-CKEditor 4 Changelog\r
-====================\r
-\r
-## CKEditor 4.0.1\r
-\r
-Fixed issues:\r
-\r
-* [#9655](http://dev.ckeditor.com/ticket/9655): Support for IE Quirks Mode in new Moono skin.\r
-* Accessibility issues (mainly on inline editor): [#9364](http://dev.ckeditor.com/ticket/9364), [#9368](http://dev.ckeditor.com/ticket/9368), [#9369](http://dev.ckeditor.com/ticket/9369), [#9370](http://dev.ckeditor.com/ticket/9370), [#9541](http://dev.ckeditor.com/ticket/9541), [#9543](http://dev.ckeditor.com/ticket/9543), [#9841](http://dev.ckeditor.com/ticket/9841), [#9844](http://dev.ckeditor.com/ticket/9844).\r
-* Magic-line:\r
- * [#9481](http://dev.ckeditor.com/ticket/9481): Added accessibility support for Magic-line.\r
- * [#9509](http://dev.ckeditor.com/ticket/9509): Added Magic-line support for forms.\r
- * [#9573](http://dev.ckeditor.com/ticket/9573): Magic-line doesn't disappear on `mouseout` in the specific case.\r
-* [#9754](http://dev.ckeditor.com/ticket/9754): [Webkit] Cut & paste simple unformatted text generates inline wrapper in Webkits.\r
-* [#9456](http://dev.ckeditor.com/ticket/9456): [Chrome] Properly paste bullet list style from MS-Word.\r
-* [#9699](http://dev.ckeditor.com/ticket/9699), [#9758](http://dev.ckeditor.com/ticket/9758): Improved selection locking when selecting by dragging.\r
-* Context menu:\r
- * [#9712](http://dev.ckeditor.com/ticket/9712): Context menu open destroys editor focus.\r
- * [#9366](http://dev.ckeditor.com/ticket/9366): Context menu should be displayed over floating toolbar.\r
- * [#9706](http://dev.ckeditor.com/ticket/9706): Context menu generates JS error in inline mode when editor attached to header element.\r
-* [#9800](http://dev.ckeditor.com/ticket/9800): Hide float panel when resizing window.\r
-* [#9721](http://dev.ckeditor.com/ticket/9721): Padding in content of div based editor puts editing area under bottom UI space.\r
-* [#9528](http://dev.ckeditor.com/ticket/9528): Host page's `box-sizing` style shouldn't influence editor UI elements.\r
-* [#9503](http://dev.ckeditor.com/ticket/9503): Forms plugin adds context menu listeners only on supported input types. Added support for `tel, email, search` and `url` input types.\r
-* [#9769](http://dev.ckeditor.com/ticket/9769): Improved floating toolbar positioning in narrow window.\r
-* [#9875](http://dev.ckeditor.com/ticket/9875): Table dialog doesn't populate width correctly.\r
-* [#8675](http://dev.ckeditor.com/ticket/8675): Deleting cells in nested table removes outer table cell.\r
-* [#9815](http://dev.ckeditor.com/ticket/9815): Can't edit dialog fields on editor initialized in jQuery UI modal dialog.\r
-* [#8888](http://dev.ckeditor.com/ticket/8888): CKEditor dialogs do not show completely in small window.\r
-* [#9360](http://dev.ckeditor.com/ticket/9360): [Inline editor] Blocks shown for a div stay permanently even after user exists editing the div.\r
-* [#9531](http://dev.ckeditor.com/ticket/9531): [Firefox & Inline editor] Toolbar is lost when closing format combo by clicking on its button.\r
-* [#9553](http://dev.ckeditor.com/ticket/9553): Table width incorrectly set when `border-width` style is specified.\r
-* [#9594](http://dev.ckeditor.com/ticket/9594): Cannot tab past CKEditor when it is in read only mode.\r
-* [#9658](http://dev.ckeditor.com/ticket/9658): [IE9] Justify not working on selected image.\r
-* [#9686](http://dev.ckeditor.com/ticket/9686): Added missing contents styles for `<pre>`.\r
-* [#9709](http://dev.ckeditor.com/ticket/9709): PasteFromWord should not depend on configuration from other styles.\r
-* [#9726](http://dev.ckeditor.com/ticket/9726): Removed color dialog dependency from table tools.\r
-* [#9765](http://dev.ckeditor.com/ticket/9765): Toolbar Collapse command documented incorrectly on Accessibility Instructions dialog.\r
-* [#9771](http://dev.ckeditor.com/ticket/9771): [Webkit & Opera] Fixed scrolling issues when pasting.\r
-* [#9787](http://dev.ckeditor.com/ticket/9787): [IE9] onChange isn't fired for checkboxes in dialogs.\r
-* [#9842](http://dev.ckeditor.com/ticket/9842): [Firefox 17] When we open toolbar menu for the first time & press down arrow key, focus goes to next toolbar button instead of menu options.\r
-* [#9847](http://dev.ckeditor.com/ticket/9847): Elements path shouldn't be initialized on inline editor.\r
-* [#9853](http://dev.ckeditor.com/ticket/9853): `Editor#addRemoveFormatFilter` is exposed before it really works.\r
-* [#8893](http://dev.ckeditor.com/ticket/8893): Value of `pasteFromWordCleanupFile` config is now taken from instance configuration.\r
-* [#9693](http://dev.ckeditor.com/ticket/9693): Removed "live preview" checkbox from UI color picker.\r
-\r
-\r
-## CKEditor 4.0\r
-\r
-The first stable release of the new CKEditor 4 code line.\r
-\r
-The CKEditor JavaScript API has been kept compatible with CKEditor 4, whenever\r
-possible. The list of relevant changes can be found in the [API Changes page of\r
-the CKEditor 4 documentation][1].\r
-\r
-[1]: http://docs.ckeditor.com/#!/guide/dev_api_changes "API Changes""\r
+CKEditor 4 Changelog
+====================
+
+## CKEditor 4.0.1.1
+
+* Security update: Added protection against XSS attack and possible path disclosure in PHP sample.
