From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/js/tiny_mce/themes/simple/editor_template_src.js |    3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)

diff --git a/program/js/tiny_mce/themes/simple/editor_template_src.js b/program/js/tiny_mce/themes/simple/editor_template_src.js
index 4b862d4..01ce87c 100644
--- a/program/js/tiny_mce/themes/simple/editor_template_src.js
+++ b/program/js/tiny_mce/themes/simple/editor_template_src.js
@@ -19,6 +19,7 @@
 			var t = this, states = ['Bold', 'Italic', 'Underline', 'Strikethrough', 'InsertUnorderedList', 'InsertOrderedList'], s = ed.settings;
 
 			t.editor = ed;
+			ed.contentCSS.push(url + "/skins/" + s.skin + "/content.css");
 
 			ed.onInit.add(function() {
 				ed.onNodeChange.add(function(ed, cm) {
@@ -26,8 +27,6 @@
 						cm.get(c.toLowerCase()).setActive(ed.queryCommandState(c));
 					});
 				});
-
-				ed.dom.loadCSS(url + "/skins/" + s.skin + "/content.css");
 			});
 
 			DOM.loadCSS((s.editor_css ? ed.documentBaseURI.toAbsolute(s.editor_css) : '') || url + "/skins/" + s.skin + "/ui.css");

--
Gitblit v1.9.1