From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/js/tiny_mce/plugins/media/langs/mk_dlg.js |  104 ---------------------------------------------------
 1 files changed, 1 insertions(+), 103 deletions(-)

diff --git a/program/js/tiny_mce/plugins/media/langs/mk_dlg.js b/program/js/tiny_mce/plugins/media/langs/mk_dlg.js
old mode 100755
new mode 100644
index 65e15ef..85afd9f
--- a/program/js/tiny_mce/plugins/media/langs/mk_dlg.js
+++ b/program/js/tiny_mce/plugins/media/langs/mk_dlg.js
@@ -1,103 +1 @@
-tinyMCE.addI18n('mk.media_dlg',{
-title:"Insert / edit embedded media",
-general:"General",
-advanced:"Advanced",
-file:"File/URL",
-list:"List",
-size:"Dimensions",
-preview:"Preview",
-constrain_proportions:"Constrain proportions",
-type:"Type",
-id:"Id",
-name:"Name",
-class_name:"Class",
-vspace:"V-Space",
-hspace:"H-Space",
-play:"Auto play",
-loop:"Loop",
-menu:"Show menu",
-quality:"Quality",
-scale:"Scale",
-align:"Align",
-salign:"SAlign",
-wmode:"WMode",
-bgcolor:"Background",
-base:"Base",
-flashvars:"Flashvars",
-liveconnect:"SWLiveConnect",
-autohref:"AutoHREF",
-cache:"Cache",
-hidden:"Hidden",
-controller:"Controller",
-kioskmode:"Kiosk mode",
-playeveryframe:"Play every frame",
-targetcache:"Target cache",
-correction:"No correction",
-enablejavascript:"Enable JavaScript",
-starttime:"Start time",
-endtime:"End time",
-href:"Href",
-qtsrcchokespeed:"Choke speed",
-target:"Target",
-volume:"Volume",
-autostart:"Auto start",
-enabled:"Enabled",
-fullscreen:"Fullscreen",
-invokeurls:"Invoke URLs",
-mute:"Mute",
-stretchtofit:"Stretch to fit",
-windowlessvideo:"Windowless video",
-balance:"Balance",
-baseurl:"Base URL",
-captioningid:"Captioning id",
-currentmarker:"Current marker",
-currentposition:"Current position",
-defaultframe:"Default frame",
-playcount:"Play count",
-rate:"Rate",
-uimode:"UI Mode",
-flash_options:"Flash options",
-qt_options:"Quicktime options",
-wmp_options:"Windows media player options",
-rmp_options:"Real media player options",
-shockwave_options:"Shockwave options",
-autogotourl:"Auto goto URL",
-center:"Center",
-imagestatus:"Image status",
-maintainaspect:"Maintain aspect",
-nojava:"No java",
-prefetch:"Prefetch",
-shuffle:"Shuffle",
-console:"Console",
-numloop:"Num loops",
-controls:"Controls",
-scriptcallbacks:"Script callbacks",
-swstretchstyle:"Stretch style",
-swstretchhalign:"Stretch H-Align",
-swstretchvalign:"Stretch V-Align",
-sound:"Sound",
-progress:"Progress",
-qtsrc:"QT Src",
-qt_stream_warn:"Streamed rtsp resources should be added to the QT Src field under the advanced tab.\nYou should also add a non streamed version to the Src field..",
-align_top:"Top",
-align_right:"Right",
-align_bottom:"Bottom",
-align_left:"Left",
-align_center:"Center",
-align_top_left:"Top left",
-align_top_right:"Top right",
-align_bottom_left:"Bottom left",
-align_bottom_right:"Bottom right",
-flv_options:"Flash video options",
