From 334475a50bcc97a8c326aadff0dcbb61fad40a4f Mon Sep 17 00:00:00 2001
From: Till Krüss <me@tillkruess.com>
Date: Mon, 10 Feb 2014 11:02:06 -0500
Subject: [PATCH] prevent unwanted code execution via CURLOPT_POSTFIELDS
---
program/js/tiny_mce/utils/form_utils.js | 27 +++++++++++++++++++--------
1 files changed, 19 insertions(+), 8 deletions(-)
diff --git a/program/js/tiny_mce/utils/form_utils.js b/program/js/tiny_mce/utils/form_utils.js
index 9bc2bad..59da013 100644
--- a/program/js/tiny_mce/utils/form_utils.js
+++ b/program/js/tiny_mce/utils/form_utils.js
@@ -1,19 +1,24 @@
/**
- * $Id: form_utils.js 1184 2009-08-11 11:47:27Z spocke $
+ * form_utils.js
*
- * Various form utilitiy functions.
+ * Copyright 2009, Moxiecode Systems AB
+ * Released under LGPL License.
*
- * @author Moxiecode
- * @copyright Copyright � 2004-2008, Moxiecode Systems AB, All rights reserved.
+ * License: http://tinymce.moxiecode.com/license
+ * Contributing: http://tinymce.moxiecode.com/contributing
*/
var themeBaseURL = tinyMCEPopup.editor.baseURI.toAbsolute('themes/' + tinyMCEPopup.getParam("theme"));
function getColorPickerHTML(id, target_form_element) {
- var h = "";
+ var h = "", dom = tinyMCEPopup.dom;
- h += '<a id="' + id + '_link" href="javascript:;" onclick="tinyMCEPopup.pickColor(event,\'' + target_form_element +'\');" onmousedown="return false;" class="pickcolor">';
- h += '<span id="' + id + '" title="' + tinyMCEPopup.getLang('browse') + '"> </span></a>';
+ if (label = dom.select('label[for=' + target_form_element + ']')[0]) {
+ label.id = label.id || dom.uniqueId();
+ }
+
+ h += '<a role="button" aria-labelledby="' + id + '_label" id="' + id + '_link" href="javascript:;" onclick="tinyMCEPopup.pickColor(event,\'' + target_form_element +'\');" onmousedown="return false;" class="pickcolor">';
+ h += '<span id="' + id + '" title="' + tinyMCEPopup.getLang('browse') + '"> <span id="' + id + '_label" class="mceVoiceLabel mceIconOnly" style="display:none;">' + tinyMCEPopup.getLang('browse') + '</span></span></a>';
return h;
}
@@ -65,6 +70,9 @@
function selectByValue(form_obj, field_name, value, add_custom, ignore_case) {
if (!form_obj || !form_obj.elements[field_name])
return;
+
+ if (!value)
+ value = "";
var sel = form_obj.elements[field_name];
@@ -170,7 +178,7 @@
}
function trimSize(size) {
- return size.replace(/([0-9\.]+)px|(%|in|cm|mm|em|ex|pt|pc)/, '$1$2');
+ return size.replace(/([0-9\.]+)(px|%|in|cm|mm|em|ex|pt|pc)/i, '$1$2');
}
function getCSSSize(size) {
@@ -182,6 +190,9 @@
// Add px
if (/^[0-9]+$/.test(size))
size += 'px';
+ // Sanity check, IE doesn't like broken values
+ else if (!(/^[0-9\.]+(px|%|in|cm|mm|em|ex|pt|pc)$/i.test(size)))
+ return "";
return size;
}
--
Gitblit v1.9.1