From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
program/js/tiny_mce/plugins/media/media.htm | 146 ++++++++++++++++++++++++++++++++++++++++++------
1 files changed, 128 insertions(+), 18 deletions(-)
diff --git a/program/js/tiny_mce/plugins/media/media.htm b/program/js/tiny_mce/plugins/media/media.htm
index 807a537..957d83a 100644
--- a/program/js/tiny_mce/plugins/media/media.htm
+++ b/program/js/tiny_mce/plugins/media/media.htm
@@ -29,15 +29,7 @@
<tr>
<td><label for="media_type">{#media_dlg.type}</label></td>
<td>
- <select id="media_type" name="media_type" onchange="Media.formToData('type');">
- <option value="video">HTML5 Video</option>
- <option value="flash">Flash</option>
- <option value="quicktime">QuickTime</option>
- <option value="shockwave">Shockwave</option>
- <option value="windowsmedia">Windows Media</option>
- <option value="realmedia">Real Media</option>
- <option value="iframe">Iframe</option>
- </select>
+ <select id="media_type"></select>
</td>
</tr>
<tr>
@@ -159,6 +151,17 @@
</table>
</td>
</tr>
+
+ <tr>
+ <td><label for="video_preload">{#media_dlg.preload}</label></td>
+ <td>
+ <select id="video_preload" name="video_preload" onchange="Media.formToData();">
+ <option value="none">{#media_dlg.preload_none}</option>
+ <option value="metadata">{#media_dlg.preload_metadata}</option>
+ <option value="auto">{#media_dlg.preload_auto}</option>
+ </select>
+ </td>
+ </tr>
</table>
<table role="presentation" border="0" cellpadding="4" cellspacing="0">
@@ -175,19 +178,19 @@
<td>
<table role="presentation" border="0" cellpadding="0" cellspacing="0">
<tr>
- <td><input type="checkbox" class="checkbox" id="video_loop" name="video_loop" onchange="Media.formToData();" /></td>
- <td><label for="video_loop">{#media_dlg.loop}</label></td>
+ <td><input type="checkbox" class="checkbox" id="video_muted" name="video_muted" onchange="Media.formToData();" /></td>
+ <td><label for="video_muted">{#media_dlg.mute}</label></td>
</tr>
</table>
</td>
<td>
- <table role="presentation" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td><input type="checkbox" class="checkbox" id="video_preload" name="video_preload" onchange="Media.formToData();" /></td>
- <td><label for="video_preload">{#media_dlg.preload}</label></td>
- </tr>
- </table>
+ <table role="presentation" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input type="checkbox" class="checkbox" id="video_loop" name="video_loop" onchange="Media.formToData();" /></td>
+ <td><label for="video_loop">{#media_dlg.loop}</label></td>
+ </tr>
+ </table>
</td>
<td>
@@ -195,6 +198,113 @@
<tr>
<td><input type="checkbox" class="checkbox" id="video_controls" name="video_controls" onchange="Media.formToData();" /></td>
<td><label for="video_controls">{#media_dlg.controls}</label></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </fieldset>
+
+ <fieldset id="embeddedaudio_options">
+ <legend>{#media_dlg.embedded_audio_options}</legend>
+
+ <table role="presentation" border="0" cellpadding="4" cellspacing="0">
+ <tr>
+ <td>
+ <table role="presentation" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input type="checkbox" class="checkbox" id="embeddedaudio_autoplay" name="audio_autoplay" onchange="Media.formToData();" /></td>
+ <td><label for="audio_autoplay">{#media_dlg.play}</label></td>
+ </tr>
+ </table>
+ </td>
+
+ <td>
+ <table role="presentation" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input type="checkbox" class="checkbox" id="embeddedaudio_loop" name="audio_loop" onchange="Media.formToData();" /></td>
+ <td><label for="audio_loop">{#media_dlg.loop}</label></td>
+ </tr>
+ </table>
+ </td>
+
+ <td>
+ <table role="presentation" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input type="checkbox" class="checkbox" id="embeddedaudio_controls" name="audio_controls" onchange="Media.formToData();" /></td>
+ <td><label for="audio_controls">{#media_dlg.controls}</label></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </fieldset>
+
+ <fieldset id="audio_options">
+ <legend>{#media_dlg.html5_audio_options}</legend>
+
+ <table role="presentation">
+ <tr>
+ <td><label for="audio_altsource1">{#media_dlg.altsource1}</label></td>
+ <td>
+ <table role="presentation" border="0" cellspacing="0" cellpadding="0">
+ <tr>
+ <td><input type="text" id="audio_altsource1" name="audio_altsource1" onchange="Media.formToData();" style="width: 240px" /></td>
+ <td id="audio_altsource1_filebrowser"> </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+
+ <tr>
+ <td><label for="audio_altsource2">{#media_dlg.altsource2}</label></td>
+ <td>
+ <table role="presentation" border="0" cellspacing="0" cellpadding="0">
+ <tr>
+ <td><input type="text" id="audio_altsource2" name="audio_altsource2" onchange="Media.formToData();" style="width: 240px" /></td>
+ <td id="audio_altsource2_filebrowser"> </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+
+ <tr>
+ <td><label for="audio_preload">{#media_dlg.preload}</label></td>
+ <td>
+ <select id="audio_preload" name="audio_preload" onchange="Media.formToData();">
+ <option value="none">{#media_dlg.preload_none}</option>
+ <option value="metadata">{#media_dlg.preload_metadata}</option>
+ <option value="auto">{#media_dlg.preload_auto}</option>
+ </select>
+ </td>
+ </tr>
+ </table>
+
+ <table role="presentation" border="0" cellpadding="4" cellspacing="0">
+ <tr>
+ <td>
+ <table role="presentation" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input type="checkbox" class="checkbox" id="audio_autoplay" name="audio_autoplay" onchange="Media.formToData();" /></td>
+ <td><label for="audio_autoplay">{#media_dlg.play}</label></td>
+ </tr>
+ </table>
+ </td>
+
+ <td>
+ <table role="presentation" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input type="checkbox" class="checkbox" id="audio_loop" name="audio_loop" onchange="Media.formToData();" /></td>
+ <td><label for="audio_loop">{#media_dlg.loop}</label></td>
+ </tr>
+ </table>
+ </td>
+
+ <td>
+ <table role="presentation" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input type="checkbox" class="checkbox" id="audio_controls" name="audio_controls" onchange="Media.formToData();" /></td>
+ <td><label for="audio_controls">{#media_dlg.controls}</label></td>
</tr>
</table>
</td>
@@ -798,7 +908,7 @@
<div id="source_panel" class="panel">
<fieldset>
<legend>{#media_dlg.source}</legend>
- <textarea id="source" style="width: 100%; height: 390px"></textarea>
+ <textarea id="source" style="width: 99%; height: 390px"></textarea>
</fieldset>
</div>
</div>
--
Gitblit v1.9.1