Index: /CKEditor/branches/versions/3.6.x/CHANGES.html
===================================================================
--- /CKEditor/branches/versions/3.6.x/CHANGES.html (revision 7695)
+++ /CKEditor/branches/versions/3.6.x/CHANGES.html (revision 7696)
@@ -35,4 +35,11 @@
CKEditor Changelog
+
+ CKEditor 3.6.6.1
+
+ Fixed issues:
+
+ - Security update: Added protection against XSS attack and possible path disclosure in PHP sample.
+
CKEditor 3.6.6
Index: /CKEditor/branches/versions/3.6.x/_samples/assets/_posteddata.php
===================================================================
--- /CKEditor/branches/versions/3.6.x/_samples/assets/_posteddata.php (revision 7695)
+++ /CKEditor/branches/versions/3.6.x/_samples/assets/_posteddata.php (revision 7696)
@@ -26,22 +26,22 @@
$value )
+ {
+ if ( ( !is_string($value) && !is_numeric($value) ) || !is_string($key) )
+ continue;
-foreach ( $postArray as $sForm => $value )
-{
- if ( get_magic_quotes_gpc() )
- $postedValue = htmlspecialchars( stripslashes( $value ) ) ;
- else
- $postedValue = htmlspecialchars( $value ) ;
-
+ if ( get_magic_quotes_gpc() )
+ $value = htmlspecialchars( stripslashes((string)$value) );
+ else
+ $value = htmlspecialchars( (string)$value );
?>
- |
- |
+ |
+ |