From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/js/tiny_mce/themes/advanced/editor_template_src.js |   37 +++++++++++++++++++++++--------------
 1 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/program/js/tiny_mce/themes/advanced/editor_template_src.js b/program/js/tiny_mce/themes/advanced/editor_template_src.js
index 61fe537..afd722d 100644
--- a/program/js/tiny_mce/themes/advanced/editor_template_src.js
+++ b/program/js/tiny_mce/themes/advanced/editor_template_src.js
@@ -13,7 +13,7 @@
 
 	// Generates a preview for a format
 	function getPreviewCss(ed, fmt) {
-		var previewElm, dom = ed.dom, previewCss = '', parentFontSize, previewStylesName;
+		var name, previewElm, dom = ed.dom, previewCss = '', parentFontSize, previewStylesName;
 
 		previewStyles = ed.settings.preview_styles;
 
@@ -154,19 +154,27 @@
 			t.editor = ed;
 			t.url = url;
 			t.onResolveName = new tinymce.util.Dispatcher(this);
+			s = ed.settings;
 
 			ed.forcedHighContrastMode = ed.settings.detect_highcontrast && t._isHighContrast();
 			ed.settings.skin = ed.forcedHighContrastMode ? 'highcontrast' : ed.settings.skin;
 
+			// Setup default buttons
+			if (!s.theme_advanced_buttons1) {
+				s = extend({
+					theme_advanced_buttons1 : "bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull,|,styleselect,formatselect",
+					theme_advanced_buttons2 : "bullist,numlist,|,outdent,indent,|,undo,redo,|,link,unlink,anchor,image,cleanup,help,code",
+					theme_advanced_buttons3 : "hr,removeformat,visualaid,|,sub,sup,|,charmap"
+				}, s);
+			}
+	
 			// Default settings
 			t.settings = s = extend({
 				theme_advanced_path : true,
-				theme_advanced_toolbar_location : 'bottom',
-				theme_advanced_buttons1 : "bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull,|,styleselect,formatselect",
-				theme_advanced_buttons2 : "bullist,numlist,|,outdent,indent,|,undo,redo,|,link,unlink,anchor,image,cleanup,help,code",
-				theme_advanced_buttons3 : "hr,removeformat,visualaid,|,sub,sup,|,charmap",
+				theme_advanced_toolbar_location : 'top',
 				theme_advanced_blockformats : "p,address,pre,h1,h2,h3,h4,h5,h6",
-				theme_advanced_toolbar_align : "center",
+				theme_advanced_toolbar_align : "left",
+				theme_advanced_statusbar_location : "bottom",
 				theme_advanced_fonts : "Andale Mono=andale mono,times;Arial=arial,helvetica,sans-serif;Arial Black=arial black,avant garde;Book Antiqua=book antiqua,palatino;Comic Sans MS=comic sans ms,sans-serif;Courier New=courier new,courier;Georgia=georgia,palatino;Helvetica=helvetica;Impact=impact,chicago;Symbol=symbol;Tahoma=tahoma,arial,helvetica,sans-serif;Terminal=terminal,monaco;Times New Roman=times new roman,times;Trebuchet MS=trebuchet ms,geneva;Verdana=verdana,geneva;Webdings=webdings;Wingdings=wingdings,zapf dingbats",
 				theme_advanced_more_colors : 1,
 				theme_advanced_row_height : 23,
@@ -176,7 +184,7 @@
 				theme_advanced_font_selector : "span",
 				theme_advanced_show_current_color: 0,
 				readonly : ed.settings.readonly
-			}, ed.settings);
+			}, s);
 
 			// Setup default font_size_style_values
 			if (!s.font_size_style_values)
@@ -823,6 +831,7 @@
 					var f = Event.add(ed.id + '_external_close', 'click', function() {
 						DOM.hide(ed.id + '_external');
 						Event.remove(ed.id + '_external_close', 'click', f);
+						return false;
 					});
 
 					DOM.show(e);
@@ -1030,6 +1039,8 @@
 							width = startWidth + (e.screenX - startX);
 							height = startHeight + (e.screenY - startY);
 							t.resizeTo(width, height, true);
+
+							ed.nodeChanged();
 						};
 
 						e.preventDefault();
@@ -1089,19 +1100,17 @@
 
 			p = getParent('A');
 			if (c = cm.get('link')) {
-				if (!p || !p.name) {
-					c.setDisabled(!p && co);
-					c.setActive(!!p);
-				}
+				c.setDisabled((!p && co) || (p && !p.href));
+				c.setActive(!!p && (!p.name && !p.id));
 			}
 
 			if (c = cm.get('unlink')) {
 				c.setDisabled(!p && co);
-				c.setActive(!!p && !p.name);
+				c.setActive(!!p && !p.name && !p.id);
 			}
 
 			if (c = cm.get('anchor')) {
-				c.setActive(!co && !!p && p.name);
+				c.setActive(!co && !!p && (p.name || (p.id && !p.href)));
 			}
 
 			p = getParent('IMG');
@@ -1280,7 +1289,7 @@
 						ti += 'id: ' + v + ' ';
 
 					if (v = n.className) {
-						v = v.replace(/\b\s*(webkit|mce|Apple-)\w+\s*\b/g, '')
+						v = v.replace(/\b\s*(webkit|mce|Apple-)\w+\s*\b/g, '');
 
 						if (v) {
 							ti += 'class: ' + v + ' ';

--
Gitblit v1.9.1