Index: /FCKeditor/releases/latest/_whatsnew.html
===================================================================
--- /FCKeditor/releases/latest/_whatsnew.html (revision 7588)
+++ /FCKeditor/releases/latest/_whatsnew.html (revision 7589)
@@ -34,26 +34,9 @@
FCKeditor ChangeLog - What's New?
- Version 2.6.6
-
- New Features and Improvements:
-
- - [#5104] Fixed
- compatibility with Gecko browsers released in 2010 in the ColdFusion server side integration files.
- - [#4765] Fixed
- a potential function name clash in the built-in file browser with future versions of ColdFusion.
-
+ Version 2.6.8
Fixed Bugs:
- - [#4642] Avoided infinite
- loop in IE with invalid HTML.
- - [#4487] The editor was not loading properly in Safari 3.
- - Language file updates for the following languages:
-
-
+ - Security release, upgrade is highly recommended (fixed XSS issue).
Index: /FCKeditor/releases/latest/_whatsnew_history.html
===================================================================
--- /FCKeditor/releases/latest/_whatsnew_history.html (revision 7588)
+++ /FCKeditor/releases/latest/_whatsnew_history.html (revision 7589)
@@ -33,4 +33,35 @@
FCKeditor ChangeLog - What's New?
+
+ Version 2.6.7
+
+ Fixed Bugs:
+
+ - Security release, upgrade is highly recommended (improved protection for IIS6 web server).
+
+
+ Version 2.6.6
+
+ New Features and Improvements:
+
+ - [#5104] Fixed
+ compatibility with Gecko browsers released in 2010 in the ColdFusion server side integration files.
+ - [#4765] Fixed
+ a potential function name clash in the built-in file browser with future versions of ColdFusion.
+
+
+ Fixed Bugs:
+
+ - [#4642] Avoided infinite
+ loop in IE with invalid HTML.
+ - [#4487] The editor was not loading properly in Safari 3.
+ - Language file updates for the following languages:
+
+
+
Version 2.6.5
Index: /FCKeditor/releases/latest/editor/_source/fckeditorapi.js
===================================================================
--- /FCKeditor/releases/latest/editor/_source/fckeditorapi.js (revision 7588)
+++ /FCKeditor/releases/latest/editor/_source/fckeditorapi.js (revision 7589)
@@ -41,5 +41,5 @@
var sScript =
'window.FCKeditorAPI = {' +
- 'Version : "2.6.6",' +
+ 'Version : "2.6.8",' +
'VersionBuild : "25427",' +
'Instances : window.FCKeditorAPI && window.FCKeditorAPI.Instances || {},' +
Index: /FCKeditor/releases/latest/editor/dialog/fck_about.html
===================================================================
--- /FCKeditor/releases/latest/editor/dialog/fck_about.html (revision 7588)
+++ /FCKeditor/releases/latest/editor/dialog/fck_about.html (revision 7589)
@@ -79,5 +79,5 @@
version
- 2.6.6
+ 2.6.8
Build 25427
Index: /FCKeditor/releases/latest/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.cfm
===================================================================
--- /FCKeditor/releases/latest/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.cfm (revision 7588)
+++ /FCKeditor/releases/latest/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.cfm (revision 7589)
@@ -66,5 +66,5 @@
-
+
Index: /FCKeditor/releases/latest/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php
===================================================================
--- /FCKeditor/releases/latest/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php (revision 7588)
+++ /FCKeditor/releases/latest/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php (revision 7589)
@@ -25,5 +25,5 @@
foreach( $textinputs as $key=>$val ) {
# $val = str_replace( "'", "%27", $val );
- echo "textinputs[$key] = decodeURIComponent(\"" . $val . "\");\n";
