From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/js/tiny_mce/themes/advanced/anchor.htm |   26 ++++++++++++++++++++++++++
 1 files changed, 26 insertions(+), 0 deletions(-)

diff --git a/program/js/tiny_mce/themes/advanced/anchor.htm b/program/js/tiny_mce/themes/advanced/anchor.htm
new file mode 100644
index 0000000..75c93b7
--- /dev/null
+++ b/program/js/tiny_mce/themes/advanced/anchor.htm
@@ -0,0 +1,26 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+	<title>{#advanced_dlg.anchor_title}</title>
+	<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
+	<script type="text/javascript" src="js/anchor.js"></script>
+</head>
+<body style="display: none" role="application" aria-labelledby="app_title">
+<form onsubmit="AnchorDialog.update();return false;" action="#">
+	<table border="0" cellpadding="4" cellspacing="0" role="presentation">
+		<tr>
+			<td colspan="2" class="title" id="app_title">{#advanced_dlg.anchor_title}</td>
+		</tr>
+		<tr>
+			<td class="nowrap"><label for="anchorName">{#advanced_dlg.anchor_name}:</label></td>
+			<td><input name="anchorName" type="text" class="mceFocus" id="anchorName" value="" style="width: 200px" aria-required="true" /></td>
+		</tr>
+	</table>
+
+	<div class="mceActionPanel">
+		<input type="submit" id="insert" name="insert" value="{#update}" />
+		<input type="button" id="cancel" name="cancel" value="{#cancel}" onclick="tinyMCEPopup.close();" />
+	</div>
+</form>
+</body>
+</html>

--
Gitblit v1.9.1