From f06aa8058b7e32ba32d4551074b6e0b8a300f751 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Mon, 21 Oct 2013 15:02:40 -0400
Subject: [PATCH] Bump version after security fix
---
program/js/tiny_mce/plugins/table/js/table.js | 104 +++++++++++++++++++++++++++++++++++++++-------------
1 files changed, 78 insertions(+), 26 deletions(-)
diff --git a/program/js/tiny_mce/plugins/table/js/table.js b/program/js/tiny_mce/plugins/table/js/table.js
index f4b0862..1db243b 100644
--- a/program/js/tiny_mce/plugins/table/js/table.js
+++ b/program/js/tiny_mce/plugins/table/js/table.js
@@ -12,7 +12,7 @@
tinyMCEPopup.restoreSelection();
if (!AutoValidator.validate(formObj)) {
- tinyMCEPopup.alert(inst.getLang('invalid_data'));
+ tinyMCEPopup.alert(AutoValidator.getErrorMessages(formObj).join('. ') + '.');
return false;
}
@@ -21,7 +21,7 @@
// Get form data
cols = formObj.elements['cols'].value;
rows = formObj.elements['rows'].value;
- border = formObj.elements['border'].value != "" ? formObj.elements['border'].value : 0;
+ border = formObj.elements['border'].value != "" ? formObj.elements['border'].value : 0;
cellpadding = formObj.elements['cellpadding'].value != "" ? formObj.elements['cellpadding'].value : "";
cellspacing = formObj.elements['cellspacing'].value != "" ? formObj.elements['cellspacing'].value : "";
align = getSelectValue(formObj, "align");
@@ -58,11 +58,21 @@
// Update table
if (action == "update") {
- inst.execCommand('mceBeginUndoLevel');
-
dom.setAttrib(elm, 'cellPadding', cellpadding, true);
dom.setAttrib(elm, 'cellSpacing', cellspacing, true);
- dom.setAttrib(elm, 'border', border);
+
+ if (!isCssSize(border)) {
+ dom.setAttrib(elm, 'border', border);
+ } else {
+ dom.setAttrib(elm, 'border', '');
+ }
+
+ if (border == '') {
+ dom.setStyle(elm, 'border-width', '');
+ dom.setStyle(elm, 'border', '');
+ dom.setAttrib(elm, 'border', '');
+ }
+
dom.setAttrib(elm, 'align', align);
dom.setAttrib(elm, 'frame', frame);
dom.setAttrib(elm, 'rules', rules);
@@ -82,7 +92,7 @@
capEl = elm.ownerDocument.createElement('caption');
if (!tinymce.isIE)
- capEl.innerHTML = '<br _mce_bogus="1"/>';
+ capEl.innerHTML = '<br data-mce-bogus="1"/>';
elm.insertBefore(capEl, elm.firstChild);
}
@@ -121,7 +131,7 @@
if (bordercolor != "") {
elm.style.borderColor = bordercolor;
elm.style.borderStyle = elm.style.borderStyle == "" ? "solid" : elm.style.borderStyle;
- elm.style.borderWidth = border == "" ? "1px" : border;
+ elm.style.borderWidth = cssSize(border);
} else
elm.style.borderColor = '';
@@ -134,7 +144,7 @@
//elm.outerHTML = elm.outerHTML;
inst.nodeChanged();
- inst.execCommand('mceEndUndoLevel');
+ inst.execCommand('mceEndUndoLevel', false, {}, {skip_undo: true});
// Repaint if dimensions changed
if (formObj.width.value != orgTableWidth || formObj.height.value != orgTableHeight)
@@ -148,10 +158,13 @@
html += '<table';
html += makeAttrib('id', id);
- html += makeAttrib('border', border);
+ if (!isCssSize(border)) {
+ html += makeAttrib('border', border);
+ }
+
html += makeAttrib('cellpadding', cellpadding);
html += makeAttrib('cellspacing', cellspacing);
- html += makeAttrib('_mce_new', '1');
+ html += makeAttrib('data-mce-new', '1');
if (width && inst.settings.inline_styles) {
if (style)
@@ -187,7 +200,7 @@
if (caption) {
if (!tinymce.isIE)
- html += '<caption><br _mce_bogus="1"/></caption>';
+ html += '<caption><br data-mce-bogus="1"/></caption>';
else
html += '<caption></caption>';
}
@@ -197,7 +210,7 @@
for (var x=0; x<cols; x++) {
if (!tinymce.isIE)
- html += '<td><br _mce_bogus="1"/></td>';
+ html += '<td><br data-mce-bogus="1"/></td>';
else
html += '<td></td>';
}
@@ -206,8 +219,6 @@
}
html += "</table>";
-
- inst.execCommand('mceBeginUndoLevel');
// Move table
if (inst.settings.fix_table_elements) {
@@ -231,17 +242,29 @@
} else
inst.execCommand('mceInsertContent', false, html);
- tinymce.each(dom.select('table[_mce_new]'), function(node) {
- var td = dom.select('td', node);
+ tinymce.each(dom.select('table[data-mce-new]'), function(node) {
+ var tdorth = dom.select('td,th', node);