+ echo "textinputs[$key] = decodeURIComponent(\"" . htmlspecialchars($val, ENT_QUOTES) . "\");\n";
}
}
Index: /FCKeditor/releases/latest/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.pl
===================================================================
--- /FCKeditor/releases/latest/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.pl (revision 7588)
+++ /FCKeditor/releases/latest/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.pl (revision 7589)
@@ -19,5 +19,5 @@
sub printTextVar {
for( my $i = 0; $i <= $#textinputs; $i++ ) {
- print "textinputs[$i] = decodeURIComponent('" . escapeQuote( $textinputs[$i] ) . "')\n";
+ print "textinputs[$i] = decodeURIComponent(\"" . specialchar_cnv( $textinputs[$i] ) . "\");\n";
}
}
@@ -107,4 +107,16 @@
}
+sub specialchar_cnv
+{
+ local($ch) = @_;
+
+ $ch =~ s/&/&/g; # &
+ $ch =~ s/\"/"/g; #"
+ $ch =~ s/\'/'/g; # '
+ $ch =~ s/</g; # <
+ $ch =~ s/>/>/g; # >
+ return($ch);
+}
+
sub handleError {
my $err = shift;
Index: /FCKeditor/releases/latest/editor/filemanager/connectors/asp/io.asp
===================================================================
--- /FCKeditor/releases/latest/editor/filemanager/connectors/asp/io.asp (revision 7588)
+++ /FCKeditor/releases/latest/editor/filemanager/connectors/asp/io.asp (revision 7589)
@@ -192,5 +192,5 @@
Set oRegex = New RegExp
oRegex.Global = True
- oRegex.Pattern = "(/\.)|(//)|([\\:\*\?\""\<\>\|]|[\u0000-\u001F]|\u007F)"
+ oRegex.Pattern = "(/\.)|(//)|([\\:\;\.\*\?\""\<\>\|]|[\u0000-\u001F]|\u007F)"
if (oRegex.Test(sCurrentFolder)) Then
@@ -208,5 +208,5 @@
' remove . \ / | : ? * " < > and control characters
- oRegex.Pattern = "(\.|\\|\/|\||:|\?|\*|""|\<|\>|[\u0000-\u001F]|\u007F)"
+ oRegex.Pattern = "(\.|\\|\/|\||:|\?|\;|\*|""|\<|\>|[\u0000-\u001F]|\u007F)"
SanitizeFolderName = oRegex.Replace( sNewFolderName, "_" )
@@ -226,5 +226,5 @@
' remove \ / | : ? * " < > and control characters
- oRegex.Pattern = "(\\|\/|\||:|\?|\*|""|\<|\>|[\u0000-\u001F]|\u007F)"
+ oRegex.Pattern = "(\\|\/|\||:|\;|\?|\*|""|\<|\>|[\u0000-\u001F]|\u007F)"
SanitizeFileName = oRegex.Replace( sNewFileName, "_" )
Index: /FCKeditor/releases/latest/editor/filemanager/connectors/cfm/cf5_connector.cfm
===================================================================
--- /FCKeditor/releases/latest/editor/filemanager/connectors/cfm/cf5_connector.cfm (revision 7588)
+++ /FCKeditor/releases/latest/editor/filemanager/connectors/cfm/cf5_connector.cfm (revision 7589)
@@ -117,5 +117,5 @@
">
-])', url.currentFolder)>
+])', url.currentFolder)>
Index: /FCKeditor/releases/latest/editor/filemanager/connectors/cfm/cf5_upload.cfm
===================================================================
--- /FCKeditor/releases/latest/editor/filemanager/connectors/cfm/cf5_upload.cfm (revision 7588)
+++ /FCKeditor/releases/latest/editor/filemanager/connectors/cfm/cf5_upload.cfm (revision 7589)
@@ -91,5 +91,5 @@
-])', url.currentFolder)>
+])', url.currentFolder)>
Index: /FCKeditor/releases/latest/editor/filemanager/connectors/cfm/cf_io.cfm
===================================================================
--- /FCKeditor/releases/latest/editor/filemanager/connectors/cfm/cf_io.cfm (revision 7588)
+++ /FCKeditor/releases/latest/editor/filemanager/connectors/cfm/cf_io.cfm (revision 7589)
@@ -194,5 +194,5 @@
- ])', sCurrentFolder)>
+ ])', sCurrentFolder)>
@@ -210,5 +210,5 @@
- +|[[:cntrl:]]+', "_", "all" )>
+ +|[[:cntrl:]]+', "_", "all" )>
@@ -294,5 +294,5 @@
- +|[[:cntrl:]]+', "_", "all" )>
+ +|[[:cntrl:]]+', "_", "all" )>
Index: /FCKeditor/releases/latest/editor/filemanager/connectors/lasso/connector.lasso
===================================================================
