Commit 72f42f7e authored by Son Nguyen's avatar Son Nguyen Committed by Hugh Davenport
Browse files

Patch XSS vulnerability in Insert/Edit Image in Edit blog



Change-Id: Ia9df5e4eef4f3fb50ae1464540d777522179ac82
Signed-off-by: default avatarSon Nguyen <son.nguyen@catalyst.net.nz>
parent 47e3906d
......@@ -50,6 +50,12 @@ var ImageDialog = {
// Get image list from calling window
document.getElementById('image_list_container').innerHTML = this.imageSelectorHTML(f.src.value);
connect('image_list', 'onchange', function(e) {
e.stop();
this.form.src.value=this.options[this.selectedIndex].value;
ImageDialog.resetImageData();
ImageDialog.getImageData(this.form.src.value);
});
// Check if the image attached
if (e.nodeName == 'IMG' && f.image_list.selectedIndex == 0) {
......@@ -68,16 +74,15 @@ var ImageDialog = {
disabled = 'disabled';
}
var sel = '<select class="select" name="image_list" id="image_list" ' + disabled + ' onchange="this.form.src.value=this.options[this.selectedIndex].value;ImageDialog.resetImageData();ImageDialog.getImageData(this.form.src.value);">';
sel += '<option value="">--</option>';
var selectElem = SELECT({'class': 'select', 'name': 'image_list', 'id': 'image_list', 'disabled': disabled }, OPTION({'value':''},'--'));
for (var i = 0; i < imagefiles.length; i++) {
sel += '<option value="' + imagefiles[i].id + '" title="' + imagefiles[i].description + '"';
var opt = OPTION({'value': imagefiles[i].id, 'title': imagefiles[i].description}, imagefiles[i].name);
if (imageid == imagefiles[i].id) {
sel += ' selected';
setNodeAttribute(opt, 'selected', 'selected');
}
sel += '>' + imagefiles[i].name + '</option>';
appendChildNodes(selectElem, opt);
}
return sel;
return selectElem.outerHTML;
},
......
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>{str tag=insertimage section=artefact.blog}</title>
<script language="javascript" type="text/javascript" src="{$WWWROOT}js/MochiKit/Packed.js"></script>
<script language="javascript" type="text/javascript" src="{$WWWROOT}js/tinymce/tiny_mce_popup.js"></script>
<script language="javascript" type="text/javascript" src="{$WWWROOT}js/tinymce/utils/mctabs.js"></script>
<script language="javascript" type="text/javascript" src="{$WWWROOT}js/tinymce/utils/form_utils.js"></script>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment