Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge branch 'w51_MDL-37283_m22_spell' of git://github.com/skodak/moo…

…dle into MOODLE_22_STABLE
  • Loading branch information...
commit 7f44175aedd52b0d362736ca1396f81b762de42b 2 parents 9c829ef + 6fac8f7
@danpoltawski danpoltawski authored
View
2  lib/editor/tinymce/tiny_mce/3.4.9/plugins/spellchecker/changelog.txt
@@ -1,3 +1,5 @@
+Version 2.0.6.1 (2012-11-16)
+ Fixed security issue with google spellchecker.
Version 2.0.6 (2011-09-29)
Fixed incorrect position of suggestion menu.
Fixed handling of mispelled words with no suggestions in PSpellShell engine.
View
2  lib/editor/tinymce/tiny_mce/3.4.9/plugins/spellchecker/classes/GoogleSpell.php
@@ -51,6 +51,8 @@ function &getSuggestions($lang, $word) {
}
function &_getMatches($lang, $str) {
+ $lang = preg_replace('/[^a-z\-]/i', '', $lang); // Sanitize, remove everything but a-z or -
+ $str = preg_replace('/[\x00-\x1F\x7F]/', '', $str); // Sanitize, remove all control characters
$server = "www.google.com";
$port = 443;
$path = "/tbproxy/spell?lang=" . $lang . "&hl=en";
Please sign in to comment.
Something went wrong with that request. Please try again.