From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
program/js/tiny_mce/themes/advanced/link.htm | 55 +++++++++++++++++++++++++++----------------------------
1 files changed, 27 insertions(+), 28 deletions(-)
diff --git a/program/js/tiny_mce/themes/advanced/link.htm b/program/js/tiny_mce/themes/advanced/link.htm
index 7565b9a..5d9dea9 100644
--- a/program/js/tiny_mce/themes/advanced/link.htm
+++ b/program/js/tiny_mce/themes/advanced/link.htm
@@ -18,34 +18,33 @@
<div class="panel_wrapper">
<div id="general_panel" class="panel current">
-
- <table border="0" cellpadding="4" cellspacing="0">
- <tr>
- <td class="nowrap"><label for="href">{#advanced_dlg.link_url}</label></td>
- <td><table border="0" cellspacing="0" cellpadding="0">
- <tr>
- <td><input id="href" name="href" type="text" class="mceFocus" value="" style="width: 200px" onchange="LinkDialog.checkPrefix(this);" /></td>
- <td id="hrefbrowsercontainer"> </td>
- </tr>
- </table></td>
- </tr>
- <tr>
- <td><label for="link_list">{#advanced_dlg.link_list}</label></td>
- <td><select id="link_list" name="link_list" onchange="document.getElementById('href').value=this.options[this.selectedIndex].value;"></select></td>
- </tr>
- <tr>
- <td><label id="targetlistlabel" for="targetlist">{#advanced_dlg.link_target}</label></td>
- <td><select id="target_list" name="target_list"></select></td>
- </tr>
- <tr>
- <td class="nowrap"><label for="linktitle">{#advanced_dlg.link_titlefield}</label></td>
- <td><input id="linktitle" name="linktitle" type="text" value="" style="width: 200px" /></td>
- </tr>
- <tr>
- <td><label for="class_list">{#class_name}</label></td>
- <td><select id="class_list" name="class_list"></select></td>
- </tr>
- </table>
+ <table border="0" cellpadding="4" cellspacing="0">
+ <tr>
+ <td class="nowrap"><label for="href">{#advanced_dlg.link_url}</label></td>
+ <td><table border="0" cellspacing="0" cellpadding="0">
+ <tr>
+ <td><input id="href" name="href" type="text" class="mceFocus" value="" style="width: 200px" onchange="LinkDialog.checkPrefix(this);" /></td>
+ <td id="hrefbrowsercontainer"> </td>
+ </tr>
+ </table></td>
+ </tr>
+ <tr>
+ <td><label for="link_list">{#advanced_dlg.link_list}</label></td>
+ <td><select id="link_list" name="link_list" onchange="document.getElementById('href').value=this.options[this.selectedIndex].value;"></select></td>
+ </tr>
+ <tr>
+ <td><label id="targetlistlabel" for="targetlist">{#advanced_dlg.link_target}</label></td>
+ <td><select id="target_list" name="target_list"></select></td>
+ </tr>
+ <tr>
+ <td class="nowrap"><label for="linktitle">{#advanced_dlg.link_titlefield}</label></td>
+ <td><input id="linktitle" name="linktitle" type="text" value="" style="width: 200px" /></td>
+ </tr>
+ <tr>
+ <td><label for="class_list">{#class_name}</label></td>
+ <td><select id="class_list" name="class_list"></select></td>
+ </tr>
+ </table>
</div>
</div>
--
Gitblit v1.9.1