From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
program/js/tiny_mce/plugins/table/row.htm | 111 +++++++++++++++++++++++++++----------------------------
1 files changed, 55 insertions(+), 56 deletions(-)
diff --git a/program/js/tiny_mce/plugins/table/row.htm b/program/js/tiny_mce/plugins/table/row.htm
index 64f2afc..1885401 100644
--- a/program/js/tiny_mce/plugins/table/row.htm
+++ b/program/js/tiny_mce/plugins/table/row.htm
@@ -1,75 +1,77 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
- <title>{$lang_table_row_title}</title>
- <script language="javascript" type="text/javascript" src="../../tiny_mce_popup.js"></script>
- <script language="javascript" type="text/javascript" src="../../utils/mctabs.js"></script>
- <script language="javascript" type="text/javascript" src="../../utils/form_utils.js"></script>
- <script language="javascript" type="text/javascript" src="jscripts/row.js"></script>
+ <title>{#table_dlg.row_title}</title>
+ <script type="text/javascript" src="../../tiny_mce_popup.js"></script>
+ <script type="text/javascript" src="../../utils/mctabs.js"></script>
+ <script type="text/javascript" src="../../utils/form_utils.js"></script>
+ <script type="text/javascript" src="../../utils/validate.js"></script>
+ <script type="text/javascript" src="../../utils/editable_selects.js"></script>
+ <script type="text/javascript" src="js/row.js"></script>
<link href="css/row.css" rel="stylesheet" type="text/css" />
- <base target="_self" />
</head>
-<body id="tablerow" onload="tinyMCEPopup.executeOnLoad('init();');" style="display: none">
- <form onsubmit="updateAction();return false;">
+<body id="tablerow" style="display: none" role="application">
+ <form onsubmit="updateAction();return false;" action="#">
<div class="tabs">
<ul>
- <li id="general_tab" class="current"><span><a href="javascript:mcTabs.displayTab('general_tab','general_panel');" onmousedown="return false;">{$lang_table_general_tab}</a></span></li>
- <li id="advanced_tab"><span><a href="javascript:mcTabs.displayTab('advanced_tab','advanced_panel');" onmousedown="return false;">{$lang_table_advanced_tab}</a></span></li>
+ <li id="general_tab" class="current" aria-controls="general_panel"><span><a href="javascript:mcTabs.displayTab('general_tab','general_panel');" onmousedown="return false;">{#table_dlg.general_tab}</a></span></li>
+ <li id="advanced_tab" aria-controls="advanced_panel"><span><a href="javascript:mcTabs.displayTab('advanced_tab','advanced_panel');" onmousedown="return false;">{#table_dlg.advanced_tab}</a></span></li>
</ul>
</div>
<div class="panel_wrapper">
<div id="general_panel" class="panel current">
<fieldset>
- <legend>{$lang_table_general_props}</legend>
+ <legend>{#table_dlg.general_props}</legend>
- <table border="0" cellpadding="4" cellspacing="0">
+ <table role="presentation" border="0" cellpadding="4" cellspacing="0">
<tr>
- <td><label for="rowtype">{$lang_table_rowtype}</label></td>
+ <td><label for="rowtype">{#table_dlg.rowtype}</label></td>
<td class="col2">
- <select id="rowtype" name="rowtype">
- <option value="thead">{$lang_table_thead}</option>
- <option value="tbody">{$lang_table_tbody}</option>
- <option value="tfoot">{$lang_table_tfoot}</option>
+ <select id="rowtype" name="rowtype" class="mceFocus">
+ <option value="thead">{#table_dlg.thead}</option>
+ <option value="tbody">{#table_dlg.tbody}</option>
+ <option value="tfoot">{#table_dlg.tfoot}</option>
</select>
</td>
</tr>
<tr>
- <td><label for="align">{$lang_table_align}</label></td>
+ <td><label for="align">{#table_dlg.align}</label></td>
<td class="col2">
<select id="align" name="align">
- <option value="">{$lang_not_set}</option>
- <option value="center">{$lang_table_align_middle}</option>
- <option value="left">{$lang_table_align_left}</option>
- <option value="right">{$lang_table_align_right}</option>
+ <option value="">{#not_set}</option>
+ <option value="center">{#table_dlg.align_middle}</option>
+ <option value="left">{#table_dlg.align_left}</option>
+ <option value="right">{#table_dlg.align_right}</option>
</select>
</td>
</tr>
<tr>
- <td><label for="valign">{$lang_table_valign}</label></td>
+ <td><label for="valign">{#table_dlg.valign}</label></td>
<td class="col2">
<select id="valign" name="valign">
- <option value="">{$lang_not_set}</option>
- <option value="top">{$lang_table_align_top}</option>
- <option value="middle">{$lang_table_align_middle}</option>
- <option value="bottom">{$lang_table_align_bottom}</option>
+ <option value="">{#not_set}</option>
+ <option value="top">{#table_dlg.align_top}</option>
+ <option value="middle">{#table_dlg.align_middle}</option>