--- /FCKeditor/releases/latest/editor/filemanager/connectors/lasso/connector.lasso (revision 7588)
+++ /FCKeditor/releases/latest/editor/filemanager/connectors/lasso/connector.lasso (revision 7589)
@@ -110,5 +110,5 @@
$commandData += '\n';
/if;
- else if($CurrentFolder->(Find: '..') || (String_FindRegExp: $CurrentFolder, -Find='(/\\.)|(//)|[\\\\:\\*\\?\\""\\<\\>\\|]|\\000|[\u007F]|[\u0001-\u001F]'));
+ else if($CurrentFolder->(Find: '..') || (String_FindRegExp: $CurrentFolder, -Find='(/\\.)|(//)|[\\\\:\\*\\;\\.\\?\\""\\<\\>\\|]|\\000|[\u007F]|[\u0001-\u001F]'));
if($Command == 'FileUpload');
$responseType = 'html';
@@ -173,5 +173,5 @@
*/
case('CreateFolder');
- $NewFolderName = (String_ReplaceRegExp: $NewFolderName, -find='\\.|\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
+ $NewFolderName = (String_ReplaceRegExp: $NewFolderName, -find='\\.|\\\\|\\/|\\||\\:|\\;|\\.|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
var('newFolder' = $currentFolderURL + $NewFolderName + '/');
file_create($newFolder);
@@ -225,10 +225,10 @@
*/
$NewFileName = $NewFile->find('OrigName');
- $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
+ $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\\\|\\/|\\||\\:|\\;|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
$NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\.(?![^.]*$)', -replace='_');
$OrigFilePath = $currentFolderURL + $NewFileName;
$NewFilePath = $OrigFilePath;
local('fileExtension') = '.' + $NewFile->find('OrigExtension');
- #fileExtension = (String_ReplaceRegExp: #fileExtension, -find='\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
+ #fileExtension = (String_ReplaceRegExp: #fileExtension, -find='\\\\|\\/|\\||\\:|\\;|\\.|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
local('shortFileName') = $NewFileName->removetrailing(#fileExtension)&;
Index: /FCKeditor/releases/latest/editor/filemanager/connectors/lasso/upload.lasso
===================================================================
--- /FCKeditor/releases/latest/editor/filemanager/connectors/lasso/upload.lasso (revision 7588)
+++ /FCKeditor/releases/latest/editor/filemanager/connectors/lasso/upload.lasso (revision 7589)
@@ -94,5 +94,5 @@
/define_tag;
- if($CurrentFolder->(Find: '..') || (String_FindRegExp: $CurrentFolder, -Find='(/\\.)|(//)|[\\\\:\\*\\?\\""\\<\\>\\|]|\\000|[\u007F]|[\u0001-\u001F]'));
+ if($CurrentFolder->(Find: '..') || (String_FindRegExp: $CurrentFolder, -Find='(/\\.)|(//)|[\\\\:\\;\\.\\*\\?\\""\\<\\>\\|]|\\000|[\u007F]|[\u0001-\u001F]'));
$errorNumber = 102;
/if;
@@ -117,5 +117,5 @@
*/
$NewFileName = $NewFile->find('OrigName');
- $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
+ $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\\\|\\/|\\||\\:|\\;|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
$NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\.(?![^.]*$)', -replace='_');
$OrigFilePath = $currentFolderURL + $NewFileName;
Index: /FCKeditor/releases/latest/editor/filemanager/connectors/perl/commands.pl
===================================================================
--- /FCKeditor/releases/latest/editor/filemanager/connectors/perl/commands.pl (revision 7588)
+++ /FCKeditor/releases/latest/editor/filemanager/connectors/perl/commands.pl (revision 7589)
@@ -92,5 +92,5 @@
if($FORM{'NewFolderName'} ne "") {
$sNewFolderName = $FORM{'NewFolderName'};
- $sNewFolderName =~ s/\.|\\|\/|\||\:|\?|\*|\"|<|>|[[:cntrl:]]/_/g;
+ $sNewFolderName =~ s/\.|\\|\/|\||\:|\;|\?|\*|\"|<|>|[[:cntrl:]]/_/g;
# Map the virtual path to the local server path of the current folder.
$sServerDir = &ServerMapFolder($resourceType, $currentFolder);
