Index: /FCKeditor/trunk/_whatsnew.html
===================================================================
--- /FCKeditor/trunk/_whatsnew.html (revision 318)
+++ /FCKeditor/trunk/_whatsnew.html (revision 319)
@@ -96,4 +96,7 @@
[#453] No more
errors when hitting del inside an empty table cell.
+ Security: The file browser connector was enabled by default in Lasso and the
+ ColdFusion connector allowed to pass configuration settings with the request.
+ The perl connector cgi file has been changed to Unix line endings.
Index: /FCKeditor/trunk/editor/filemanager/browser/default/connectors/lasso/config.lasso
===================================================================
--- /FCKeditor/trunk/editor/filemanager/browser/default/connectors/lasso/config.lasso (revision 318)
+++ /FCKeditor/trunk/editor/filemanager/browser/default/connectors/lasso/config.lasso (revision 319)
@@ -42,5 +42,5 @@
*/
var('config') = map(
- 'Enabled' = true,
+ 'Enabled' = false,
'UserFilesPath' = '/userfiles/',
'Subdirectories' = map(
Index: /FCKeditor/trunk/editor/filemanager/browser/default/connectors/perl/connector.cgi
===================================================================
--- /FCKeditor/trunk/editor/filemanager/browser/default/connectors/perl/connector.cgi (revision 318)
+++ /FCKeditor/trunk/editor/filemanager/browser/default/connectors/perl/connector.cgi (revision 319)
Index: /FCKeditor/trunk/editor/filemanager/upload/cfm/config.cfm
===================================================================
--- /FCKeditor/trunk/editor/filemanager/upload/cfm/config.cfm (revision 318)
+++ /FCKeditor/trunk/editor/filemanager/upload/cfm/config.cfm (revision 319)
@@ -61,10 +61,6 @@
-
-
-
-
-
-
+
+