Index: /FCKeditor/branches/versions/2.6.x/_samples/afp/fck.afpa.code
===================================================================
--- /FCKeditor/branches/versions/2.6.x/_samples/afp/fck.afpa.code (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/_samples/afp/fck.afpa.code (revision 7671)
@@ -112,6 +112,11 @@
ELSE
IF AT("gecko",sAgent)>0
- iVersion=VAL(SUBSTR(sAgent,AT("gecko/",sAgent)+6,8))
- llRetval =iVersion > 20030210
+ iVersion=VAL(SUBSTR(sAgent,AT("gecko/",sAgent)+6,4))
+ IF ( 2000 > iVersion )
+ llRetval=.T.
+ ELSE
+ iVersion=VAL(SUBSTR(sAgent,AT("gecko/",sAgent)+6,8))
+ llRetval =iVersion > 20030210
+ ENDIF
ENDIF
ENDIF
Index: /FCKeditor/branches/versions/2.6.x/_whatsnew.html
===================================================================
--- /FCKeditor/branches/versions/2.6.x/_whatsnew.html (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/_whatsnew.html (revision 7671)
@@ -34,9 +34,14 @@
FCKeditor ChangeLog - What's New?
- Version 2.6.8
+ Version 2.6.9
Fixed Bugs:
- - Security release, upgrade is highly recommended (fixed XSS issue).
+ - Security release, upgrade is highly recommended .
+ - (ASP) File Upload Protection Bypass - reported by Soroush Dalili (@irsdl), Mostafa Azizi
+ - XSS vulnerability in built-in file manager - reported by Soroush Dalili (SecProject.com)
+
+
+ - #9716 Fix FCKeditor browser detection to work with Firefox 17 and IE 10
Index: /FCKeditor/branches/versions/2.6.x/_whatsnew_history.html
===================================================================
--- /FCKeditor/branches/versions/2.6.x/_whatsnew_history.html (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/_whatsnew_history.html (revision 7671)
@@ -33,4 +33,11 @@
FCKeditor ChangeLog - What's New?
+
+ Version 2.6.8
+
+ Fixed Bugs:
+
+ - Security release, upgrade is highly recommended (fixed XSS issue).
+
Version 2.6.7
Index: /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/asp/class_upload.asp
===================================================================
--- /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/asp/class_upload.asp (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/asp/class_upload.asp (revision 7671)
@@ -281,8 +281,8 @@
If sDenied = "" Then
- oRE.Pattern = sAllowed
+ oRE.Pattern = "^(" & sAllowed & ")$"
IsAllowed = (sAllowed = "") Or oRE.Test(sExt)
Else
- oRE.Pattern = sDenied
+ oRE.Pattern = "^(" & sDenied & ")$"
IsAllowed = Not oRE.Test(sExt)
End If
@@ -300,5 +300,5 @@
oRE.IgnoreCase = True
oRE.Global = True
- oRE.Pattern = sHtmlExtensions
+ oRE.Pattern = "^(" & sHtmlExtensions & ")$"
IsHtmlExtension = oRE.Test(sExt)
Index: /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/asp/config.asp
===================================================================
--- /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/asp/config.asp (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/asp/config.asp (revision 7671)
@@ -89,4 +89,6 @@
' Attention: It must end with a slash: '/'
'
+' WARNING: It is recommended to remove swf extension from the list of allowed extensions.
+' SWF files can be used to perform XSS attack.
Dim ConfigAllowedExtensions, ConfigDeniedExtensions, ConfigFileTypesPath, ConfigFileTypesAbsolutePath, ConfigQuickUploadPath, ConfigQuickUploadAbsolutePath
Index: /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/asp/connector.asp
===================================================================
--- /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/asp/connector.asp (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/asp/connector.asp (revision 7671)
@@ -53,5 +53,5 @@
' Check if it is an allowed command
if ( Not IsAllowedCommand( sCommand ) ) then
- SendError 1, "The """ & sCommand & """ command isn't allowed"
+ SendError 1, "The requested command isn't allowed"
end if
Index: /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/asp/upload.asp
===================================================================
--- /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/asp/upload.asp (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/asp/upload.asp (revision 7671)
@@ -53,10 +53,10 @@
' Is Upload enabled?