@@ -131,5 +131,5 @@
# Get the uploaded file name.
$sFileName = $new_fname;
- $sFileName =~ s/\\|\/|\||\:|\?|\*|\"|<|>|[[:cntrl:]]/_/g;
+ $sFileName =~ s/\\|\/|\||\:|\;|\?|\*|\"|<|>|[[:cntrl:]]/_/g;
$sFileName =~ s/\.(?![^.]*$)/_/g;
Index: /FCKeditor/releases/latest/editor/filemanager/connectors/php/io.php
===================================================================
--- /FCKeditor/releases/latest/editor/filemanager/connectors/php/io.php (revision 7588)
+++ /FCKeditor/releases/latest/editor/filemanager/connectors/php/io.php (revision 7589)
@@ -246,5 +246,5 @@
SendError( 102, '' ) ;
- if ( preg_match(",(/\.)|[[:cntrl:]]|(//)|(\\\\)|([\:\*\?\"\<\>\|]),", $sCurrentFolder))
+ if ( preg_match(",(/\.)|[[:cntrl:]]|(//)|(\\\\)|([\.\;\:\*\?\"\<\>\|]),", $sCurrentFolder))
SendError( 102, '' ) ;
@@ -257,6 +257,6 @@
$sNewFolderName = stripslashes( $sNewFolderName ) ;
- // Remove . \ / | : ? * " < >
- $sNewFolderName = preg_replace( '/\\.|\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFolderName ) ;
+ // Remove . \ / | : ; . ? * " < >
+ $sNewFolderName = preg_replace( '/\\.|\\\\|\\;|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFolderName ) ;
return $sNewFolderName ;
@@ -275,5 +275,5 @@
// Remove \ / | : ? * " < >
- $sNewFileName = preg_replace( '/\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFileName ) ;
+ $sNewFileName = preg_replace( '/\\\\|\\/|\\||\\:|\\;|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFileName ) ;
return $sNewFileName ;
Index: /FCKeditor/releases/latest/editor/filemanager/connectors/py/fckutil.py
===================================================================
--- /FCKeditor/releases/latest/editor/filemanager/connectors/py/fckutil.py (revision 7588)
+++ /FCKeditor/releases/latest/editor/filemanager/connectors/py/fckutil.py (revision 7589)
@@ -63,5 +63,5 @@
"Do a cleanup of the folder name to avoid possible problems"
# Remove . \ / | : ? * " < > and control characters
- return re.sub( '\\.|\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[\x00-\x1f\x7f-\x9f]', '_', newFolderName )
+ return re.sub( '\\.|\\\\|\\/|\\;|\\||\\:|\\?|\\*|"|<|>|[\x00-\x1f\x7f-\x9f]', '_', newFolderName )
def sanitizeFileName( newFileName ):
@@ -73,5 +73,5 @@
newFileName = os.path.basename (newFileName) # strip directories
# Remove \ / | : ? *
- return re.sub ( '\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[\x00-\x1f\x7f-\x9f]/', '_', newFileName )
+ return re.sub ( '\\\\|\\/|\\||\\:|\\;|\\?|\\*|"|<|>|[\x00-\x1f\x7f-\x9f]/', '_', newFileName )
def getCurrentFolder(currentFolder):
