From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/js/tiny_mce/plugins/emotions/emotions.htm |   70 ++++++++++++++++++-----------------
 1 files changed, 36 insertions(+), 34 deletions(-)

diff --git a/program/js/tiny_mce/plugins/emotions/emotions.htm b/program/js/tiny_mce/plugins/emotions/emotions.htm
index fca8ffa..1013556 100644
--- a/program/js/tiny_mce/plugins/emotions/emotions.htm
+++ b/program/js/tiny_mce/plugins/emotions/emotions.htm
@@ -1,40 +1,42 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
-	<title>{$lang_emotions_title}</title>
-	<script language="javascript" type="text/javascript" src="../../tiny_mce_popup.js"></script>
-	<script language="javascript" type="text/javascript" src="jscripts/functions.js"></script>
-	<base target="_self" />
+	<title>{#emotions_dlg.title}</title>
+	<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
+	<script type="text/javascript" src="js/emotions.js"></script>
 </head>
-<body onload="tinyMCEPopup.executeOnLoad('init();');" style="display: none">
-	<div align="center">
-		<div class="title">{$lang_emotions_title}:<br /><br /></div>
+<body style="display: none" role="application" aria-labelledby="app_title">
+<span style="display:none;" id="app_title">{#emotions_dlg.title}</span>
+<div align="center">
+	<div class="title">{#emotions_dlg.title}:<br /><br /></div>
 
-		<table border="0" cellspacing="0" cellpadding="4">
-		  <tr>
-			<td><a href="javascript:insertEmotion('smiley-cool.gif','lang_emotions_cool');"><img src="images/smiley-cool.gif" width="18" height="18" border="0" alt="{$lang_emotions_cool}" title="{$lang_emotions_cool}" /></a></td>
-			<td><a href="javascript:insertEmotion('smiley-cry.gif','lang_emotions_cry');"><img src="images/smiley-cry.gif" width="18" height="18" border="0" alt="{$lang_emotions_cry}" title="{$lang_emotions_cry}" /></a></td>
-			<td><a href="javascript:insertEmotion('smiley-embarassed.gif','lang_emotions_embarassed');"><img src="images/smiley-embarassed.gif" width="18" height="18" border="0" alt="{$lang_emotions_embarassed}" title="{$lang_emotions_embarassed}" /></a></td>
-			<td><a href="javascript:insertEmotion('smiley-foot-in-mouth.gif','lang_emotions_foot_in_mouth');"><img src="images/smiley-foot-in-mouth.gif" width="18" height="18" border="0" alt="{$lang_emotions_foot_in_mouth}" title="{$lang_emotions_foot_in_mouth}" /></a></td>
-		  </tr>
-		  <tr>
-			<td><a href="javascript:insertEmotion('smiley-frown.gif','lang_emotions_frown');"><img src="images/smiley-frown.gif" width="18" height="18" border="0" alt="{$lang_emotions_frown}" title="{$lang_emotions_frown}" /></a></td>
-			<td><a href="javascript:insertEmotion('smiley-innocent.gif','lang_emotions_innocent');"><img src="images/smiley-innocent.gif" width="18" height="18" border="0" alt="{$lang_emotions_innocent}" title="{$lang_emotions_innocent}" /></a></td>
-			<td><a href="javascript:insertEmotion('smiley-kiss.gif','lang_emotions_kiss');"><img src="images/smiley-kiss.gif" width="18" height="18" border="0" alt="{$lang_emotions_kiss}" title="{$lang_emotions_kiss}" /></a></td>
-			<td><a href="javascript:insertEmotion('smiley-laughing.gif','lang_emotions_laughing');"><img src="images/smiley-laughing.gif" width="18" height="18" border="0" alt="{$lang_emotions_laughing}" title="{$lang_emotions_laughing}" /></a></td>
-		  </tr>
-		  <tr>
-			<td><a href="javascript:insertEmotion('smiley-money-mouth.gif','lang_emotions_money_mouth');"><img src="images/smiley-money-mouth.gif" width="18" height="18" border="0" alt="{$lang_emotions_money_mouth}" title="{$lang_emotions_money_mouth}" /></a></td>
