From d6284b4d22d1e6912b01228b7d2a63e9fecbc5fb Mon Sep 17 00:00:00 2001
From: till <till@php.net>
Date: Wed, 02 Nov 2011 11:13:42 -0400
Subject: [PATCH] check-in 3.4.6 (without moxieplayer due to a content-spoofing vulnerability)

---
 program/js/editor_images.js |   18 +++++-------------
 1 files changed, 5 insertions(+), 13 deletions(-)

diff --git a/program/js/editor_images.js b/program/js/editor_images.js
index 373b44e..28e6bec 100644
--- a/program/js/editor_images.js
+++ b/program/js/editor_images.js
@@ -1,20 +1,12 @@
 
 var rc_client = tinyMCEPopup.getParam("rc_client");
-if (rc_client.gui_objects.attachmentlist)
+if (rc_client.env.attachments)
 {
    var tinyMCEImageList = new Array();
-   var attachElems = rc_client.gui_objects.attachmentlist.getElementsByTagName("li");
-   for (i = 0; i < attachElems.length; i++)
+   for (var id in rc_client.env.attachments)
    {
-      var liElem = attachElems[i];
-      var fname = attachElems[i].id;
-      for (j = 0; j < liElem.childNodes.length; j++)
-      {
-         if (liElem.childNodes[j].nodeName == "#text")
-         {
-            fname = liElem.childNodes[j].nodeValue;
-         }
-      }
-      tinyMCEImageList.push([fname, rc_client.env.comm_path+'&_action=display-attachment&_file='+attachElems[i].id]);
+      var att = rc_client.env.attachments[id];
+      if (att.complete && att.mimetype.indexOf('image/') == 0)
+        tinyMCEImageList.push([att.name, rc_client.env.comm_path+'&_action=display-attachment&_file='+id+'&_id='+rc_client.env.compose_id]);
    }
 };

--
Gitblit v1.9.1