+
+ // Fixes a bug in IE where the caret cannot be placed after the table if the table is at the end of the document
+ if (tinymce.isIE && node.nextSibling == null) {
+ if (inst.settings.forced_root_block)
+ dom.insertAfter(dom.create(inst.settings.forced_root_block), node);
+ else
+ dom.insertAfter(dom.create('br', {'data-mce-bogus': '1'}), node);
+ }
- inst.selection.select(td[0], true);
- inst.selection.collapse();
+ try {
+ // IE9 might fail to do this selection
+ inst.selection.setCursorLocation(tdorth[0], 0);
+ } catch (ex) {
+ // Ignore
+ }
- dom.setAttrib(node, '_mce_new', '');
+ dom.setAttrib(node, 'data-mce-new', '');
});
inst.addVisual();
- inst.execCommand('mceEndUndoLevel');
+ inst.execCommand('mceEndUndoLevel', false, {}, {skip_undo: true});
tinyMCEPopup.close();
}
@@ -279,10 +302,19 @@
var cols = 2, rows = 2, border = tinyMCEPopup.getParam('table_default_border', '0'), cellpadding = tinyMCEPopup.getParam('table_default_cellpadding', ''), cellspacing = tinyMCEPopup.getParam('table_default_cellspacing', '');
var align = "", width = "", height = "", bordercolor = "", bgcolor = "", className = "";
- var id = "", summary = "", style = "", dir = "", lang = "", background = "", bgcolor = "", bordercolor = "", rules, frame;
+ var id = "", summary = "", style = "", dir = "", lang = "", background = "", bgcolor = "", bordercolor = "", rules = "", frame = "";
var inst = tinyMCEPopup.editor, dom = inst.dom;
var formObj = document.forms[0];
var elm = dom.getParent(inst.selection.getNode(), "table");
+
+ // Hide advanced fields that isn't available in the schema
+ tinymce.each("summary id rules dir style frame".split(" "), function(name) {
+ var tr = tinyMCEPopup.dom.getParent(name, "tr") || tinyMCEPopup.dom.getParent("t" + name, "tr");
+
+ if (tr && !tinyMCEPopup.editor.schema.isValid("table", name)) {
+ tr.style.display = 'none';
+ }
+ });
action = tinyMCEPopup.getWindowArg('action');
@@ -316,7 +348,7 @@
style = dom.serializeStyle(st);
dir = dom.getAttrib(elm, 'dir');
lang = dom.getAttrib(elm, 'lang');
- background = getStyle(elm, 'background', 'backgroundImage').replace(new RegExp("url\\('?([^']*)'?\\)", 'gi'), "$1");
+ background = getStyle(elm, 'background', 'backgroundImage').replace(new RegExp("url\\(['\"]?([^'\"]*)['\"]?\\)", 'gi'), "$1");
formObj.caption.checked = elm.getElementsByTagName('caption').length > 0;
orgTableWidth = width;
@@ -383,6 +415,20 @@
formObj.style.value = dom.serializeStyle(st);
}
+function isCssSize(value) {
+ return /^[0-9.]+(%|in|cm|mm|em|ex|pt|pc|px)$/.test(value);
+}
+
+function cssSize(value, def) {
+ value = tinymce.trim(value || def);
+
+ if (!isCssSize(value)) {
+ return parseInt(value, 10) + 'px';
+ }
+
+ return value;
+}
+
function changedBackgroundImage() {
var formObj = document.forms[0];
var st = dom.parseStyle(formObj.style.value);
@@ -397,8 +443,14 @@
var st = dom.parseStyle(formObj.style.value);
// Update border width if the element has a color
- if (formObj.border.value != "" && formObj.bordercolor.value != "")
- st['border-width'] = formObj.border.value + "px";
+ if (formObj.border.value != "" && (isCssSize(formObj.border.value) || formObj.bordercolor.value != ""))
+ st['border-width'] = cssSize(formObj.border.value);
+ else {
+ if (!formObj.border.value) {
+ st['border'] = '';
+ st['border-width'] = '';
+ }
+ }
formObj.style.value = dom.serializeStyle(st);
}
@@ -414,7 +466,7 @@
// Add border-width if it's missing
if (!st['border-width'])
- st['border-width'] = formObj.border.value == "" ? "1px" : formObj.border.value + "px";
+ st['border-width'] = cssSize(formObj.border.value, 1);
}
formObj.style.value = dom.serializeStyle(st);
@@ -425,7 +477,7 @@
var st = dom.parseStyle(formObj.style.value);
if (st['background-image'])
- formObj.backgroundimage.value = st['background-image'].replace(new RegExp("url\\('?([^']*)'?\\)", 'gi'), "$1");
+ formObj.backgroundimage.value = st['background-image'].replace(new RegExp("url\\(['\"]?([^'\"]*)['\"]?\\)", 'gi'), "$1");
else
formObj.backgroundimage.value = '';
--
Gitblit v1.9.1