From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/js/tiny_mce/plugins/media/langs/uk_dlg.js |  104 ---------------------------------------------------
 1 files changed, 1 insertions(+), 103 deletions(-)

diff --git a/program/js/tiny_mce/plugins/media/langs/uk_dlg.js b/program/js/tiny_mce/plugins/media/langs/uk_dlg.js
old mode 100755
new mode 100644
index 8187e35..6f7a4b4
--- a/program/js/tiny_mce/plugins/media/langs/uk_dlg.js
+++ b/program/js/tiny_mce/plugins/media/langs/uk_dlg.js
@@ -1,103 +1 @@
-tinyMCE.addI18n('uk.media_dlg',{
-title:"\u0412\u0441\u0442\u0430\u0432\u0438\u0442\u0438 / \u0440\u0435\u0434\u0430\u0433\u0443\u0432\u0430\u0442\u0438 embedded media",
-general:"\u0417\u0430\u0433\u0430\u043B\u044C\u043D\u0435",
-advanced:"\u0414\u043E\u0434\u0430\u0442\u043A\u043E\u0432\u043E",
-file:"\u0424\u0430\u0439\u043B/URL",
-list:"\u0421\u043F\u0438\u0441\u043E\u043A",
-size:"\u0420\u043E\u0437\u043C\u0456\u0440\u0438",
-preview:"\u041F\u0435\u0440\u0435\u0433\u043B\u044F\u0434",
-constrain_proportions:"\u0417\u0431\u0435\u0440\u0456\u0433\u0430\u0442\u0438 \u043F\u0440\u043E\u043F\u043E\u0440\u0446\u0456\u0457",
-type:"\u0422\u0438\u043F",
-id:"Id",
-name:"\u041D\u0430\u0437\u0432\u0430",
-class_name:"\u041A\u043B\u0430\u0441",
-vspace:"\u0432\u0435\u0440\u0442.\u0432\u0456\u0434\u0441\u0442\u0443\u043F",
-hspace:"\u0433\u043E\u0440.\u0432\u0456\u0434\u0441\u0442\u0443\u043F",
-play:"\u0410\u0432\u0442\u043E\u043F\u043B\u0435\u0439",
-loop:"\u041B\u0443\u043F",
-menu:"\u041F\u043E\u043A\u0430\u0437\u0443\u0432\u0430\u0442\u0438 \u043C\u0435\u043D\u044E",
-quality:"\u042F\u043A\u0456\u0441\u0442\u044C",
-scale:"Scale",
-align:"Align",
-salign:"SAlign",
-wmode:"WMode",
-bgcolor:"\u0424\u043E\u043D",
-base:"Base",
-flashvars:"Flashvars",
-liveconnect:"SWLiveConnect",
-autohref:"AutoHREF",
-cache:"\u041A\u0435\u0448",
-hidden:"Hidden",
-controller:"Controller",
-kioskmode:"Kiosk mode",
-playeveryframe:"Play every frame",
-targetcache:"Target cache",
-correction:"No correction",
-enablejavascript:"Enable JavaScript",
-starttime:"Start time",
-endtime:"End time",
-href:"Href",
-qtsrcchokespeed:"Choke speed",
-target:"Target",
-volume:"\u0413\u0443\u0447\u043D\u0456\u0441\u0442\u044C",
-autostart:"\u0410\u0432\u0442\u043E\u0441\u0442\u0430\u0440\u0442",
-enabled:"Enabled",
-fullscreen:"Fullscreen",
-invokeurls:"Invoke URLs",
-mute:"Mute",
-stretchtofit:"Stretch to fit",
-windowlessvideo:"Windowless video",
-balance:"\u0411\u0430\u043B\u0430\u043D\u0441",
-baseurl:"Base URL",
-captioningid:"Captioning id",
-currentmarker:"Current marker",
-currentposition:"Current position",
-defaultframe:"Default frame",
-playcount:"Play count",
-rate:"Rate",
-uimode:"UI Mode",
-flash_options:"Flash options",
-qt_options:"Quicktime options",
-wmp_options:"Windows media player options",
-rmp_options:"Real media player options",
-shockwave_options:"Shockwave options",
-autogotourl:"Auto goto URL",
-center:"Center",
-imagestatus:"Image status",
-maintainaspect:"Maintain aspect",
-nojava:"No java",
-prefetch:"Prefetch",
-shuffle:"Shuffle",
-console:"Console",
-numloop:"Num loops",
-controls:"Controls",
-scriptcallbacks:"Script callbacks",
