From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/js/tiny_mce/plugins/table/row.htm |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/program/js/tiny_mce/plugins/table/row.htm b/program/js/tiny_mce/plugins/table/row.htm
index c197ff6..1885401 100644
--- a/program/js/tiny_mce/plugins/table/row.htm
+++ b/program/js/tiny_mce/plugins/table/row.htm
@@ -5,6 +5,7 @@
 	<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
 	<script type="text/javascript" src="../../utils/mctabs.js"></script>
 	<script type="text/javascript" src="../../utils/form_utils.js"></script>
+	<script type="text/javascript" src="../../utils/validate.js"></script>
 	<script type="text/javascript" src="../../utils/editable_selects.js"></script>
 	<script type="text/javascript" src="js/row.js"></script>
 	<link href="css/row.css" rel="stylesheet" type="text/css" />
@@ -70,7 +71,7 @@
 
 						<tr>
 							<td><label for="height">{#table_dlg.height}</label></td>
-							<td class="col2"><input name="height" type="text" id="height" value="" size="4" maxlength="4" onchange="changedSize();" /></td>
+							<td class="col2"><input name="height" type="text" id="height" value="" size="7" maxlength="7" onchange="changedSize();" class="size" /></td>
 						</tr>
 					</table>
 				</fieldset>

--
Gitblit v1.9.1