From a3243760c243ddad76e91840134009c3681cb16a Mon Sep 17 00:00:00 2001 From: =?utf8?q?Petr=20S=CC=8Ckoda?= Date: Sat, 22 Dec 2012 16:48:13 +0100 Subject: [PATCH] MDL-37283 import tinymce spellchecker 2.0.6.1 --- .../tinymce/tiny_mce/3.5.1.1/plugins/spellchecker/changelog.txt | 2 ++ .../3.5.1.1/plugins/spellchecker/classes/GoogleSpell.php | 2 ++ 2 files changed, 4 insertions(+) diff --git a/lib/editor/tinymce/tiny_mce/3.5.1.1/plugins/spellchecker/changelog.txt b/lib/editor/tinymce/tiny_mce/3.5.1.1/plugins/spellchecker/changelog.txt index ed606cfae72..afe04fb7e7c 100644 --- a/lib/editor/tinymce/tiny_mce/3.5.1.1/plugins/spellchecker/changelog.txt +++ b/lib/editor/tinymce/tiny_mce/3.5.1.1/plugins/spellchecker/changelog.txt @@ -1,3 +1,5 @@ +Version 2.0.6.1 (2012-11-16) + Fixed security issue with google spellchecker. Version 2.0.6 (2011-09-29) Fixed incorrect position of suggestion menu. Fixed handling of mispelled words with no suggestions in PSpellShell engine. diff --git a/lib/editor/tinymce/tiny_mce/3.5.1.1/plugins/spellchecker/classes/GoogleSpell.php b/lib/editor/tinymce/tiny_mce/3.5.1.1/plugins/spellchecker/classes/GoogleSpell.php index e3acf2d878c..f96d4a9f2c3 100644 --- a/lib/editor/tinymce/tiny_mce/3.5.1.1/plugins/spellchecker/classes/GoogleSpell.php +++ b/lib/editor/tinymce/tiny_mce/3.5.1.1/plugins/spellchecker/classes/GoogleSpell.php @@ -51,6 +51,8 @@ class GoogleSpell extends SpellChecker { } function &_getMatches($lang, $str) { + $lang = preg_replace('/[^a-z\-]/i', '', $lang); // Sanitize, remove everything but a-z or - + $str = preg_replace('/[\x00-\x1F\x7F]/', '', $str); // Sanitize, remove all control characters $server = "www.google.com"; $port = 443; $path = "/tbproxy/spell?lang=" . $lang . "&hl=en"; -- 2.17.1