-flv_scalemode:"Scale mode",
-flv_buffer:"Buffer",
-flv_startimage:"Start image",
-flv_starttime:"Start time",
-flv_defaultvolume:"Default volumne",
-flv_hiddengui:"Hidden GUI",
-flv_autostart:"Auto start",
-flv_loop:"Loop",
-flv_showscalemodes:"Show scale modes",
-flv_smoothvideo:"Smooth video",
-flv_jscallback:"JS Callback"
-});
\ No newline at end of file
+tinyMCE.addI18n('mk.media_dlg',{list:"\u041b\u0438\u0441\u0442\u0430",file:"\u0414\u0430\u0442\u043e\u0442\u0435\u043a\u0430/\u0423\u0420\u041b",advanced:"\u041d\u0430\u043f\u0440\u0435\u0434\u043d\u043e",general:"\u041e\u0441\u043d\u043e\u0432\u043d\u043e",title:"\u0412\u043d\u0435\u0441\u0438/\u0443\u0440\u0435\u0434\u0438 \u0432\u0433\u0440\u0430\u0434\u0435\u043d\u0438 \u043c\u0435\u0434\u0438\u0443\u043c\u0438","align_top_left":"\u041d\u0430\u0458\u0433\u043e\u0440\u0435 \u043b\u0435\u0432\u043e","align_center":"\u0421\u0440\u0435\u0434\u0438\u043d\u0430","align_left":"\u041b\u0435\u0432\u043e","align_bottom":"\u041d\u0430\u0458\u0434\u043e\u043b\u0435","align_right":"\u0414\u0435\u0441\u043d\u043e","align_top":"\u041d\u0430\u0458\u0433\u043e\u0440\u0435","qt_stream_warn":"RTSP \u0440\u0435\u0441\u0443\u0440\u0441\u0438\u0442\u0435 \u0442\u0440\u0435\u0431\u0430 \u0434\u0430 \u0441\u0435 \u0434\u043e\u0434\u0430\u0434\u0435 \u043d\u0430 Q\u0422 \u0438\u0437\u0432\u043e\u0440 \u043e\u0431\u043b\u0430\u0441\u0442\u0430 \u043f\u043e\u0434 Advanced \u0442\u0430\u0431\u043e\u0442. \n\u041c\u043e\u0436\u0435, \u0438\u0441\u0442\u043e \u0442\u0430\u043a\u0430, \u0442\u0440\u0435\u0431\u0430 \u0434\u0430 \u0441\u0435 \u0434\u043e\u0434\u0430\u0434\u0435 \u043d\u0435 \u0435\u043c\u0438\u0442\u0443\u0432\u0430\u043d\u0430 \u0432\u0435\u0440\u0437\u0438\u0458\u0430 \u043d\u0430 \u043f\u043e\u043b\u0435\u0442\u043e Src ..",qtsrc:"QT \u0438\u0437\u0432\u043e\u0440",progress:"\u041d\u0430\u043f\u0440\u0435\u0434\u043e\u043a",sound:"\u0417\u0432\u0443\u043a",swstretchvalign:"\u0420\u0430\u0448\u0438\u0440\u0438 \u043f\u043e \u0432\u0435\u0440\u0442\u0438\u043a\u0430\u043b\u0430",swstretchhalign:"\u0420\u0430\u0448\u0438\u0440\u0438 \u043f\u043e \u0445\u043e\u0440\u0438\u0437\u043e\u043d\u0442\u0430\u043b\u0430",swstretchstyle:"\u0420\u0430\u0448\u0438\u0440\u0435\u043d \u0441\u0442\u0438\u043b",scriptcallbacks:"Script callbacks","align_top_right":"\u0413\u043e\u0440\u0435 \u0434\u0435\u0441\u043d\u043e",uimode:"UI \u043c\u043e\u0434",rate:"\u0411\u0440\u0437\u0438\u043d\u0430",playcount:"\u0411\u0440\u043e\u0458 \u043d\u0430 \u0438\u0433\u0440\u0438",defaultframe:"\u041f\u0440\u0435\u0432\u0437\u0435\u043c\u0435\u043d\u0430 \u0440\u0430\u043c\u043a\u0430",currentposition:"\u041c\u043e\u043c\u0435\u043d\u0442\u0430\u043b\u043d\u0430 \u043f\u043e\u0437\u0438\u0446\u0438\u0458\u0430",currentmarker:"\u041c\u043e\u043c\u0435\u043d\u0442\u0430\u043b\u0435\u043d \u043c\u0430\u0440\u043a\u0435\u0440",captioningid:"\u0414\u043e\u0434\u0435\u043b\u0443\u0432\u0430\u043d\u0458\u0435 \u0438\u043c\u0435 \u043d\u0430 ID",baseurl:"\u041e\u0441\u043d\u043e\u0432\u0435\u043d \u0423\u0420\u041b",balance:"\u0420\u0430\u043c\u043d\u043e\u0442\u0435\u0436\u0430",windowlessvideo:"Windowless video",stretchtofit:"\u0420\u0430\u0448\u0438\u0440\u0438 \u0434\u043e \u043a\u0440\u0430\u0458",mute:"\u0411\u0435\u0437 \u0433\u043b\u0430\u0441",invokeurls:"\u041f\u043e\u0432\u0438\u043a\u0430\u0458 \u0423\u0420\u041b-\u0430",fullscreen:"\u0426\u0435\u043b \u0435\u043a\u0440\u0430\u043d",enabled:"\u041e\u0432\u043e\u0437\u043c\u043e\u0436\u0438",autostart:"\u0410\u0432\u0442\u043e\u043c\u0430\u0442\u0441\u043a\u0438 \u0441\u0442\u0430\u0440\u0442",volume:"\u0413\u043b\u0430\u0441\u043d\u043e\u0441\u0442",target:"\u0426\u0435\u043b",qtsrcchokespeed:"Choke speed",href:"Href",endtime:"\u0412\u0440\u0435\u043c\u0435 \u043d\u0430 \u043a\u0440\u0430\u0458",starttime:"\u0412\u0440\u0435\u043c\u0435 \u043d\u0430 \u043f\u043e\u0447\u0435\u0442\u043e\u043a",enablejavascript:"\u041e\u0432\u043e\u0437\u043c\u043e\u0436\u0438 JavaScript",correction:"\u0411\u0435\u0437 \u043a\u043e\u0440\u0435\u043a\u0446\u0438\u0458\u0430",targetcache:"\u0414\u043e\u0441\u0442\u0438\u0433\u043d\u0430\u0442\u0430 \u0446\u0435\u043b",playeveryframe:"\u041f\u0443\u0448\u0442\u0438\u0458\u0430 \u0441\u0435\u043a\u043e\u0458\u0430 \u0440\u0430\u043c\u043a\u0430",kioskmode:"Kiosk \u043c\u043e\u0434",controller:"\u041a\u043e\u043d\u0442\u0440\u043e\u043b\u0435\u0440",menu:"\u041f\u043e\u043a\u0430\u0436\u0438 \u043c\u0435\u043d\u0438",loop:"\u0408\u0430\u043c\u043a\u0430",play:"\u0410\u0432\u0442\u043e\u043c\u0430\u0442\u0441\u043a\u0438 \u043e\u0434\u0438\u0433\u0440\u0430\u0458",hspace:"\u0425\u043e\u0440\u0438\u0437\u043e\u043d\u0442\u0430\u043b\u043d\u043e \u043c\u0435\u0441\u0442\u043e",vspace:"\u0412\u0435\u0440\u0442\u0438\u043a\u0430\u043b\u043d\u043e \u043c\u0435\u0441\u0442\u043e","class_name":"\u041a\u043b\u0430\u0441\u0430",name:"\u0418\u043c\u0435",id:"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0458\u0430 (Id)",type:"\u0422\u0438\u043f",size:"\u0414\u0438\u043c\u0435\u043d\u0437\u0438\u0438",preview:"\u041f\u0440\u0435\u0433\u043b\u0435\u0434","constrain_proportions":"\u0417\u0430\u0434\u0440\u0436\u0438 \u043f\u0440\u043e\u043f\u043e\u0440\u0446\u0438\u0438",controls:"\u041a\u043e\u043d\u0442\u0440\u043e\u043b\u0438",numloop:"\u0411\u0440\u043e\u0458 \u043d\u0430 \u0458\u0430\u043c\u043a\u0438",console:"\u041a\u043e\u043d\u0437\u043e\u043b\u0430",cache:"\u041a\u0435\u0448",autohref:"AutoHREF",liveconnect:"SWLiveConnect",flashvars:"Flash \u043f\u0440\u043e\u043c\u0435\u043d\u043b\u0438\u0432\u0438",base:"\u041e\u0441\u043d\u043e\u0432\u0430",bgcolor:"\u041f\u043e\u0437\u0430\u0434\u0438\u043d\u0430",wmode:"WMode",salign:"SAlign",align:"\u041f\u043e\u0430\u0440\u0430\u043c\u043d\u0443\u0432\u0430\u045a\u0435",scale:"\u0420\u0430\u0437\u043c\u0435\u0440",quality:"\u041a\u0432\u0430\u043b\u0438\u0442\u0435\u0442",shuffle:"\u041c\u0435\u0448\u0430\u0458",prefetch:"Prefetch",nojava:"\u041d\u0435\u043c\u0430 