-			<td><a href="javascript:insertEmotion('smiley-sealed.gif','lang_emotions_sealed');"><img src="images/smiley-sealed.gif" width="18" height="18" border="0" alt="{$lang_emotions_sealed}" title="{$lang_emotions_sealed}" /></a></td>
-			<td><a href="javascript:insertEmotion('smiley-smile.gif','lang_emotions_smile');"><img src="images/smiley-smile.gif" width="18" height="18" border="0" alt="{$lang_emotions_smile}" title="{$lang_emotions_smile}" /></a></td>
-			<td><a href="javascript:insertEmotion('smiley-surprised.gif','lang_emotions_surprised');"><img src="images/smiley-surprised.gif" width="18" height="18" border="0" alt="{$lang_emotions_surprised}" title="{$lang_emotions_surprised}" /></a></td>
-		  </tr>
-		  <tr>
-			<td><a href="javascript:insertEmotion('smiley-tongue-out.gif','lang_emotions_tongue_out');"><img src="images/smiley-tongue-out.gif" width="18" height="18" border="0" alt="{$lang_emotions_tongue-out}" title="{$lang_emotions_tongue_out}" /></a></td>
-			<td><a href="javascript:insertEmotion('smiley-undecided.gif','lang_emotions_undecided');"><img src="images/smiley-undecided.gif" width="18" height="18" border="0" alt="{$lang_emotions_undecided}" title="{$lang_emotions_undecided}" /></a></td>
-			<td><a href="javascript:insertEmotion('smiley-wink.gif','lang_emotions_wink');"><img src="images/smiley-wink.gif" width="18" height="18" border="0" alt="{$lang_emotions_wink}" title="{$lang_emotions_wink}" /></a></td>
-			<td><a href="javascript:insertEmotion('smiley-yell.gif','lang_emotions_yell');"><img src="images/smiley-yell.gif" width="18" height="18" border="0" alt="{$lang_emotions_yell}" title="{$lang_emotions_yell}" /></a></td>
-		  </tr>
-		</table>
-	</div>
+	<table id="emoticon_table" role="presentation" border="0" cellspacing="0" cellpadding="4">
+		<tr>
+			<td><a class="emoticon_link" role="button" title="{#emotions_dlg.cool}. {#emotions_dlg.usage}" href="javascript:EmotionsDialog.insert('smiley-cool.gif','emotions_dlg.cool');"><img src="img/smiley-cool.gif" width="18" height="18" border="0" alt="{#emotions_dlg.cool}. {#emotions_dlg.usage}" /></a></td>
+			<td><a class="emoticon_link" role="button" title="{#emotions_dlg.cry}. {#emotions_dlg.usage}" href="javascript:EmotionsDialog.insert('smiley-cry.gif','emotions_dlg.cry');"><img src="img/smiley-cry.gif" width="18" height="18" border="0" alt="{#emotions_dlg.cry}. {#emotions_dlg.usage}" /></a></td>
+			<td><a class="emoticon_link" role="button" title="{#emotions_dlg.embarassed}. {#emotions_dlg.usage}" href="javascript:EmotionsDialog.insert('smiley-embarassed.gif','emotions_dlg.embarassed');"><img src="img/smiley-embarassed.gif" width="18" height="18" border="0" alt="{#emotions_dlg.embarassed}. {#emotions_dlg.usage}"  /></a></td>
+			<td><a class="emoticon_link" role="button" title="{#emotions_dlg.foot_in_mouth}. {#emotions_dlg.usage}" href="javascript:EmotionsDialog.insert('smiley-foot-in-mouth.gif','emotions_dlg.foot_in_mouth');"><img src="img/smiley-foot-in-mouth.gif" width="18" height="18" border="0" alt="{#emotions_dlg.foot_in_mouth}. {#emotions_dlg.usage}" /></a></td>
+		</tr>
+		<tr>
+			<td><a class="emoticon_link" role="button" title="{#emotions_dlg.frown}. {#emotions_dlg.usage}" href="javascript:EmotionsDialog.insert('smiley-frown.gif','emotions_dlg.frown');"><img src="img/smiley-frown.gif" width="18" height="18" border="0" alt="{#emotions_dlg.frown}. {#emotions_dlg.usage}" /></a></td>
