From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/js/tiny_mce/themes/advanced/js/link.js |   12 +++++++++---
 1 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/program/js/tiny_mce/themes/advanced/js/link.js b/program/js/tiny_mce/themes/advanced/js/link.js
index 53ff409..8c1d73c 100644
--- a/program/js/tiny_mce/themes/advanced/js/link.js
+++ b/program/js/tiny_mce/themes/advanced/js/link.js
@@ -68,10 +68,16 @@
 		} else {
 			ed.dom.setAttribs(e, {
 				href : href,
-				title : f.linktitle.value,
-				target : f.target_list ? getSelectValue(f, "target_list") : null,
-				'class' : f.class_list ? getSelectValue(f, "class_list") : null
+				title : f.linktitle.value
 			});
+	
+			if (f.target_list) {
+				ed.dom.setAttrib(e, 'target', getSelectValue(f, "target_list"));
+			}
+
+			if (f.class_list) {
+				ed.dom.setAttrib(e, 'class', getSelectValue(f, "class_list"));
+			}
 		}
 
 		// Don't move caret if selection was image

--
Gitblit v1.9.1