow.document).size()) {
+        if ($('#'+ arr[i], appWindow.document).length) {
          appFields.url = arr[i];
          break;
        }
--- a/sites/all/modules/contrib/files/imce/imce/js/imce_set_inline.js
+++ b/sites/all/modules/contrib/files/imce/imce/js/imce_set_inline.js
@@ -21,7 +21,7 @@ Drupal.behaviors.imceInline = {attach: function(context, settings) {
 //function to be executed when imce loads.
 ii.load = function(win) {
  win.imce.setSendTo(Drupal.t('Insert file'), ii.insert);
-  $(window).unload(function() {
+  $(window).bind('unload', function() {
    if (ii.pop && !ii.pop.closed) ii.pop.close();
  });
 };
--- a/sites/all/modules/contrib/files/imce/imce/js/jquery.form.js
+++ b/sites/all/modules/contrib/files/imce/imce/js/jquery.form.js
--- a/sites/all/modules/contrib/files/imce/imce/tpl/imce-page.tpl.php
+++ b/sites/all/modules/contrib/files/imce/imce/tpl/imce-page.tpl.php
@@ -4,6 +4,7 @@

 <head>
  <title><?php print t('File Browser'); ?></title>
+  <meta name="robots" content="noindex,nofollow" />
  <?php if (isset($_GET['app'])): drupal_add_js(drupal_get_path('module', 'imce') .'/js/imce_set_app.js'); endif;?>
  <?php print drupal_get_html_head(); ?>
  <?php print drupal_get_css(); ?>
--- a/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_dir_man/README.txt
+++ b/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_dir_man/README.txt
--- a/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_dir_man/imce_dir_man.info
+++ b/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_dir_man/imce_dir_man.info
@@ -5,9 +5,9 @@ core = 7.x
 configure = admin/config/media/imce_dir_man
 dependencies[] = imce

-; Information added by drupal.org packaging script on 2012-10-30
-version = "7.x-1.1"
+; Information added by Drupal.org packaging script on 2014-03-23
+version = "7.x-1.2"
 core = "7.x"
 project = "imce_tools"
-datestamp = "1351598216"
+datestamp = "1395598458"

--- a/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_dir_man/imce_dir_man.install
+++ b/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_dir_man/imce_dir_man.install
--- a/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_dir_man/imce_dir_man.module
+++ b/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_dir_man/imce_dir_man.module
--- a/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_file_path/README.txt
+++ b/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_file_path/README.txt
--- a/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_file_path/imce_file_path.css
+++ b/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_file_path/imce_file_path.css
--- a/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_file_path/imce_file_path.info
+++ b/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_file_path/imce_file_path.info
@@ -4,9 +4,9 @@ core = 7.x
 package = Media
 dependencies[] = imce

-; Information added by drupal.org packaging script on 2012-10-30
-version = "7.x-1.1"
+; Information added by Drupal.org packaging script on 2014-03-23
+version = "7.x-1.2"
 core = "7.x"
 project = "imce_tools"
-datestamp = "1351598216"
+datestamp = "1395598458"

--- a/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_file_path/imce_file_path.install
+++ b/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_file_path/imce_file_path.install
--- a/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_file_path/imce_file_path.js
+++ b/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_file_path/imce_file_path.js
--- a/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_file_path/imce_file_path.module
+++ b/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_file_path/imce_file_path.module
--- a/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_search/README.txt
+++ b/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_search/README.txt
--- a/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_search/imce_search.css
+++ b/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_search/imce_search.css
@@ -11,3 +11,7 @@
  background: url('loading.gif') no-repeat top left;
  padding-left: 20px;
 }
+
+#imce-search-results .link {
+  text-decoration: underline;
+}
--- a/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_search/imce_search.info
+++ b/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_search/imce_search.info
@@ -4,9 +4,9 @@ core = 7.x
 package = Media
 dependencies[] = imce

-; Information added by drupal.org packaging script on 2012-10-30
-version = "7.x-1.1"
+; Information added by Drupal.org packaging script on 2014-03-23
+version = "7.x-1.2"
 core = "7.x"
 project = "imce_tools"
-datestamp = "1351598216"
+datestamp = "1395598458"

--- a/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_search/imce_search.install
+++ b/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_search/imce_search.install
--- a/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_search/imce_search.js
+++ b/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_search/imce_search.js
@@ -16,12 +16,16 @@ imce.hooks.load.push(function() {
        data = eval('(' + serverdata + ')');
        var filelist = jQuery.map(data.files, function(fullpath, index) {
          var li = document.createElement('li');
-          /*jQuery(li).click(function () { 
+          jQuery(li).click(function () {
            file = fullpath.substr(fullpath.lastIndexOf('/') + 1);
            dir = fullpath.substr(0, fullpath.lastIndexOf('/'));
+             if (dir!=imce.conf.dir) {
+              imce.navigate(dir);
+              imce.dirActivate(dir);
+            }
            imce.dirActivate(dir);
            imce.highlight(file);
-          });*/
+          }).css('cursor','pointer').addClass('link');
          if (index > 10) {
            jQuery(li).addClass('toggle');
          }
--- a/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_search/imce_search.module
+++ b/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_search/imce_search.module
--- a/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_search/loading.gif
+++ b/sites/all/modules/contrib/files/imce/imce_tools/modules/imce_search/loading.gif