+			<td><a class="emoticon_link" role="button" title="{#emotions_dlg.innocent}. {#emotions_dlg.usage}" href="javascript:EmotionsDialog.insert('smiley-innocent.gif','emotions_dlg.innocent');"><img src="img/smiley-innocent.gif" width="18" height="18" border="0" alt="{#emotions_dlg.innocent}. {#emotions_dlg.usage}"  /></a></td>
+			<td><a class="emoticon_link" role="button" title="{#emotions_dlg.kiss}. {#emotions_dlg.usage}" href="javascript:EmotionsDialog.insert('smiley-kiss.gif','emotions_dlg.kiss');"><img src="img/smiley-kiss.gif" width="18" height="18" border="0" alt="{#emotions_dlg.kiss}. {#emotions_dlg.usage}" /></a></td>
+			<td><a class="emoticon_link" role="button" title="{#emotions_dlg.laughing}. {#emotions_dlg.usage}" href="javascript:EmotionsDialog.insert('smiley-laughing.gif','emotions_dlg.laughing');"><img src="img/smiley-laughing.gif" width="18" height="18" border="0" alt="{#emotions_dlg.laughing}. {#emotions_dlg.usage}" /></a></td>
+		</tr>
+		<tr>
+			<td><a class="emoticon_link" role="button" title="{#emotions_dlg.money_mouth}. {#emotions_dlg.usage}" href="javascript:EmotionsDialog.insert('smiley-money-mouth.gif','emotions_dlg.money_mouth');"><img src="img/smiley-money-mouth.gif" width="18" height="18" border="0" alt="{#emotions_dlg.money_mouth}. {#emotions_dlg.usage}"/></a></td>
+			<td><a class="emoticon_link" role="button" title="{#emotions_dlg.sealed}. {#emotions_dlg.usage}" href="javascript:EmotionsDialog.insert('smiley-sealed.gif','emotions_dlg.sealed');"><img src="img/smiley-sealed.gif" width="18" height="18" border="0" alt="{#emotions_dlg.sealed}. {#emotions_dlg.usage}" /></a></td>
+			<td><a class="emoticon_link" role="button" title="{#emotions_dlg.smile}. {#emotions_dlg.usage}" href="javascript:EmotionsDialog.insert('smiley-smile.gif','emotions_dlg.smile');"><img src="img/smiley-smile.gif" width="18" height="18" border="0" alt="{#emotions_dlg.smile}. {#emotions_dlg.usage}" /></a></td>
+			<td><a class="emoticon_link" role="button" title="{#emotions_dlg.surprised}. {#emotions_dlg.usage}" href="javascript:EmotionsDialog.insert('smiley-surprised.gif','emotions_dlg.surprised');"><img src="img/smiley-surprised.gif" width="18" height="18" border="0" alt="{#emotions_dlg.surprised}. {#emotions_dlg.usage}" /></a></td>
+		</tr>
+		<tr>
+			<td><a class="emoticon_link" role="button" title="{#emotions_dlg.tongue_out}. {#emotions_dlg.usage}" href="javascript:EmotionsDialog.insert('smiley-tongue-out.gif','emotions_dlg.tongue_out');"><img src="img/smiley-tongue-out.gif" width="18" height="18" border="0" alt="{#emotions_dlg.tongue-out}. {#emotions_dlg.usage}" /></a></td>
+			<td><a class="emoticon_link" role="button" title="{#emotions_dlg.undecided}. {#emotions_dlg.usage}" href="javascript:EmotionsDialog.insert('smiley-undecided.gif','emotions_dlg.undecided');"><img src="img/smiley-undecided.gif" width="18" height="18" border="0" alt="{#emotions_dlg.undecided}. {#emotions_dlg.usage}" /></a></td>
+			<td><a class="emoticon_link" role="button" title="{#emotions_dlg.wink}. {#emotions_dlg.usage}" href="javascript:EmotionsDialog.insert('smiley-wink.gif','emotions_dlg.wink');"><img src="img/smiley-wink.gif" width="18" height="18" border="0" alt="{#emotions_dlg.wink}. {#emotions_dlg.usage}" /></a></td>
+			<td><a class="emoticon_link" role="button" title="{#emotions_dlg.yell}. {#emotions_dlg.usage}" href="javascript:EmotionsDialog.insert('smiley-yell.gif','emotions_dlg.yell');"><img src="img/smiley-yell.gif" width="18" height="18" border="0" alt="{#emotions_dlg.yell}. {#emotions_dlg.usage}" /></a></td>
+		</tr>
+	</table>
+	<div>{#emotions_dlg.usage}</div>
+</div>
 </body>
 </html>

--
Gitblit v1.9.1