if ( Not IsAllowedCommand( sCommand ) ) then
- SendUploadResults "1", "", "", "The """ & sCommand & """ command isn't allowed"
+ SendUploadResults "1", "", "", "The requested command isn't allowed"
end if
' Check if it is an allowed resource type.
if ( Not IsAllowedType( sResourceType ) ) Then
- SendUploadResults "1", "", "", "The " & sResourceType & " resource type isn't allowed"
+ SendUploadResults "1", "", "", "The requested resource type isn't allowed"
end if
Index: /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/aspx/config.ascx
===================================================================
--- /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/aspx/config.ascx (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/aspx/config.ascx (revision 7671)
@@ -67,4 +67,7 @@
HtmlExtensions = new string[] { "html", "htm", "xml", "xsd", "txt", "js" };
+ // WARNING: It is recommended to remove swf extension from the list of allowed extensions.
+ // SWF files can be used to perform XSS attack.
+
TypeConfig[ "File" ].AllowedExtensions = new string[] { "7z", "aiff", "asf", "avi", "bmp", "csv", "doc", "fla", "flv", "gif", "gz", "gzip", "jpeg", "jpg", "mid", "mov", "mp3", "mp4", "mpc", "mpeg", "mpg", "ods", "odt", "pdf", "png", "ppt", "pxd", "qt", "ram", "rar", "rm", "rmi", "rmvb", "rtf", "sdc", "sitd", "swf", "sxc", "sxw", "tar", "tgz", "tif", "tiff", "txt", "vsd", "wav", "wma", "wmv", "xls", "xml", "zip" };
TypeConfig[ "File" ].DeniedExtensions = new string[] { };
Index: /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/cfm/cf5_connector.cfm
===================================================================
--- /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/cfm/cf5_connector.cfm (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/cfm/cf5_connector.cfm (revision 7671)
@@ -125,5 +125,5 @@
- '>
+ '>
Index: /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/cfm/cf5_upload.cfm
===================================================================
--- /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/cfm/cf5_upload.cfm (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/cfm/cf5_upload.cfm (revision 7671)
@@ -77,10 +77,10 @@
-
+
-
+
Index: /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/cfm/cf_connector.cfm
===================================================================
--- /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/cfm/cf_connector.cfm (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/cfm/cf_connector.cfm (revision 7671)
@@ -59,5 +59,5 @@
-
+
Index: /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/cfm/cf_upload.cfm
===================================================================
--- /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/cfm/cf_upload.cfm (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/cfm/cf_upload.cfm (revision 7671)
@@ -61,5 +61,5 @@
-
+
Index: /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/cfm/config.cfm
===================================================================
--- /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/cfm/config.cfm (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/cfm/config.cfm (revision 7671)
@@ -113,4 +113,7 @@
// Attention: The above 'QuickUploadPath' must point to the same directory.
// Attention: It must end with a slash: '/'
+//
+// WARNING: It is recommended to remove swf extension from the list of allowed extensions.
+// SWF files can be used to perform XSS attack.
Config.AllowedExtensions = StructNew() ;
Index: /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/lasso/config.lasso
===================================================================
--- /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/lasso/config.lasso (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/lasso/config.lasso (revision 7671)
@@ -40,4 +40,7 @@
Set which file extensions are allowed and/or denied for each file type.
+
+ WARNING: It is recommended to remove swf extension from the list of allowed extensions.
+ SWF files can be used to perform XSS attack.
*/
var('config') = map(
Index: /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/perl/config.pl
===================================================================
--- /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/perl/config.pl (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/perl/config.pl (revision 7671)
@@ -33,4 +33,7 @@
$GLOBALS{'UserFilesDirectory'} = $rootpath . $GLOBALS{'UserFilesPath'};
+# WARNING: It is recommended to remove swf extension from the list of allowed extensions.
+# SWF files can be used to perform XSS attack.
