Index: /FCKeditor/trunk/_whatsnew.html
===================================================================
--- /FCKeditor/trunk/_whatsnew.html	(revision 7702)
+++ /FCKeditor/trunk/_whatsnew.html	(revision 7703)
@@ -34,11 +34,11 @@
 		FCKeditor ChangeLog - What's New?</h1>
 	<h3>
-		Version 2.6.10</h3>
+		Version 2.6.11</h3>
 	<p>
 		Fixed Bugs:</p>
 	<ul>
-		<li>Minor security release:<ul>
-			<li>Values displayed in the "About" dialog window were not properly escaped - reported by David Sopas.</li>
-			</ul>
+		<li><strong>Security release, upgrade is highly recommended </strong>.<ul>
+			<li>XSS vulnerability in SpellerPages spell checker - reported by Robin Bailey (<a href="http://dionach.com/">Dionach Ltd</a>)</li>
+		</ul>
 		</li>
 	</ul>
Index: /FCKeditor/trunk/_whatsnew_history.html
===================================================================
--- /FCKeditor/trunk/_whatsnew_history.html	(revision 7702)
+++ /FCKeditor/trunk/_whatsnew_history.html	(revision 7703)
@@ -33,4 +33,15 @@
 	<h1>
 		FCKeditor ChangeLog - What's New?</h1>
+	<h3>
+		Version 2.6.10</h3>
+	<p>
+		Fixed Bugs:</p>
+	<ul>
+		<li>Minor security release:<ul>
+			<li>Values displayed in the "About" dialog window were not properly escaped - reported by David Sopas.</li>
+		</ul>
+		</li>
+		</li>
+	</ul>
 	<h3>
 		Version 2.6.9</h3>
Index: /FCKeditor/trunk/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.cfm
===================================================================
--- /FCKeditor/trunk/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.cfm	(revision 7702)
+++ /FCKeditor/trunk/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.cfm	(revision 7703)
@@ -19,5 +19,9 @@
 <cfset word_win_src = "../wordWindow.js">
 
-<cfset form.checktext = form["textinputs[]"]>
+<cfif StructKeyExists(form, 'textinputs[]')>
+	<cfset form.checktext = form["textinputs[]"]>
+<cfelse>
+	<cfabort>
+</cfif>
 
 <!--- make no difference between URL and FORM scopes --->
Index: /FCKeditor/trunk/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php
===================================================================
--- /FCKeditor/trunk/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php	(revision 7702)
+++ /FCKeditor/trunk/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php	(revision 7703)
@@ -14,5 +14,8 @@
 $spellercss		= '../spellerStyle.css';						// by FredCK
 $word_win_src	= '../wordWindow.js';							// by FredCK
-
+# ignore invalid data
+if (empty($_POST['textinputs']) || !is_array($_POST['textinputs'])) {
+  die();
+}
 $textinputs		= $_POST['textinputs']; # array
 $input_separator = "A";
@@ -23,7 +26,9 @@
 function print_textinputs_var() {
 	global $textinputs;
-	foreach( $textinputs as $key=>$val ) {
+	for( $i = 0; $i < count( $textinputs ); $i++ ) {
+		if (!isset($textinputs[$i]))
+			break;
 		# $val = str_replace( "'", "%27", $val );
-		echo "textinputs[$key] = decodeURIComponent(\"" . htmlspecialchars($val, ENT_QUOTES) . "\");\n";
+		echo "textinputs[$i] = decodeURIComponent(\"" . htmlspecialchars($textinputs[$i], ENT_QUOTES) . "\");\n";
 	}
 }
@@ -82,4 +87,7 @@
 	if( $fh = fopen( $tempfile, 'w' )) {
 		for( $i = 0; $i < count( $textinputs ); $i++ ) {
+			# ignore invalid data
+			if (!isset($textinputs[$i]))
+				break;
 			$text = urldecode( $textinputs[$i] );
 