+
+## CKEditor 4.0.1
+
+Fixed issues:
+
+* [#9655](http://dev.ckeditor.com/ticket/9655): Support for IE Quirks Mode in new Moono skin.
+* Accessibility issues (mainly on inline editor): [#9364](http://dev.ckeditor.com/ticket/9364), [#9368](http://dev.ckeditor.com/ticket/9368), [#9369](http://dev.ckeditor.com/ticket/9369), [#9370](http://dev.ckeditor.com/ticket/9370), [#9541](http://dev.ckeditor.com/ticket/9541), [#9543](http://dev.ckeditor.com/ticket/9543), [#9841](http://dev.ckeditor.com/ticket/9841), [#9844](http://dev.ckeditor.com/ticket/9844).
+* Magic-line:
+ * [#9481](http://dev.ckeditor.com/ticket/9481): Added accessibility support for Magic-line.
+ * [#9509](http://dev.ckeditor.com/ticket/9509): Added Magic-line support for forms.
+ * [#9573](http://dev.ckeditor.com/ticket/9573): Magic-line doesn't disappear on `mouseout` in the specific case.
+* [#9754](http://dev.ckeditor.com/ticket/9754): [Webkit] Cut & paste simple unformatted text generates inline wrapper in Webkits.
+* [#9456](http://dev.ckeditor.com/ticket/9456): [Chrome] Properly paste bullet list style from MS-Word.
+* [#9699](http://dev.ckeditor.com/ticket/9699), [#9758](http://dev.ckeditor.com/ticket/9758): Improved selection locking when selecting by dragging.
+* Context menu:
+ * [#9712](http://dev.ckeditor.com/ticket/9712): Context menu open destroys editor focus.
+ * [#9366](http://dev.ckeditor.com/ticket/9366): Context menu should be displayed over floating toolbar.
+ * [#9706](http://dev.ckeditor.com/ticket/9706): Context menu generates JS error in inline mode when editor attached to header element.
+* [#9800](http://dev.ckeditor.com/ticket/9800): Hide float panel when resizing window.
+* [#9721](http://dev.ckeditor.com/ticket/9721): Padding in content of div based editor puts editing area under bottom UI space.
+* [#9528](http://dev.ckeditor.com/ticket/9528): Host page's `box-sizing` style shouldn't influence editor UI elements.
+* [#9503](http://dev.ckeditor.com/ticket/9503): Forms plugin adds context menu listeners only on supported input types. Added support for `tel, email, search` and `url` input types.
+* [#9769](http://dev.ckeditor.com/ticket/9769): Improved floating toolbar positioning in narrow window.
+* [#9875](http://dev.ckeditor.com/ticket/9875): Table dialog doesn't populate width correctly.
+* [#8675](http://dev.ckeditor.com/ticket/8675): Deleting cells in nested table removes outer table cell.
+* [#9815](http://dev.ckeditor.com/ticket/9815): Can't edit dialog fields on editor initialized in jQuery UI modal dialog.
+* [#8888](http://dev.ckeditor.com/ticket/8888): CKEditor dialogs do not show completely in small window.
+* [#9360](http://dev.ckeditor.com/ticket/9360): [Inline editor] Blocks shown for a div stay permanently even after user exists editing the div.
+* [#9531](http://dev.ckeditor.com/ticket/9531): [Firefox & Inline editor] Toolbar is lost when closing format combo by clicking on its button.
