From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/js/tiny_mce/plugins/table/js/row.js |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/program/js/tiny_mce/plugins/table/js/row.js b/program/js/tiny_mce/plugins/table/js/row.js
index b275e6e..a13d695 100644
--- a/program/js/tiny_mce/plugins/table/js/row.js
+++ b/program/js/tiny_mce/plugins/table/js/row.js
@@ -56,6 +56,11 @@
 	var inst = tinyMCEPopup.editor, dom = inst.dom, trElm, tableElm, formObj = document.forms[0];
 	var action = getSelectValue(formObj, 'action');
 
+	if (!AutoValidator.validate(formObj)) {
+		tinyMCEPopup.alert(AutoValidator.getErrorMessages(formObj).join('. ') + '.');
+		return false;
+	}
+
 	tinyMCEPopup.restoreSelection();
 	trElm = dom.getParent(inst.selection.getStart(), "tr");
 	tableElm = dom.getParent(inst.selection.getStart(), "table");

--
Gitblit v1.9.1