Index: /FCKeditor/trunk/_whatsnew.html
===================================================================
--- /FCKeditor/trunk/_whatsnew.html (revision 7585)
+++ /FCKeditor/trunk/_whatsnew.html (revision 7586)
@@ -34,9 +34,9 @@
FCKeditor ChangeLog - What's New?
- Version 2.6.7
+ Version 2.6.8
Fixed Bugs:
- - Security release, upgrade is highly recommended (improved protection for IIS6 web server).
+ - Security release, upgrade is highly recommended (fixed XSS issue).
Index: /FCKeditor/trunk/_whatsnew_history.html
===================================================================
--- /FCKeditor/trunk/_whatsnew_history.html (revision 7585)
+++ /FCKeditor/trunk/_whatsnew_history.html (revision 7586)
@@ -33,4 +33,11 @@
FCKeditor ChangeLog - What's New?
+
+ Version 2.6.7
+
+ Fixed Bugs:
+
+ - Security release, upgrade is highly recommended (improved protection for IIS6 web server).
+
Version 2.6.6
Index: /FCKeditor/trunk/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.cfm
===================================================================
--- /FCKeditor/trunk/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.cfm (revision 7585)
+++ /FCKeditor/trunk/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.cfm (revision 7586)
@@ -66,5 +66,5 @@
-
+
Index: /FCKeditor/trunk/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php
===================================================================
--- /FCKeditor/trunk/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php (revision 7585)
+++ /FCKeditor/trunk/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php (revision 7586)
@@ -25,5 +25,5 @@
foreach( $textinputs as $key=>$val ) {
# $val = str_replace( "'", "%27", $val );
- echo "textinputs[$key] = decodeURIComponent(\"" . $val . "\");\n";
+ echo "textinputs[$key] = decodeURIComponent(\"" . htmlspecialchars($val, ENT_QUOTES) . "\");\n";
}
}
Index: /FCKeditor/trunk/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.pl
===================================================================
--- /FCKeditor/trunk/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.pl (revision 7585)
+++ /FCKeditor/trunk/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.pl (revision 7586)
@@ -19,5 +19,5 @@
sub printTextVar {
for( my $i = 0; $i <= $#textinputs; $i++ ) {
- print "textinputs[$i] = decodeURIComponent('" . escapeQuote( $textinputs[$i] ) . "')\n";
+ print "textinputs[$i] = decodeURIComponent(\"" . specialchar_cnv( $textinputs[$i] ) . "\");\n";
}
}
@@ -107,4 +107,16 @@
}
+sub specialchar_cnv
+{
+ local($ch) = @_;
+
+ $ch =~ s/&/&/g; # &
+ $ch =~ s/\"/"/g; #"
+ $ch =~ s/\'/'/g; # '
+ $ch =~ s/</g; # <
+ $ch =~ s/>/>/g; # >
+ return($ch);
+}
+
sub handleError {
my $err = shift;