From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/js/tiny_mce/themes/advanced/charmap.htm |   85 ++++++++++++++++++++++--------------------
 1 files changed, 44 insertions(+), 41 deletions(-)

diff --git a/program/js/tiny_mce/themes/advanced/charmap.htm b/program/js/tiny_mce/themes/advanced/charmap.htm
index 3991b81..d4b6bdf 100644
--- a/program/js/tiny_mce/themes/advanced/charmap.htm
+++ b/program/js/tiny_mce/themes/advanced/charmap.htm
@@ -5,48 +5,51 @@
 	<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
 	<script type="text/javascript" src="js/charmap.js"></script>
 </head>
-<body id="charmap" style="display:none">
-<table align="center" border="0" cellspacing="0" cellpadding="2">
-    <tr>
-        <td colspan="2" class="title">{#advanced_dlg.charmap_title}</td>
-    </tr>
-    <tr>
-        <td id="charmapView" rowspan="2" align="left" valign="top">
+<body id="charmap" style="display:none" role="application">
+<table align="center" border="0" cellspacing="0" cellpadding="2" role="presentation">
+	<tr>
+		<td colspan="2" class="title" ><label for="charmapView" id="charmap_label">{#advanced_dlg.charmap_title}</label></td>
+	</tr>
+	<tr>
+		<td id="charmapView" rowspan="2" align="left" valign="top">
 			<!-- Chars will be rendered here -->
-        </td>
-        <td width="100" align="center" valign="top">
-            <table border="0" cellpadding="0" cellspacing="0" width="100" style="height:100px">
-                <tr>
-                    <td id="codeV">&nbsp;</td>
-                </tr>
-                <tr>
-                    <td id="codeN">&nbsp;</td>
-                </tr>
-            </table>
-        </td>
-    </tr>
-    <tr>
-        <td valign="bottom" style="padding-bottom: 3px;">
-            <table width="100" align="center" border="0" cellpadding="2" cellspacing="0">
-                <tr>
-                    <td align="center" style="border-left: 1px solid #666699; border-top: 1px solid #666699; border-right: 1px solid #666699;">HTML-Code</td>
-                </tr>
-                <tr>
-                    <td style="font-size: 16px; font-weight: bold; border-left: 1px solid #666699; border-bottom: 1px solid #666699; border-right: 1px solid #666699;" id="codeA" align="center">&nbsp;</td>
-                </tr>
-                <tr>
-                    <td style="font-size: 1px;">&nbsp;</td>
-                </tr>
-                <tr>
-                    <td align="center" style="border-left: 1px solid #666699; border-top: 1px solid #666699; border-right: 1px solid #666699;">NUM-Code</td>
-                </tr>
-                <tr>
-                    <td style="font-size: 16px; font-weight: bold; border-left: 1px solid #666699; border-bottom: 1px solid #666699; border-right: 1px solid #666699;" id="codeB" align="center">&nbsp;</td>
-                </tr>
-            </table>
-        </td>
-    </tr>
+		</td>
+		<td width="100" align="center" valign="top">
+			<table border="0" cellpadding="0" cellspacing="0" width="100" style="height:100px" role="presentation">
+				<tr>
+					<td id="codeV">&nbsp;</td>
+				</tr>
+				<tr>
+					<td id="codeN">&nbsp;</td>
+				</tr>
+			</table>
+		</td>
+	</tr>
+	<tr>
+		<td valign="bottom" style="padding-bottom: 3px;">
+			<table width="100" align="center" border="0" cellpadding="2" cellspacing="0" role="presentation">
+				<tr>
+					<td align="center" style="border-left: 1px solid #666699; border-top: 1px solid #666699; border-right: 1px solid #666699;"><label for="codeA">HTML-Code</label></td>
+				</tr>
+				<tr>
+					<td style="font-size: 16px; font-weight: bold; border-left: 1px solid #666699; border-bottom: 1px solid #666699; border-right: 1px solid #666699;" id="codeA" align="center">&nbsp;</td>
+				</tr>
+				<tr>
+					<td style="font-size: 1px;">&nbsp;</td>
+				</tr>
+				<tr>
+					<td align="center" style="border-left: 1px solid #666699; border-top: 1px solid #666699; border-right: 1px solid #666699;"><label for="codeB">NUM-Code</label></td>
+				</tr>
+				<tr>
+					<td style="font-size: 16px; font-weight: bold; border-left: 1px solid #666699; border-bottom: 1px solid #666699; border-right: 1px solid #666699;" id="codeB" align="center">&nbsp;</td>
+				</tr>
+			</table>
+		</td>
+	</tr>
+	<tr>
+		<td colspan="2" id="charmap_usage">{#advanced_dlg.charmap_usage}</td>
+	</tr>
+	
 </table>
-
 </body>
 </html>

--
Gitblit v1.9.1