Commit 7fe94c02 authored by Son Nguyen's avatar Son Nguyen Committed by Robert Lyon
Browse files

Bug 1618317: Validate urlquerystr before parsing 

Also update the tinymce/README.Mahara as TinyMCE imagebrowser plugin
is a part of mahara

behatnotneeded

Change-Id: Ie6d3aa1bf80db9f9d52e3373bf407ab6bf8cafad
(cherry picked from commit e99d7b50)
parent a03d2573

htdocs/js/tinymce/README.Mahara

+2 −1
Original line number Diff line number Diff line
@@ -16,3 +16,4 @@ Changes: 
 * Adjusted the charmap plugin to contain Māori macrons

 * Adding the 'aria-hidden="true"' to presentation icons

 * Bug 1605110: Modified the "table" plugin to style the table through CSS instead of HTML attributes

 * Add TinyMCE imagebrowser plugin: plugins/imagebrowser/plugin.js
 
 No newline at end of file

htdocs/js/tinymce/plugins/imagebrowser/plugin.js

+8 −5
Original line number Diff line number Diff line
@@ -34,13 +34,16 @@ tinymce.PluginManager.add('imagebrowser', function(editor) { 
        var selected = null;

        if (imgElm.nodeName == 'IMG' && !imgElm.getAttribute('data-mce-object') && !imgElm.getAttribute('data-mce-placeholder')) {

            // existing values

            var urlquerystr = dom.getAttrib(imgElm, 'src').match(/\?.+/)[0];

            var urlquerystr = dom.getAttrib(imgElm, 'src').match(/\?.+/);

            if (urlquerystr) {

                urlquerystr = urlquerystr[0];

                var urlparts = urlquerystr.split('&');

                for (var x in urlparts) {

                    if (urlparts[x].match('file=')) {

                        selected = urlparts[x].split('=')[1];

                    }

                }

            }

            data = {

                src: dom.getAttrib(imgElm, 'src'),

                alt: dom.getAttrib(imgElm, 'alt'),