+
%allowedExtensions = ("File", "7z|aiff|asf|avi|bmp|csv|doc|fla|flv|gif|gz|gzip|jpeg|jpg|mid|mov|mp3|mp4|mpc|mpeg|mpg|ods|odt|pdf|png|ppt|pxd|qt|ram|rar|rm|rmi|rmvb|rtf|sdc|sitd|swf|sxc|sxw|tar|tgz|tif|tiff|txt|vsd|wav|wma|wmv|xls|xml|zip",
"Image", "bmp|gif|jpeg|jpg|png",
Index: /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/php/config.php
===================================================================
--- /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/php/config.php (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/php/config.php (revision 7671)
@@ -120,4 +120,7 @@
*/
+// WARNING: It is recommended to remove swf extension from the list of allowed extensions.
+// SWF files can be used to perform XSS attack.
+
$Config['AllowedExtensions']['File'] = array('7z', 'aiff', 'asf', 'avi', 'bmp', 'csv', 'doc', 'fla', 'flv', 'gif', 'gz', 'gzip', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'ods', 'odt', 'pdf', 'png', 'ppt', 'pxd', 'qt', 'ram', 'rar', 'rm', 'rmi', 'rmvb', 'rtf', 'sdc', 'sitd', 'swf', 'sxc', 'sxw', 'tar', 'tgz', 'tif', 'tiff', 'txt', 'vsd', 'wav', 'wma', 'wmv', 'xls', 'xml', 'zip') ;
$Config['DeniedExtensions']['File'] = array() ;
Index: /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/php/connector.php
===================================================================
--- /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/php/connector.php (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/php/connector.php (revision 7671)
@@ -52,5 +52,5 @@
// Check if it is an allowed command
if ( ! IsAllowedCommand( $sCommand ) )
- SendError( 1, 'The "' . $sCommand . '" command isn\'t allowed' ) ;
+ SendError( 1, 'The requested command isn\'t allowed' ) ;
// Check if it is an allowed type.
Index: /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/php/upload.php
===================================================================
--- /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/php/upload.php (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/php/upload.php (revision 7671)
@@ -48,5 +48,5 @@
// Is enabled the upload?
if ( ! IsAllowedCommand( $sCommand ) )
- SendUploadResults( '1', '', '', 'The ""' . $sCommand . '"" command isn\'t allowed' ) ;
+ SendUploadResults( '1', '', '', 'The requested command isn\'t allowed' ) ;
// Check if it is an allowed type.
Index: /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/py/config.py
===================================================================
--- /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/py/config.py (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/py/config.py (revision 7671)
@@ -118,4 +118,7 @@
# Attention: It must end with a slash: '/'
+# WARNING: It is recommended to remove swf extension from the list of allowed extensions.
+# SWF files can be used to perform XSS attack.
+
AllowedExtensions['File'] = ['7z','aiff','asf','avi','bmp','csv','doc','fla','flv','gif','gz','gzip','jpeg','jpg','mid','mov','mp3','mp4','mpc','mpeg','mpg','ods','odt','pdf','png','ppt','pxd','qt','ram','rar','rm','rmi','rmvb','rtf','sdc','sitd','swf','sxc','sxw','tar','tgz','tif','tiff','txt','vsd','wav','wma','wmv','xls','xml','zip']
DeniedExtensions['File'] = []
Index: /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/py/connector.py
===================================================================
--- /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/py/connector.py (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/py/connector.py (revision 7671)
@@ -64,5 +64,5 @@
# Check if it is an allowed command
if ( not command in Config.ConfigAllowedCommands ):
- return self.sendError( 1, 'The %s command isn\'t allowed' % command )
+ return self.sendError( 1, 'The requested command isn\'t allowed' )
if ( not resourceType in Config.ConfigAllowedTypes ):
Index: /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/py/upload.py
===================================================================
--- /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/py/upload.py (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/editor/filemanager/connectors/py/upload.py (revision 7671)
@@ -49,5 +49,5 @@
# Check if it is an allowed command
if ( not command in Config.ConfigAllowedCommands ):
- return self.sendUploadResults( 1, '', '', 'The %s command isn\'t allowed' % command )
+ return self.sendUploadResults( 1, '', '', 'The requested command isn\'t allowed' )
if ( not resourceType in Config.ConfigAllowedTypes ):
Index: /FCKeditor/branches/versions/2.6.x/fckeditor.afp
===================================================================
--- /FCKeditor/branches/versions/2.6.x/fckeditor.afp (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/fckeditor.afp (revision 7671)
@@ -115,6 +115,11 @@
ELSE
IF AT("gecko/",sAgent)>0
- iVersion=VAL(SUBSTR(sAgent,AT("gecko/",sAgent)+6,8))
- llRetval =iVersion > 20030210
+ iVersion=VAL(SUBSTR(sAgent,AT("gecko/",sAgent)+6,4))
+ IF ( 2000 > iVersion )
+ llRetval=.T.
