Page MenuHomePhabricator
Create Task
Maniphest T27091

String single quote unescaped in FCKeditor.body.php prevents editor from loading.
Closed, ResolvedPublic
Actions

Description

Author: jmlapointe

Description:
I installed MediaWiki 1.16.0 with latest FCKeditor from the 1.16.x branch and it generate the following javascript error for my french language wiki.

Here is the error output of firefox's 3.6 linux x86_64 error console:

Erreur : missing ; before statement
Fichier Source : http://wiki.demo.ep.profweb.qc.ca/index.php?title=Accueil&action=edit
Ligne : 274, Colonne : 41
Code Source :

fckTools.innerHTML+='<span ' + style + ' id="popup_wpTextbox1">[<a class="fckPopup" href="javascript:void(0)" onclick="ToggleFCKEditor(\'popup\',\'wpTextbox1\')">Ouvrir l'éditeur enrichi dans une nouvelle fenêtre</a>]</span>';

As you can see, the french text "Ouvrir l'éditeur enrichi dans une nouvelle fenêtre" has a single quote wich is not escaped and this prvents the editor from loading.

I found a temporary fix by doing the following thing:

In file "extensions/FCKeditor/FCKeditor.body.php", I replaced line 430:

-> $newWinMsg = wfMsg( 'rich_editor_new_window' );

with

-> $newWinMsg = str_replace("'","\'",wfMsg( 'rich_editor_new_window' ));

This fixed the problem, the editor now loads normaly.

I'm not a programmer so I don't know if this is a FCKeditor problem or a MediaWiki problem and I'm not sure if I corrected this bug by doing the best thing so I will let you guys decide where it should be fixed.

Thanx for your great work!

I hope you can fix this soon!

Version: unspecified
Severity: blocker

Details

Reference
bz25091
TitleReferenceAuthorSource BranchDest Branch
make-release: Stop branching GWToolsetrepos/releng/release!31jforresterdrop-gwtoolsetmain
Customize query in GitLab

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 11:14 PM
bzimport added a project: MediaWiki-extensions-FCKeditor.
bzimport set Reference to bz25091.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Sep 7 2010, 9:34 PM
bzimport added a comment.Sep 9 2010, 11:43 PM

webmaster wrote:

Thank you for the quick fix. It works.

Bawolff added a comment.Sep 10 2010, 1:47 AM

committed fix to svn in r72699. (basically same as original poster, but use escaping functions that also do other troublesome characters).

This was somewhat of a security issue (XSS), as an evil person could insert code into mediawiki namespace, but not so much as theirs easier ways to be evil if you have privs to edit mediawiki namespace.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL