Hi, > an XSS vulnerability was found in fckeditor before 2.6.7. Please try to > fix the problem using an isolated fix since we are in freeze. > > More info can be found at > http://disse.cting.org/2012/06/22/fckeditor-reflected-xss-vulnerability/ Thanks for the advice. I found no official solution at the moment.
My soltions for the moment are: 1. change line 27 to: echo "textinputs[$key] = decodeURIComponent(\"" . htmlentities($val, ENT_COMPAT) . "\");\n"; 2. change line 27 to: echo "textinputs[$key] = decodeURIComponent(\"" . htmlspecialchars($val, ENT_QUOTES) . "\");\n"; Both soltuins work for me. I will try to contact upstream to find a solution. regards, Frank
signature.asc
Description: This is a digitally signed message part.
