From 334475a50bcc97a8c326aadff0dcbb61fad40a4f Mon Sep 17 00:00:00 2001
From: Till Krüss <me@tillkruess.com>
Date: Mon, 10 Feb 2014 11:02:06 -0500
Subject: [PATCH] prevent unwanted code execution via CURLOPT_POSTFIELDS

---
 program/js/tiny_mce/plugins/contextmenu/editor_plugin_src.js |  110 ++++++++++++++++++++++++++++++++++++++++++++-----------
 1 files changed, 88 insertions(+), 22 deletions(-)

diff --git a/program/js/tiny_mce/plugins/contextmenu/editor_plugin_src.js b/program/js/tiny_mce/plugins/contextmenu/editor_plugin_src.js
index 6492641..48b0fff 100644
--- a/program/js/tiny_mce/plugins/contextmenu/editor_plugin_src.js
+++ b/program/js/tiny_mce/plugins/contextmenu/editor_plugin_src.js
@@ -1,40 +1,108 @@
 /**
- * $Id: editor_plugin_src.js 755 2008-03-29 19:14:42Z spocke $
+ * editor_plugin_src.js
  *
- * @author Moxiecode
- * @copyright Copyright � 2004-2008, Moxiecode Systems AB, All rights reserved.
+ * Copyright 2009, Moxiecode Systems AB
+ * Released under LGPL License.
+ *
+ * License: http://tinymce.moxiecode.com/license
+ * Contributing: http://tinymce.moxiecode.com/contributing
  */
 
 (function() {
 	var Event = tinymce.dom.Event, each = tinymce.each, DOM = tinymce.DOM;
 
+	/**
+	 * This plugin a context menu to TinyMCE editor instances.
+	 *
+	 * @class tinymce.plugins.ContextMenu
+	 */
 	tinymce.create('tinymce.plugins.ContextMenu', {
+		/**
+		 * Initializes the plugin, this will be executed after the plugin has been created.
+		 * This call is done before the editor instance has finished it's initialization so use the onInit event
+		 * of the editor instance to intercept that event.
+		 *
+		 * @method init
+		 * @param {tinymce.Editor} ed Editor instance that the plugin is initialized in.
+		 * @param {string} url Absolute URL to where the plugin is located.
+		 */
 		init : function(ed) {
-			var t = this;
+			var t = this, showMenu, contextmenuNeverUseNative, realCtrlKey, hideMenu;
 
 			t.editor = ed;
+
+			contextmenuNeverUseNative = ed.settings.contextmenu_never_use_native;
+
+			/**
+			 * This event gets fired when the context menu is shown.
+			 *
+			 * @event onContextMenu
+			 * @param {tinymce.plugins.ContextMenu} sender Plugin instance sending the event.
+			 * @param {tinymce.ui.DropMenu} menu Drop down menu to fill with more items if needed.
+			 */
 			t.onContextMenu = new tinymce.util.Dispatcher(this);
 
-			ed.onContextMenu.add(function(ed, e) {
-				if (!e.ctrlKey) {
-					t._getMenu(ed).showMenu(e.clientX, e.clientY);
-					Event.add(document, 'click', hide);
-					Event.cancel(e);
-				}
+			hideMenu = function(e) {
+				hide(ed, e);
+			};
+
+			showMenu = ed.onContextMenu.add(function(ed, e) {
+				// Block TinyMCE menu on ctrlKey and work around Safari issue
+				if ((realCtrlKey !== 0 ? realCtrlKey : e.ctrlKey) && !contextmenuNeverUseNative)
+					return;
+
+				Event.cancel(e);
+
+				// Select the image if it's clicked. WebKit would other wise expand the selection
+				if (e.target.nodeName == 'IMG')
+					ed.selection.select(e.target);
+
+				t._getMenu(ed).showMenu(e.clientX || e.pageX, e.clientY || e.pageY);
+				Event.add(ed.getDoc(), 'click', hideMenu);
+
+				ed.nodeChanged();
+			});
+			
+			ed.onRemove.add(function() {
+				if (t._menu)
+					t._menu.removeAll();
 			});
 
-			function hide() {
+			function hide(ed, e) {
+				realCtrlKey = 0;
+
+				// Since the contextmenu event moves
+				// the selection we need to store it away
+				if (e && e.button == 2) {
+					realCtrlKey = e.ctrlKey;
+					return;
+				}
+
 				if (t._menu) {
 					t._menu.removeAll();
-					t._menu.destroy();
-					Event.remove(document, 'click', hide);
+					 t._menu.destroy();
+					Event.remove(ed.getDoc(), 'click', hideMenu);
+					t._menu = null;
 				}
 			};
 
 			ed.onMouseDown.add(hide);
 			ed.onKeyDown.add(hide);
+			ed.onKeyDown.add(function(ed, e) {
+				if (e.shiftKey && !e.ctrlKey && !e.altKey && e.keyCode === 121) {
+					Event.cancel(e);
+					showMenu(ed, e);
+				}
+			});
 		},
 
+		/**
+		 * Returns information about the plugin as a name/value array.
+		 * The current keys are longname, author, authorurl, infourl and version.
+		 *
+		 * @method getInfo
+		 * @return {Object} Name/value array containing information about the plugin.
+		 */
 		getInfo : function() {
 			return {
 				longname : 'Contextmenu',
@@ -46,22 +114,20 @@
 		},
 
 		_getMenu : function(ed) {
-			var t = this, m = t._menu, se = ed.selection, col = se.isCollapsed(), el = se.getNode() || ed.getBody(), am, p1, p2;
+			var t = this, m = t._menu, se = ed.selection, col = se.isCollapsed(), el = se.getNode() || ed.getBody(), am, p;
 
 			if (m) {
 				m.removeAll();
 				m.destroy();
 			}
 
-			p1 = DOM.getPos(ed.getContentAreaContainer());
-			p2 = DOM.getPos(ed.getContainer());
+			p = DOM.getPos(ed.getContentAreaContainer());
 
 			m = ed.controlManager.createDropMenu('contextmenu', {
-				offset_x : p1.x,
-				offset_y : p1.y,
-/*				vp_offset_x : p2.x,
-				vp_offset_y : p2.y,*/
-				constrain : 1
+				offset_x : p.x + ed.getParam('contextmenu_offset_x', 0),
+				offset_y : p.y + ed.getParam('contextmenu_offset_y', 0),
+				constrain : 1,
+				keyboard_focus: true
 			});
 
 			t._menu = m;
@@ -94,4 +160,4 @@
 
 	// Register plugin
 	tinymce.PluginManager.add('contextmenu', tinymce.plugins.ContextMenu);
-})();
\ No newline at end of file
+})();

--
Gitblit v1.9.1