+ ELSE
+ iVersion=VAL(SUBSTR(sAgent,AT("gecko/",sAgent)+6,8))
+ llRetval =iVersion > 20030210
+ ENDIF
ENDIF
ELSE
Index: /FCKeditor/branches/versions/2.6.x/fckeditor.asp
===================================================================
--- /FCKeditor/branches/versions/2.6.x/fckeditor.asp (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/fckeditor.asp (revision 7671)
@@ -201,6 +201,14 @@
FCKeditor_IsCompatibleBrowser = ( iVersion >= 5.5 )
ElseIf InStr(sAgent, "Gecko/") > 0 Then
- iVersion = CLng( Mid( sAgent, InStr( sAgent, "Gecko/" ) + 6, 8 ) )
- FCKeditor_IsCompatibleBrowser = ( iVersion >= 20030210 )
+ Set re = new RegExp
+ re.IgnoreCase = true
+ re.global = false
+ re.Pattern = "Gecko/\d+\.\d+"
+ If re.Test(sAgent) Then
+ FCKeditor_IsCompatibleBrowser = True
+ Else
+ iVersion = CLng( Mid( sAgent, InStr( sAgent, "Gecko/" ) + 6, 8 ) )
+ FCKeditor_IsCompatibleBrowser = ( iVersion >= 20030210 )
+ End If
ElseIf InStr(sAgent, "Opera/") > 0 Then
iVersion = CSng( FCKeditor_ToNumericFormat( Mid( sAgent, InStr( sAgent, "Opera/" ) + 6, 4 ) ) )
Index: /FCKeditor/branches/versions/2.6.x/fckeditor.js
===================================================================
--- /FCKeditor/branches/versions/2.6.x/fckeditor.js (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/fckeditor.js (revision 7671)
@@ -305,11 +305,17 @@
if ( /*@cc_on!@*/false && sAgent.indexOf("mac") == -1 )
{
- var sBrowserVersion = navigator.appVersion.match(/MSIE (.\..)/)[1] ;
+ var sBrowserVersion = navigator.appVersion.match(/MSIE ([\d.]+)/)[1] ;
return ( sBrowserVersion >= 5.5 ) ;
}
- // Gecko (Opera 9 tries to behave like Gecko at this point).
- if ( navigator.product == "Gecko" && navigator.productSub >= 20030210 && !( typeof(opera) == 'object' && opera.postError ) )
- return true ;
+ if ( navigator.product == "Gecko" )
+ {
+ // introduced in Firefox 17.0
+ if ( sAgent.match(/gecko\/(\d+\.\d+)/i) )
+ return true ;
+ // Gecko (Opera 9 tries to behave like Gecko at this point).
