From 197203727417a03d87053a47e5aa5175a76e3e0b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 17 Oct 2013 04:24:53 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
program/js/editor.js | 32 ++++++++++++++++++++------------
1 files changed, 20 insertions(+), 12 deletions(-)
diff --git a/program/js/editor.js b/program/js/editor.js
index 1df0fa2..f341ccb 100644
--- a/program/js/editor.js
+++ b/program/js/editor.js
@@ -14,15 +14,15 @@
*/
// Initialize HTML editor
-function rcmail_editor_init(skin_path, editor_lang, spellcheck, mode)
+function rcmail_editor_init(config)
{
var ret, conf = {
mode: 'textareas',
editor_selector: 'mce_editor',
apply_source_formatting: true,
theme: 'advanced',
- language: editor_lang,
- content_css: skin_path + '/editor_content.css',
+ language: config.lang,
+ content_css: config.skin_path + '/editor_content.css',
theme_advanced_toolbar_location: 'top',
theme_advanced_toolbar_align: 'left',
theme_advanced_buttons3: '',
@@ -35,7 +35,7 @@
rc_client: rcmail
};
- if (mode == 'identity')
+ if (config.mode == 'identity')
$.extend(conf, {
plugins: 'paste,tabfocus',
theme_advanced_buttons1: 'bold,italic,underline,strikethrough,justifyleft,justifycenter,justifyright,justifyfull,separator,outdent,indent,charmap,hr,link,unlink,code,forecolor',
@@ -43,11 +43,12 @@
});
else // mail compose
$.extend(conf, {
- plugins: 'paste,emotions,media,nonbreaking,table,searchreplace,visualchars,directionality,tabfocus,contextmenu' + (spellcheck ? ',spellchecker' : ''),
+ plugins: 'paste,emotions,media,nonbreaking,table,searchreplace,visualchars,directionality,tabfocus' + (config.spellcheck ? ',spellchecker' : ''),
theme_advanced_buttons1: 'bold,italic,underline,|,justifyleft,justifycenter,justifyright,justifyfull,|,bullist,numlist,outdent,indent,ltr,rtl,blockquote,|,forecolor,backcolor,fontselect,fontsizeselect',
- theme_advanced_buttons2: 'link,unlink,code,|,emotions,charmap,image,media,|,search' + (spellcheck ? ',spellchecker' : '') + ',undo,redo',
+ theme_advanced_buttons2: 'link,unlink,table,|,emotions,charmap,image,media,|,code,search' + (config.spellcheck ? ',spellchecker' : '') + ',undo,redo',
spellchecker_languages: (rcmail.env.spellcheck_langs ? rcmail.env.spellcheck_langs : 'Dansk=da,Deutsch=de,+English=en,Espanol=es,Francais=fr,Italiano=it,Nederlands=nl,Polski=pl,Portugues=pt,Suomi=fi,Svenska=sv'),
- spellchecker_rpc_url: '?_task=utils&_action=spell&tiny=1',
+ spellchecker_rpc_url: '?_task=utils&_action=spell_html',
+ spellchecker_enable_learn_rpc: config.spelldict,
accessibility_focus: false,
oninit: 'rcmail_editor_callback'
});
@@ -69,8 +70,11 @@
rcmail.change_identity(elem);
// Focus previously focused element
if (fe && fe.id != rcmail.env.composebody) {
- window.focus(); // for WebKit (#1486674)
- fe.focus();
+ // use setTimeout() for IE9 (#1488541)
+ window.setTimeout(function() {
+ window.focus(); // for WebKit (#1486674)
+ fe.focus();
+ }, 10);
}
}
@@ -114,13 +118,17 @@
if (flagElement && (flag = rcube_find_object(flagElement)))
flag.value = '1';
}
- else {
- if (!res && select.tagName == 'SELECT')
- select.value = 'html';
+ else if (res) {
if (flagElement && (flag = rcube_find_object(flagElement)))
flag.value = '0';
if (rcmail.env.composebody)
rcube_find_object(rcmail.env.composebody).focus();
}
+ else { // !res
+ if (select.tagName == 'SELECT')
+ select.value = 'html';
+ else if (select.tagName == 'INPUT')
+ select.checked = true;
+ }
}
--
Gitblit v1.9.1