+ <option value="bottom">{#table_dlg.align_bottom}</option>
</select>
</td>
</tr>
<tr id="styleSelectRow">
- <td><label for="class">{$lang_class_name}</label></td>
+ <td><label for="class">{#class_name}</label></td>
<td class="col2">
- <select id="class" name="class">
- <option value="" selected="selected">{$lang_not_set}</option>
+ <select id="class" name="class" class="mceEditableSelect">
+ <option value="" selected="selected">{#not_set}</option>
</select>
</td>
</tr>
<tr>
- <td><label for="height">{$lang_table_height}</label></td>
- <td class="col2"><input name="height" type="text" id="height" value="" size="4" maxlength="4" onchange="changedSize();" /></td>
+ <td><label for="height">{#table_dlg.height}</label></td>
+ <td class="col2"><input name="height" type="text" id="height" value="" size="7" maxlength="7" onchange="changedSize();" class="size" /></td>
</tr>
</table>
</fieldset>
@@ -77,41 +79,41 @@
<div id="advanced_panel" class="panel">
<fieldset>
- <legend>{$lang_table_advanced_props}</legend>
+ <legend>{#table_dlg.advanced_props}</legend>
- <table border="0" cellpadding="0" cellspacing="4">
+ <table role="presentation" border="0" cellpadding="0" cellspacing="4">
<tr>
- <td class="column1"><label for="id">{$lang_table_id}</label></td>
+ <td class="column1"><label for="id">{#table_dlg.id}</label></td>
<td><input id="id" name="id" type="text" value="" style="width: 200px" /></td>
</tr>
<tr>
- <td><label for="style">{$lang_table_style}</label></td>
+ <td><label for="style">{#table_dlg.style}</label></td>
<td><input type="text" id="style" name="style" value="" style="width: 200px;" onchange="changedStyle();" /></td>
</tr>
<tr>
- <td class="column1"><label for="dir">{$lang_table_langdir}</label></td>
+ <td class="column1"><label for="dir">{#table_dlg.langdir}</label></td>
<td>
<select id="dir" name="dir" style="width: 200px">
- <option value="">{$lang_not_set}</option>
- <option value="ltr">{$lang_table_ltr}</option>
- <option value="rtl">{$lang_table_rtl}</option>
+ <option value="">{#not_set}</option>
+ <option value="ltr">{#table_dlg.ltr}</option>
+ <option value="rtl">{#table_dlg.rtl}</option>
</select>
</td>
</tr>
<tr>
- <td class="column1"><label for="lang">{$lang_table_langcode}</label></td>
+ <td class="column1"><label for="lang">{#table_dlg.langcode}</label></td>
<td>
<input id="lang" name="lang" type="text" value="" style="width: 200px" />
</td>
</tr>
<tr>
- <td class="column1"><label for="backgroundimage">{$lang_table_bgimage}</label></td>
+ <td class="column1"><label for="backgroundimage">{#table_dlg.bgimage}</label></td>
<td>
- <table border="0" cellpadding="0" cellspacing="0">
+ <table role="presentation" border="0" cellpadding="0" cellspacing="0">
<tr>
<td><input id="backgroundimage" name="backgroundimage" type="text" value="" style="width: 200px" onchange="changedBackgroundImage();" /></td>
<td id="backgroundimagebrowsercontainer"> </td>
@@ -121,14 +123,16 @@
</tr>
<tr>
- <td class="column1"><label for="bgcolor">{$lang_table_bgcolor}</label></td>
+ <td class="column1"><label for="bgcolor" id="bgcolor_label">{#table_dlg.bgcolor}</label></td>
<td>
- <table border="0" cellpadding="0" cellspacing="0">
+ <span role="group" aria-labelledby="bgcolor_label">
+ <table role="presentation" border="0" cellpadding="0" cellspacing="0">
<tr>
<td><input id="bgcolor" name="bgcolor" type="text" value="" size="9" onchange="updateColor('bgcolor_pick','bgcolor');changedColor();" /></td>
<td id="bgcolor_pickcontainer"> </td>
</tr>
</table>
+ </span>
</td>
</tr>
</table>
@@ -139,20 +143,15 @@
<div class="mceActionPanel">
<div>
<select id="action" name="action">
- <option value="row">{$lang_table_row_row}</option>
- <option value="odd">{$lang_table_row_odd}</option>
- <option value="even">{$lang_table_row_even}</option>
- <option value="all">{$lang_table_row_all}</option>
+ <option value="row">{#table_dlg.row_row}</option>
+ <option value="odd">{#table_dlg.row_odd}</option>
+ <option value="even">{#table_dlg.row_even}</option>
+ <option value="all">{#table_dlg.row_all}</option>
</select>
</div>
- <div style="float: left">
- <div><input type="button" id="insert" name="insert" value="{$lang_update}" onclick="updateAction();" /></div>
- </div>
-
- <div style="float: right">
- <input type="button" id="cancel" name="cancel" value="{$lang_cancel}" onclick="tinyMCEPopup.close();" />
- </div>
+ <input type="submit" id="insert" name="insert" value="{#update}" />
+ <input type="button" id="cancel" name="cancel" value="{#cancel}" onclick="tinyMCEPopup.close();" />
</div>
</form>
</body>
--
Gitblit v1.9.1