+ if ( navigator.productSub >= 20030210 && !( typeof(opera) == 'object' && opera.postError ) )
+ return true ;
+ }
// Opera 9.50+
Index: /FCKeditor/branches/versions/2.6.x/fckeditor.lasso
===================================================================
--- /FCKeditor/branches/versions/2.6.x/fckeditor.lasso (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/fckeditor.lasso (revision 7671)
@@ -83,5 +83,5 @@
/if;
if (client_browser->Find("Gecko/"));
- #result = client_browser->Substring(client_browser->Find("Gecko/")+6,8)>=20030210;
+ #result = ((2000>client_browser->Substring(client_browser->Find("Gecko/")+6,4)) || (client_browser->Substring(client_browser->Find("Gecko/")+6,8)>=20030210));
/if;
if (client_browser->Find("Opera/"));
Index: /FCKeditor/branches/versions/2.6.x/fckeditor.pl
===================================================================
--- /FCKeditor/branches/versions/2.6.x/fckeditor.pl (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/fckeditor.pl (revision 7671)
@@ -104,4 +104,6 @@
$iVersion = substr($sAgent,index($sAgent,'MSIE') + 5,3);
return($iVersion >= 5.5) ;
+ } elsif($sAgent =~ /Gecko\/\d+\.\d+/i) {
+ return true;
} elsif($sAgent =~ /Gecko\//i) {
$iVersion = substr($sAgent,index($sAgent,'Gecko/') + 6,8);
Index: /FCKeditor/branches/versions/2.6.x/fckeditor.py
===================================================================
--- /FCKeditor/branches/versions/2.6.x/fckeditor.py (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/fckeditor.py (revision 7671)
@@ -120,4 +120,6 @@
return False
elif (sAgent.find("Gecko/") >= 0):
+ if (re.search(r'Gecko\/\d+\.\d+', sAgent)):
+ return True
i = sAgent.find("Gecko/")
iVersion = int(sAgent[i+6:i+6+8])
Index: /FCKeditor/branches/versions/2.6.x/fckeditor_php4.php
===================================================================
--- /FCKeditor/branches/versions/2.6.x/fckeditor_php4.php (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/fckeditor_php4.php (revision 7671)
@@ -55,4 +55,7 @@
else if ( strpos($sAgent, 'Gecko/') !== false )
{
+ // Firefox 17+
+ if (preg_match("|Gecko/\d+\.\d+|", $sAgent))
+ return true;
$iVersion = (int)substr($sAgent, strpos($sAgent, 'Gecko/') + 6, 8) ;
return ($iVersion >= 20030210) ;
Index: /FCKeditor/branches/versions/2.6.x/fckeditor_php5.php
===================================================================
--- /FCKeditor/branches/versions/2.6.x/fckeditor_php5.php (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/fckeditor_php5.php (revision 7671)
@@ -55,4 +55,7 @@
else if ( strpos($sAgent, 'Gecko/') !== false )
{
+ // Firefox 17+
+ if (preg_match("|Gecko/\d+\.\d+|", $sAgent))
+ return true;
$iVersion = (int)substr($sAgent, strpos($sAgent, 'Gecko/') + 6, 8) ;
return ($iVersion >= 20030210) ;
Index: /FCKeditor/branches/versions/2.6.x/fckutils.cfm
===================================================================
--- /FCKeditor/branches/versions/2.6.x/fckutils.cfm (revision 7670)
+++ /FCKeditor/branches/versions/2.6.x/fckutils.cfm (revision 7671)
@@ -32,5 +32,5 @@
{
// try to extract IE version
- stResult = reFind( "msie ([5-9]\.[0-9])", sAgent, 1, true );
+ stResult = reFind( "msie ([0-9]+\.[0-9]+)", sAgent, 1, true );
if( arrayLen( stResult.pos ) eq 2 )
{
@@ -41,5 +41,5 @@
}
}
- // check for Gecko ( >= 20030210+ )
+ // check for Gecko ( >= 20030210+ OR >= 17.0 )
else if( find( "gecko/", sAgent ) )
{
@@ -51,4 +51,10 @@
sBrowserVersion = mid( sAgent, stResult.pos[2], stResult.len[2] );
if( sBrowserVersion GTE 20030210 )
+ isCompatibleBrowser = true;
+ }
+ stResult = reFind( "gecko/([0-9]+\.[0-9]+)", sAgent, 1, true );
+ if( arrayLen( stResult.pos ) eq 2 )
+ {
+ if ( mid( sAgent, stResult.pos[2], stResult.len[2] ) gte 17.0)
isCompatibleBrowser = true;
}