java",maintainaspect:"\u0410\u0441\u043f\u0435\u043a\u0442 \u043d\u0430 \u043e\u0434\u0440\u0436\u0443\u0432\u0430\u045a\u0435",imagestatus:"\u0421\u0442\u0430\u0442\u0443\u0441 \u043d\u0430 \u0441\u043b\u0438\u043a\u0430",center:"\u0426\u0435\u043d\u0442\u0430\u0440/\u0441\u0440\u0435\u0434\u0438\u043d\u0430",autogotourl:"\u0410\u0432\u0442\u043e\u043c\u0430\u0442\u0441\u043a\u0438 \u043e\u0434\u0438 \u043d\u0430 \u0423\u0420\u041b","shockwave_options":"\u041e\u043f\u0446\u0438\u0438 \u043d\u0430 Shockwave ","rmp_options":"\u041e\u043f\u0446\u0438\u0438 \u043d\u0430 Real media player","wmp_options":"\u041e\u043f\u0446\u0438\u0438 \u043d\u0435 Windows media player","qt_options":"\u041e\u043f\u0446\u0438\u0438 \u043d\u0430 Quicktime","flash_options":"\u041e\u043f\u0446\u0438\u0438 \u043d\u0430 Flash",hidden:"\u0421\u043e\u043a\u0440\u0438\u0435\u043d\u043e","align_bottom_left":"\u0414\u043e\u043b\u0435 \u043b\u0435\u0432\u043e","align_bottom_right":"\u0414\u043e\u043b\u0435 \u0434\u0435\u0441\u043d\u043e",flash:"flash",quicktime:"quicktime","embedded_audio_options":"\u0412\u0433\u0440\u0430\u0434\u0435\u043d\u0438 \u0430\u0443\u0434\u0438\u043e \u043e\u043f\u0446\u0438\u0438",windowsmedia:"windowsmedia",realmedia:"realmedia",shockwave:"shockwave",audio:"\u0430\u0443\u0434\u0438\u043e",video:"\u0432\u0438\u0434\u0435\u043e","html5_video_options":"HTML5 \u0412\u0438\u0434\u0435\u043e \u043e\u043f\u0446\u0438\u0438",altsource1:"\u0410\u043b\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u0435\u043d \u0438\u0437\u0432\u043e\u0440 1",altsource2:"\u0410\u043b\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u0435\u043d \u0438\u0437\u0437\u0432\u043e\u0440 2",preload:"\u041d\u0430\u043b\u043e\u0436\u0438 \u043f\u0440\u0435\u0442\u0445\u043e\u0434\u043d\u043e",poster:"\u041f\u043e\u0441\u0442\u0435\u0440",source:"\u0418\u0437\u0432\u043e\u0440","html5_audio_options":"\u0410\u0443\u0434\u0438\u043e \u043e\u043f\u0446\u0438\u0438","preload_none":"\u0411\u0435\u0437 \u043f\u0440\u0435\u0442\u0445\u043e\u0434\u043d\u043e \u043d\u0430\u043b\u0430\u0433\u0430\u045a\u0435","preload_metadata":"\u041f\u0440\u0435\u0442\u0445\u043e\u0434\u043d\u043e \u043d\u0430\u043b\u043e\u0436\u0438 \u0432\u0438\u0434\u0435\u043e \u043c\u0435\u0442\u0430 \u043f\u043e\u0434\u0430\u0442\u043e\u0446\u0438","preload_auto":"\u041d\u0435\u043a\u0430 \u043e\u0434\u043b\u0443\u0447\u0438 \u043a\u043e\u0440\u0438\u0441\u043d\u0438\u0447\u043a\u0438\u043e\u0442 \u043f\u0440\u0435\u043b\u0438\u0441\u0442\u0443\u0432\u0430\u0447",iframe:"iframe",embeddedaudio:"\u0432\u0433\u0440\u0430\u0434\u0435\u043d\u043e \u0430\u0443\u0434\u0438\u043e"});
\ No newline at end of file

--
Gitblit v1.9.1