@@ -94,5 +94,5 @@
# Check for invalid folder paths (..)
- if re.search( '(/\\.)|(//)|([\\\\:\\*\\?\\""\\<\\>\\|]|[\x00-\x1F]|[\x7f-\x9f])', currentFolder ):
+ if re.search( '(/\\.)|(//)|([\\\\:\\;\\*\\?\\""\\<\\>\\|]|[\x00-\x1F]|[\x7f-\x9f])', currentFolder ):
return None
Index: /FCKeditor/releases/latest/editor/js/fckeditorcode_gecko.js
===================================================================
--- /FCKeditor/releases/latest/editor/js/fckeditorcode_gecko.js (revision 7588)
+++ /FCKeditor/releases/latest/editor/js/fckeditorcode_gecko.js (revision 7589)
@@ -36,5 +36,5 @@
var FCKTools={};FCKTools.CreateBogusBR=function(A){var B=A.createElement('br');B.setAttribute('type','_moz');return B;};FCKTools.FixCssUrls=function(A,B){if (!A||A.length==0) return B;return B.replace(/url\s*\(([\s'"]*)(.*?)([\s"']*)\)/g,function(match,opener,path,closer){if (/^\/|^\w?:/.test(path)) return match;else return 'url('+opener+A+path+closer+')';});};FCKTools._GetUrlFixedCss=function(A,B){var C=A.match(/^([^|]+)\|([\s\S]*)/);if (C) return FCKTools.FixCssUrls(C[1],C[2]);else return A;};FCKTools.AppendStyleSheet=function(A,B){if (!B) return [];if (typeof(B)=='string'){if (/[\\\/\.][^{}]*$/.test(B)){return this.AppendStyleSheet(A,B.split(','));}else return [this.AppendStyleString(A,FCKTools._GetUrlFixedCss(B))];}else{var C=[];for (var i=0;i'+styleDef+'';};var C=function(cssFileUrl,markTemp){if (cssFileUrl.length==0) return '';var B=markTemp?' _fcktemp="true"':'';return '';};return function(cssFileOrArrayOrDef,markTemp){if (!cssFileOrArrayOrDef) return '';if (typeof(cssFileOrArrayOrDef)=='string'){if (/[\\\/\.][^{}]*$/.test(cssFileOrArrayOrDef)){return this.GetStyleHtml(cssFileOrArrayOrDef.split(','),markTemp);}else return A(this._GetUrlFixedCss(cssFileOrArrayOrDef),markTemp);}else{var E='';for (var i=0;i/g,'>');return A;};FCKTools.HTMLDecode=function(A){if (!A) return '';A=A.replace(/>/g,'>');A=A.replace(/</g,'<');A=A.replace(/&/g,'&');return A;};FCKTools._ProcessLineBreaksForPMode=function(A,B,C,D,E){var F=0;var G="";var H="
";var I="
";if (C){G="";H="";F=1;}while (D&&D!=A.FCK.EditorDocument.body){if (D.tagName.toLowerCase()=='p'){F=1;break;};D=D.parentNode;};for (var i=0;i";H="";F=1;}while (D&&D!=A.FCK.EditorDocument.body){if (D.tagName.toLowerCase()=='div'){F=1;break;};D=D.parentNode;};for (var i=0;i";H="";F=1;};for (var i=0;i0) return A[A.length-1];return null;};FCKTools.GetDocumentPosition=function(w,A){var x=0;var y=0;var B=A;var C=null;var D=FCKTools.GetElementWindow(B);while (B&&!(D==w&&(B==w.document.body||B==w.document.documentElement))){x+=B.offsetLeft-B.scrollLeft;y+=B.offsetTop-B.scrollTop;if (!FCKBrowserInfo.IsOpera){var E=C;while (E&&E!=B){x-=E.scrollLeft;y-=E.scrollTop;E=E.parentNode;}};C=B;if (B.offsetParent) B=B.offsetParent;else{if (D!=w){B=D.frameElement;C=null;if (B) D=B.contentWindow.parent;}else B=null;}};if (FCKDomTools.GetCurrentElementStyle(w.document.body,'position')!='static'||(FCKBrowserInfo.IsIE&&FCKDomTools.GetPositionedAncestor(A)==null)){x+=w.document.body.offsetLeft;y+=w.document.body.offsetTop;};return { "x":x,"y":y };};FCKTools.GetWindowPosition=function(w,A){var B=this.GetDocumentPosition(w,A);var C=FCKTools.GetScrollPosition(w);B.x-=C.X;B.y-=C.Y;return B;};FCKTools.ProtectFormStyles=function(A){if (!A||A.nodeType!=1||A.tagName.toLowerCase()!='form') return [];var B=[];var C=['style','className'];for (var i=0;i0){for (var i=B.length-1;i>=0;i--){var C=B[i][0];var D=B[i][1];if (D) A.insertBefore(C,D);else A.appendChild(C);}}};FCKTools.GetNextNode=function(A,B){if (A.firstChild) return A.firstChild;else if (A.nextSibling) return A.nextSibling;else{var C=A.parentNode;while (C){if (C==B) return null;if (C.nextSibling) return C.nextSibling;else C=C.parentNode;}};return null;};FCKTools.GetNextTextNode=function(A,B,C){node=this.GetNextNode(A,B);if (C&&node&&C(node)) return null;while (node&&node.nodeType!=3){node=this.GetNextNode(node,B);if (C&&node&&C(node)) return null;};return node;};FCKTools.Merge=function(){var A=arguments;var o=A[0];for (var i=1;i