--- fckeditor-2.6.6.orig/debian/compat +++ fckeditor-2.6.6/debian/compat @@ -0,0 +1 @@ +7 --- fckeditor-2.6.6.orig/debian/control +++ fckeditor-2.6.6/debian/control @@ -0,0 +1,18 @@ +Source: fckeditor +Section: web +Priority: optional +Maintainer: Frank Habermann +Build-Depends: debhelper (>= 7) +Standards-Version: 3.8.4 +Homepage: http://www.fckeditor.net + +Package: fckeditor +Architecture: all +Depends: ${misc:Depends}, apache2 | httpd +Suggests: php5, perl, python +Recommends: aspell +Description: rich text format javascript web editor + FCKeditor is an HTML/DHTML editor for PHP, Java, Perl, Python, ASP, ASP.NET, + ColdFusion, PHP, and JavaScript that brings to the Web much of the powerful + functionality of known desktop editors like Word. It's very lightweight, and + doesn't require any kind of installation on the client computer. --- fckeditor-2.6.6.orig/debian/changelog +++ fckeditor-2.6.6/debian/changelog @@ -0,0 +1,157 @@ +fckeditor (1:2.6.6-1squeeze1build0.11.10.1) oneiric-security; urgency=low + + * fake sync from Debian + + -- Jamie Strandboge Wed, 22 Aug 2012 11:25:35 -0500 + +fckeditor (1:2.6.6-1squeeze1) squeeze-security; urgency=high + + * fixed XSS vulnerability in spellchecker (Closes: #683418) [CVE-2012-4000] + + -- Frank Habermann Sat, 04 Aug 2012 00:00:00 +0200 + +fckeditor (1:2.6.6-1) unstable; urgency=low + + * new upstream version + - added new translations + - editor was not loading in Safari 3 + - Avoided infinite loop in IE with invalid HTML + - fixed ColdFusion in file browser + * changed Standards-Version to 3.8.4 + * added ${misc:Depends} to Depends + * changed README.Debian (Closes: #569826, #569827) + + -- Frank Habermann Tue, 16 Feb 2010 19:15:00 +0200 + +fckeditor (1:2.6.5-2) unstable; urgency=low + + * fixed spelling in readme (Closes: #566935) + + -- Frank Habermann Wed, 27 Jan 2010 21:45:00 +0200 + +fckeditor (1:2.6.5-1) unstable; urgency=low + + * new upstream release + - fixing small compatibility issues with some browsers + - added Spell Check As You Type (SCAYT) solution + - fixed several javascript editor handling problems + * changed Standards-Version to 3.8.3 + + -- Frank Habermann Tue, 22 Sep 2009 19:45:00 +0200 + +fckeditor (1:2.6.4.1-1) unstable; urgency=high + + * new upstream release + - fix remote file upload vulnerability [CVE 2009-2265] + * changed standard version to 3.8.2 + + -- Frank Habermann Mon, 06 Jul 2009 20:40:00 +0200 + +fckeditor (1:2.6.4-1) unstable; urgency=low + + * new upstream release + - integration with "WebSpellChecker" + - in the table dialog it's possible to create header cells + - table dialog allows switching between normal data cells or header cells + - new language file for icelandic + - fixed several javascript editor handling problems + * changed path of spellchecker to linux one instead of using windows one + * debian/control: Recommend aspell + * added config.php that load config from /etc/fckeditor + * changed compat and debhelper to version 7 + * cleanup debian/rules + * convert debian/copyright to machine readable format + + -- Frank Habermann Sun, 01 Feb 2009 22:12:00 +0200 + +fckeditor (1:2.6.3-1) unstable; urgency=low + + * new upstream release + - Added a new context menu option for opening links in the editor + - Email links from the Link dialog are now encoded by default + - Added the ability to create, modify and remove DIV containers + - The SHIFT+SPACE keystroke will now produce a   character + - It's now possible to enable the browsers default menu using the + configuration file + - Added HTML samples for legacy HTML and Flash HTML + - Introduced the "PreventSubmitHandler" setting, which makes it possible + to