-swstretchstyle:"Stretch style",
-swstretchhalign:"Stretch H-Align",
-swstretchvalign:"Stretch V-Align",
-sound:"Sound",
-progress:"Progress",
-qtsrc:"QT Src",
-qt_stream_warn:"Streamed rtsp resources should be added to the QT Src field under the advanced tab.\nYou should also add a non streamed version to the Src field..",
-align_top:"Top",
-align_right:"Right",
-align_bottom:"Bottom",
-align_left:"Left",
-align_center:"Center",
-align_top_left:"Top left",
-align_top_right:"Top right",
-align_bottom_left:"Bottom left",
-align_bottom_right:"Bottom right",
-flv_options:"Flash video options",
-flv_scalemode:"Scale mode",
-flv_buffer:"Buffer",
-flv_startimage:"Start image",
-flv_starttime:"Start time",
-flv_defaultvolume:"Default volumne",
-flv_hiddengui:"Hidden GUI",
-flv_autostart:"Auto start",
-flv_loop:"Loop",
-flv_showscalemodes:"Show scale modes",
-flv_smoothvideo:"Smooth video",
-flv_jscallback:"JS Callback"
-});
\ No newline at end of file
+tinyMCE.addI18n('uk.media_dlg',{list:"\u0421\u043f\u0438\u0441\u043e\u043a",file:"\u0424\u0430\u0439\u043b/URL",advanced:"\u0414\u043e\u0434\u0430\u0442\u043a\u043e\u0432\u043e",general:"\u0417\u0430\u0433\u0430\u043b\u044c\u043d\u0435",title:"\u0412\u0441\u0442\u0430\u0432\u0438\u0442\u0438 / \u0440\u0435\u0434\u0430\u0433\u0443\u0432\u0430\u0442\u0438 \u0432\u0431\u0443\u0434\u043e\u0432\u0430\u043d\u0456 \u043c\u0435\u0434\u0456\u0430","align_top_left":"\u0417\u0432\u0435\u0440\u0445\u0443 \u0437\u043b\u0456\u0432\u0430","align_center":"\u0426\u0435\u043d\u0442\u0440","align_left":"\u041b\u0456\u0432\u043e","align_bottom":"\u041d\u0438\u0437","align_right":"\u041f\u0440\u0430\u0432\u043e","align_top":"\u0412\u0435\u0440\u0445","qt_stream_warn":"Streamed rtsp resources should be added to the QT Src field under the advanced tab.\nYou should also add a non streamed version to the Src field..",qtsrc:"\u0414\u0436\u0435\u0440\u0435\u043b\u043e QT",progress:"\u0425\u0456\u0434",sound:"\u0417\u0432\u0443\u043a",swstretchvalign:"\u0420\u043e\u0437\u0442\u044f\u0433\u043d\u0443\u0442\u0438 \u0432\u0435\u0440\u0442. \u0432\u0438\u0440\u0456\u0432\u043d\u044e\u0430\u043d\u043d\u044f",swstretchhalign:"\u0420\u043e\u0437\u0442\u044f\u0433\u043d\u0443\u0442\u0438 \u0433\u043e\u0440\u0438\u0437. \u0432\u0438\u0440\u0456\u0432\u043d\u044e\u0430\u043d\u043d\u044f",swstretchstyle:"\u0420\u043e\u0437\u0442\u044f\u0433\u043d\u0443\u0442\u0438\u0439 \u0441\u0442\u0438\u043b\u044c",scriptcallbacks:"\u0417\u0432\u043e\u0440\u043e\u0442\u043d\u0456\u0439 \u0432\u0438\u043a\u043b\u0438\u043a \u0441\u0446\u0435\u043d\u0430\u0440\u0456\u044e","align_top_right":"\u0417\u0432\u0435\u0440\u0445\u0443 \u0437\u043f\u0440\u0430\u0432\u0430",uimode:"\u0420\u0435\u0436\u0438\u043c \u0456\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0443",rate:"\u0428\u0432\u0438\u0434\u043a\u0456\u0441\u0442\u044c",playcount:"\u041a\u0456\u043b\u044c\u043a\u0456\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u0432\u0430\u043d\u044c",defaultframe:"\u041a\u0430\u0434\u0440 \u0437\u0430 \u0437\u0430\u043c\u043e\u0432\u0447\u0430\u043d\u043d\u044f\u043c",currentposition:"\u041f\u043e\u0442\u043e\u0447\u043d\u0430 \u043f\u043e\u0437\u0438\u0446\u0456\u044f",currentmarker:"\u041f\u043e\u0442\u043e\u0447\u043d\u0438\u0439 \u043c\u0430\u0440\u043a\u0435\u0440",captioningid:"\u0406\u0434\u0435\u043d\u0442\u0438\u0444\u0456\u043a\u0430\u0442\u043e\u0440 \u043d\u0430\u0434\u043f\u0438\u0441\u0443",baseurl:"\u041e\u0441\u043d\u043e\u0432\u043d\u0435 \u043f\u043e\u0441\u0438\u043b\u0430\u043d\u043d\u044f",balance:"\u0411\u0430\u043b\u0430\u043d\u0441",windowlessvideo:"Windowless video",stretchtofit:"\u0417\u043c\u0435\u043d\u0448\u0438\u0442\u0438, \u0449\u043e\u0431 \u0432\u043c\u0456\u0441\u0442\u0438\u043b\u043e\u0441\u044c",mute:"\u0417\u0430\u0433\u043b\u0443\u0448\u0438\u0442\u0438",invokeurls:"\u0412\u0438\u043a\u043b\u0438\u043a\u0430\u0442\u0438 URLs",fullscreen:"\u041f\u043e\u0432\u043d\u0438\u0439 \u0435\u043a\u0440\u0430\u043d",enabled:"\u0414\u043e\u0437\u0432\u043e\u043b\u0435\u043d\u0438\u0439",autostart:"\u0410\u0432\u0442\u043e\u0441\u0442\u0430\u0440\u0442",volume:"\u0413\u0443\u0447\u043d\u0456\u0441\u0442\u044c",target:"\u0426\u0456\u043b\u044c",qtsrcchokespeed:"\u0428\u0432\u0438\u0434\u043a\u0456\u0441\u0442\u044c \u0437\u0430\u0433\u0430\u0441\u0430\u043d\u043d\u044f",href:"\u041f\u043e\u0441\u0438\u043b\u0430\u043d\u043d\u044f",endtime:"\u0427\u0430\u0441 \u043a\u0456\u043d\u0446\u044f",starttime:"\u0427\u0430\u0441 \u043f\u043e\u0447\u0430\u0442\u043a\u0443",enablejavascript:"\u0414\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u0438 JavaScript",correction:"\u0411\u0435\u0437 \u043a\u043e\u0440\u0435\u043a\u0446\u0456\u0457",targetcache:"\u0426\u0456\u043b\u044c\u043e\u0432\u0438\u0439 \u043a\u0435\u0448",playeveryframe:"\u041f\u0440\u043e\u0433\u0440\u0430\u0432\u0430\u0442\u0438 \u043a\u043e\u0436\u0435\u043d \u043a\u0430\u0434\u0440",kioskmode:"\u041f\u043e\u0432\u043d\u043e\u0435\u043a\u0440\u0430\u043d\u043d\u0438\u0439 \u0440\u0435\u0436\u0438\u043c",controller:"\u041a\u043e\u043d\u0442\u0440\u043e\u043b\u0435\u0440",menu:"\u041f\u043e\u043a\u0430\u0437\u0443\u0432\u0430\u0442\u0438 \u043c\u0435\u043d\u044e",loop:"\u041f\u043e\u0432\u0442\u043e\u0440\u044e\u0432\u0430\u0442\u0438",play:"\u0410\u0432\u0442\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u0432\u043d\u043d\u044f",hspace:"\u0433\u043e\u0440.\u0432\u0456\u0434\u0441\u0442\u0443\u043f",vspace:"\u0432\u0435\u0440\u0442.\u0432\u0456\u0434\u0441\u0442\u0443\u043f","class_name":"\u041a\u043b\u0430\u0441",name:"\u041d\u0430\u0437\u0432\u0430",id:"\u0406\u0434\u0435\u043d\u0442\u0438\u0444\u0456\u043a\u0430\u0442\u043e\u0440",type:"\u0422\u0438\u043f",size:"\u0420\u043e\u0437\u043c\u0456\u0440\u0438",preview:"\u041f\u0435\u0440\u0435\u0433\u043b\u044f\u0434","constrain_proportions":"\u0417\u0431\u0435\u0440\u0456\u0433\u0430\u0442\u0438 \u043f\u0440\u043e\u043f\u043e\u0440\u0446\u0456\u0457",controls:"\u041a\u0435\u0440\u0443\u0432\u0430\u043d\u043d\u044f",numloop:"\u041a\u0456\u043b\u044c\u043a\u0456\u0441\u0442\u044c \u0446\u0438\u043a\u043b\u0456\u0432",console:"\u041a\u043e\u043d\u0441\u043e\u043b\u044c",cache:"\u041a\u0435\u0448",autohref:"AutoHREF",liveconnect:"SWLiveConnect",flashvars:"Flash-\u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0438",base:"\u0411\u0430\u0437\u0430",bgcolor:"\u0424\u043e\u043d",wmode:"W-\u0440\u0435\u0436\u0438\u043c",salign:"S-\u0412\u0438\u0440\u0456\u0432\u043d\u044e\u0432\u0430\u043d\u043d\u044f",align:"\u0412\u0438\u0440\u0456\u0432\u043d\u044e\u0432\u0430\u043d\u043d\u044f",scale:"\u041c\u0430\u0441\u0448\u0442\u0430\u0431\u0443\u0432\u0430\u043d\u043d\u044f",quality:"\u042f\u043a\u0456\u0441\u0442\u044c",shuffle:"\u041f\u0435\u0440\u0435\u0442\u0430\u0441\u0443\u0432\u0430\u0442\u0438",prefetch:"\u041f\u043e\u043f\u0435\u0440\u0435\u0434\u043d\u0454 \u0432\u0438\u043b\u0443\u0447\u0435\u043d\u043d\u044f",nojava:"\u0411\u0435\u0437 Java",maintainaspect:"\u0412\u0434\u0435\u0440\u0436\u0443\u0432\u0430\u0442\u0438 \u0440\u0430\u043a\u0443\u0440\u0441",imagestatus:"\u0421\u0442\u0430\u0442\u0443\u0441 \u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u043d\u044f",center:"\u041f\u043e \u0446\u0435\u043d\u0442\u0440\u0443",autogotourl:"\u041f\u043e\u0441\u0438\u043b\u0430\u043d\u043d\u044f \u0430\u0432\u0442\u043e\u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0443","shockwave_options":"\u041e\u043f\u0446\u0456\u0457 Shockwave","rmp_options":"\u041e\u043f\u0446\u0456\u0457 Real media player","wmp_options":"\u041e\u043f\u0446\u0456\u0457 Windows media player","qt_options":"\u041e\u043f\u0446\u0456\u0457 Quicktime","flash_options":"\u041e\u043f\u0446\u0456\u0457 Flash",hidden:"\u041f\u0440\u0438\u0445\u043e\u0432\u0430\u043d\u0438\u0439","align_bottom_left":"\u0417\u043d\u0438\u0437\u0443 \u0437\u043b\u0456\u0432\u0430","align_bottom_right":"\u0417\u043d\u0438\u0437\u0443 \u0437\u043f\u0440\u0430\u0432\u0430",flash:"flash",quicktime:"quicktime","embedded_audio_options":"\u041f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0438 \u0432\u0431\u0443\u0434\u043e\u0432\u0430\u043d\u043e\u0433\u043e \u0437\u0432\u0443\u043a\u0443",windowsmedia:"windowsmedia",realmedia:"realmedia",shockwave:"shockwave",audio:"audio",video:"video","html5_video_options":"\u0412\u0456\u0434\u0435\u043e \u043e\u043f\u0446\u0456\u0457 HTML5",altsource1:"\u0410\u043b\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u0435 \u0434\u0436\u0435\u0440\u0435\u043b\u043e 1",altsource2:"\u0410\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u0435 \u0434\u0436\u0435\u0440\u0435\u043b\u043e 2",preload:"\u041f\u043e\u043f\u0435\u0440\u0435\u0434\u043d\u0454 \u0437\u0430\u0432\u0430\u043d\u0442\u0430\u0436\u0435\u043d\u043d\u044f",poster:"\u041f\u043e\u0441\u0442\u0435\u0440",source:"\u0414\u0436\u0435\u0440\u0435\u043b\u043e","html5_audio_options":"\u0410\u0443\u0434\u0456\u043e \u043e\u043f\u0446\u0456\u0457","preload_none":"\u0411\u0435\u0437 \u043f\u043e\u043f\u0435\u0440\u0435\u0434\u043d\u044c\u043e\u0457 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438","preload_metadata":"\u041f\u043e\u043f\u0435\u0440\u0435\u0434\u043d\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u0438\u0445 \u0432\u0456\u0434\u0435\u043e","preload_auto":"\u041d\u0430 \u0440\u043e\u0437\u0441\u0443\u0434 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430",iframe:"iframe",embeddedaudio:"embeddedaudio"});
\ No newline at end of file

--
Gitblit v1.9.1