From 197203727417a03d87053a47e5aa5175a76e3e0b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 17 Oct 2013 04:24:53 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/js/tiny_mce/plugins/paste/pastetext.htm |   37 +++++++++++++++----------------------
 1 files changed, 15 insertions(+), 22 deletions(-)

diff --git a/program/js/tiny_mce/plugins/paste/pastetext.htm b/program/js/tiny_mce/plugins/paste/pastetext.htm
index 2f2b341..b655945 100644
--- a/program/js/tiny_mce/plugins/paste/pastetext.htm
+++ b/program/js/tiny_mce/plugins/paste/pastetext.htm
@@ -1,34 +1,27 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 	<title>{#paste.paste_text_desc}</title>
-	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
 	<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
 	<script type="text/javascript" src="js/pastetext.js"></script>
-	<base target="_self" />
 </head>
-<body onresize="resizeInputs();" style="display:none; overflow:hidden;">
-<form name="source" onsubmit="saveContent();return false;" action="#">
-	<div style="float: left" class="title">{#paste.paste_text_desc}</div>
-
-	<div style="float: right">
-		<input type="checkbox" name="linebreaks" id="linebreaks" class="wordWrapCode" checked="checked" /><label for="linebreaks">{#paste_dlg.text_linebreaks}</label>
-	</div>
-
-	<br style="clear: both" />
-
-	<div>{#paste_dlg.text_title}</div>
-
-	<textarea name="htmlSource" id="htmlSource" rows="15" cols="100" style="width: 100%; height: 100%; font-family: 'Courier New',Courier,mono; font-size: 12px;" dir="ltr" wrap="soft" class="mceFocus"></textarea>
-
-	<div class="mceActionPanel">
-		<div style="float: left">
-			<input type="submit" name="insert" value="{#insert}" id="insert" />
-		</div>
+<body onresize="PasteTextDialog.resize();" style="display:none; overflow:hidden;">
+	<form name="source" onsubmit="return PasteTextDialog.insert();" action="#">
+		<div style="float: left" class="title">{#paste.paste_text_desc}</div>
 
 		<div style="float: right">
+			<input type="checkbox" name="linebreaks" id="linebreaks" class="wordWrapCode" checked="checked" /><label for="linebreaks">{#paste_dlg.text_linebreaks}</label>
+		</div>
+
+		<br style="clear: both" />
+
+		<div>{#paste_dlg.text_title}</div>
+
+		<textarea id="content" name="content" rows="15" cols="100" style="width: 100%; height: 100%; font-family: 'Courier New',Courier,mono; font-size: 12px;" dir="ltr" wrap="soft" class="mceFocus"></textarea>
+
+		<div class="mceActionPanel">
+			<input type="submit" name="insert" value="{#insert}" id="insert" />
 			<input type="button" name="cancel" value="{#cancel}" onclick="tinyMCEPopup.close();" id="cancel" />
 		</div>
-	</div>
-</form>
+	</form>
 </body> 
 </html>
\ No newline at end of file

--
Gitblit v1.9.1