instruct the editor to not handle the hidden field update on form + submit events + - FCK.InsertHtml() is now properly removing selected contents after + content insertion in Firefox + - Spelling mistake corrections made by the spell checking dialog are now + undoable + - Insert anchor was not working for non-empty selections + - It was impossible to switch between editor areas with a single click + - Fixed several javascript editor handling problems + + -- Frank Habermann Tue, 06 Aug 2008 23:23:23 +0200 + +fckeditor (1:2.6.2-1) unstable; urgency=low + + * new upstream release (Closes #488395) + - Calling FCK.InsertHtml( 'nbsp;') was inserting a plain space instead of + a non breaking space character. + - The dragresizetable plugin now works in Firefox 3 as well. + - Minor fix in FCKSelection for nodeTagName object. + - Unified FCKConfig.FullBasePath with FCKConfig.BasePath. + - Changed floating dialogs to use fixed positioning so that they are no + longer affected by scrolling. + - On Opera and Firefox 3, the entire page was scrolling on ENTER. + - The TAB key will now have the default browser behavior if TabSpaces=0. + It will move the focus out of the editor (expect on Safari). + + -- Frank Habermann Tue, 28 Jun 2008 21:52:00 +0200 + +fckeditor (1:2.6.1-1) unstable; urgency=low + + * new upstream release + - improved searching speed of find and replace + - new language file for Gujarati + - fixed several JavaScript problems with IE, Hotkeys and Dialogs + * changed Standards-Version to 3.8.0 + + -- Frank Habermann Wed, 18 Jun 2008 22:25:00 +0200 + +fckeditor (1:2.6-1) unstable; urgency=low + + * new upstream release + - new floating dialog system + - adobe air compatibility + - inline css cache + - FCKeditorAPI.Instances can now access all FCKEditor instances in the page + + -- Frank Habermann Mon, 07 Apr 2008 23:44:00 +0200 + +fckeditor (1:2.5.1-2) unstable; urgency=low + + * added missing file fckutils.cfm (Closes: #474277) + + -- Frank Habermann Sat, 05 Apr 2008 19:14:00 +0200 + +fckeditor (1:2.5.1-1) unstable; urgency=low + + * New upstream release + - add FCKeditor.Net 2.5 compatibility + - new JavaScript function that replace many textarea elements + - it is possible to set the BasePath for all editor instances + - fixed several JavaScript problems with spell checker, strict warning + messages in Firefox, markup that blocking execution and ENTER key will + not swap the order of tags + + -- Frank Habermann Sun, 23 Dec 2007 20:04:57 +0200 + +fckeditor (1:2.5-1) unstable; urgency=low + + * New upstream release + - heading options are moved to the top + - fixed many javascript bugs + * standard-version is 2.7.3 in control now + + -- Frank Habermann Sun, 09 Dec 2007 14:42:33 +0200 + +fckeditor (2.5b-1) unstable; urgency=low + + * Initial release. + + -- Frank Habermann Fri, 02 Nov 2007 21:30:01 +0200 --- fckeditor-2.6.6.orig/debian/rules +++ fckeditor-2.6.6/debian/rules @@ -0,0 +1,53 @@ +#!/usr/bin/make -f + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=0 + +clean: + dh_testdir + dh_testroot + + dh_clean + +build: + +install: + dh_testdir + dh_testroot + dh_prep + dh_installdirs + + # create folder + mkdir -p debian/fckeditor/usr/share/fckeditor + + # copy files + cp -a fckconfig.js fckeditor.asp fckeditor.cfm fckeditor.lasso fckeditor_php4.php fckeditor.pl fckpackager.xml fcktemplates.xml editor fckeditor.afp fckeditor.cfc fckeditor.js fckeditor.php fckeditor_php5.php fckeditor.py fckstyles.xml fckutils.cfm debian/fckeditor/usr/share/fckeditor/ + rm -f debian/fckeditor/usr/share/fckeditor/editor/filemanager/connectors/php/config.php + + # install configs + install -D -m 0644 editor/filemanager/connectors/php/config.php debian/fckeditor/etc/fckeditor/config.php + + cp -a debian/config/config.php debian/fckeditor/usr/share/fckeditor/editor/filemanager/connectors/php/config.php + + # setting rights + find debian/fckeditor/usr/share/fckeditor -type f | xargs chmod 0644 + find debian/fckeditor/usr/share/fckeditor/editor/filemanager/connectors/ -name "*.py" -or -name "*.cgi" | xargs chmod 0755 + chmod 0755 debian/fckeditor/usr/share/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.pl + +binary: binary-indep + +binary-arch: + +binary-indep: install + dh_testdir + dh_testroot + dh_installchangelogs _whatsnew_history.html + dh_installdocs + dh_compress + dh_fixperms + dh_installdeb + dh_gencontrol + dh_md5sums + dh_builddeb + +.PHONY: clean build install binary binary-arch binary-indep --- fckeditor-2.6.6.orig/debian/copyright +++ fckeditor-2.6.6/debian/copyright @@ -0,0 +1,26 @@ +Author: Frederico Caldeira Knabben +Download: http://www.fckeditor.net/download + +Files: * +Copyright: (C) 2003-2007 Frederico Caldeira Knabben +License: GPL-2+ + The fckeditor is tripple licensed under the GNU General Public License (GPL), + GNU Lesser General Public License (LGPL), and Mozilla Public License (MPL). + In Debian, it is distributed under the GNU General Public License (GPL. + . + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + . + On Debian systems, the complete text of the GNU General Public License + can be found in /usr/share/common-licenses/GPL-2 file. --- fckeditor-2.6.6.orig/debian/README.Debian +++ fckeditor-2.6.6/debian/README.Debian @@ -0,0 +1,23 @@ +fckeditor for Debian +------------------------ + +The package installs all the files needed by fckeditor under +`/usr/share/fckeditor'. + +It's pretty easy to use fckeditor within your webapp, you just have alias that +directory to "fckeditor": + + Alias /fckeditor/ /usr/share/fckeditor/ + + Options None + AllowOverride None + + + ExpiresActive On + # Keep the "expiration" delay low, so web browsers and proxies + # does check for updated version regularly. + ExpiresDefault "access plus 3 hour" + + + + -- Frank Habermann Fri, 02 Nov 2007 21:30:01 +0200 --- fckeditor-2.6.6.orig/debian/config/config.php +++ fckeditor-2.6.6/debian/config/config.php @@ -0,0 +1,5 @@ + --- fckeditor-2.6.6.orig/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.cfm +++ fckeditor-2.6.6/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.cfm @@ -65,7 +65,7 @@ - + --- fckeditor-2.6.6.orig/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.pl +++ fckeditor-2.6.6/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.pl @@ -18,7 +18,7 @@ # set the 'wordtext' JavaScript variable to the submitted text. sub printTextVar { for( my $i = 0; $i <= $#textinputs; $i++ ) { - print "textinputs[$i] = decodeURIComponent('" . escapeQuote( $textinputs[$i] ) . "')\n"; + print "textinputs[$i] = decodeURIComponent(\"" . specialchar_cnv( $textinputs[$i] ) . "\");\n"; } } @@ -106,6 +106,18 @@ return $str; } +sub specialchar_cnv +{ + local($ch) = @_; + + $ch =~ s/&/&/g; # & + $ch =~ s/\"/"/g; #" + $ch =~ s/\'/'/g; # ' + $ch =~ s//>/g; # > + return($ch); +} + sub handleError { my $err = shift; print "error = '" . escapeQuote( $err ) . "';\n"; --- fckeditor-2.6.6.orig/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php +++ fckeditor-2.6.6/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php @@ -24,7 +24,7 @@ global $textinputs; foreach( $textinputs as $key=>$val ) { # $val = str_replace( "'", "%27", $val ); - echo "textinputs[$key] = decodeURIComponent(\"" . $val . "\");\n"; + echo "textinputs[$key] = decodeURIComponent(\"" . htmlspecialchars($val, ENT_QUOTES) . "\");\n"; } }