+* [#9553](http://dev.ckeditor.com/ticket/9553): Table width incorrectly set when `border-width` style is specified.
+* [#9594](http://dev.ckeditor.com/ticket/9594): Cannot tab past CKEditor when it is in read only mode.
+* [#9658](http://dev.ckeditor.com/ticket/9658): [IE9] Justify not working on selected image.
+* [#9686](http://dev.ckeditor.com/ticket/9686): Added missing contents styles for `<pre>`.
+* [#9709](http://dev.ckeditor.com/ticket/9709): PasteFromWord should not depend on configuration from other styles.
+* [#9726](http://dev.ckeditor.com/ticket/9726): Removed color dialog dependency from table tools.
+* [#9765](http://dev.ckeditor.com/ticket/9765): Toolbar Collapse command documented incorrectly on Accessibility Instructions dialog.
+* [#9771](http://dev.ckeditor.com/ticket/9771): [Webkit & Opera] Fixed scrolling issues when pasting.
+* [#9787](http://dev.ckeditor.com/ticket/9787): [IE9] onChange isn't fired for checkboxes in dialogs.
+* [#9842](http://dev.ckeditor.com/ticket/9842): [Firefox 17] When we open toolbar menu for the first time & press down arrow key, focus goes to next toolbar button instead of menu options.
+* [#9847](http://dev.ckeditor.com/ticket/9847): Elements path shouldn't be initialized on inline editor.
+* [#9853](http://dev.ckeditor.com/ticket/9853): `Editor#addRemoveFormatFilter` is exposed before it really works.
+* [#8893](http://dev.ckeditor.com/ticket/8893): Value of `pasteFromWordCleanupFile` config is now taken from instance configuration.
+* [#9693](http://dev.ckeditor.com/ticket/9693): Removed "live preview" checkbox from UI color picker.
+
+
+## CKEditor 4.0
+
+The first stable release of the new CKEditor 4 code line.
+
+The CKEditor JavaScript API has been kept compatible with CKEditor 4, whenever
+possible. The list of relevant changes can be found in the [API Changes page of
+the CKEditor 4 documentation][1].
+
+[1]: http://docs.ckeditor.com/#!/guide/dev_api_changes "API Changes""
\ No newline at end of file
Copyright (c) 2003-2013, CKSource - Frederico Knabben. All rights reserved.
For licensing, see LICENSE.html or http://ckeditor.com/license
*/
-(function(){if(window.CKEDITOR&&window.CKEDITOR.dom)return;window.CKEDITOR||(window.CKEDITOR=function(){var b={timestamp:"D08E",version:"4.0.1",revision:"d02739be4b",rnd:Math.floor(900*Math.random())+100,_:{pending:[]},status:"unloaded",basePath:function(){var a=window.CKEDITOR_BASEPATH||"";if(!a)for(var b=document.getElementsByTagName("script"),d=0;d<b.length;d++){var c=b[d].src.match(/(^|.*[\\\/])ckeditor(?:_basic)?(?:_source)?.js(?:\?.*)?$/i);if(c){a=c[1];break}}-1==a.indexOf(":/")&&(a=0===a.indexOf("/")?location.href.match(/^.*?:\/\/[^\/]*/)[0]+a:location.href.match(/^[^\?]*\/(?:)/)[0]+
+(function(){if(window.CKEDITOR&&window.CKEDITOR.dom)return;window.CKEDITOR||(window.CKEDITOR=function(){var b={timestamp:"D08E",version:"4.0.1.1",revision:"270438fe31",rnd:Math.floor(900*Math.random())+100,_:{pending:[]},status:"unloaded",basePath:function(){var a=window.CKEDITOR_BASEPATH||"";if(!a)for(var b=document.getElementsByTagName("script"),d=0;d<b.length;d++){var c=b[d].src.match(/(^|.*[\\\/])ckeditor(?:_basic)?(?:_source)?.js(?:\?.*)?$/i);if(c){a=c[1];break}}-1==a.indexOf(":/")&&(a=0===a.indexOf("/")?location.href.match(/^.*?:\/\/[^\/]*/)[0]+a:location.href.match(/^[^\?]*\/(?:)/)[0]+
a);if(!a)throw'The CKEditor installation path could not be automatically detected. Please set the global variable "CKEDITOR_BASEPATH" before creating editor instances.';return a}(),getUrl:function(a){-1==a.indexOf(":/")&&0!==a.indexOf("/")&&(a=this.basePath+a);this.timestamp&&("/"!=a.charAt(a.length-1)&&!/[&?]t=/.test(a))&&(a+=(0<=a.indexOf("?")?"&":"?")+"t="+this.timestamp);return a},domReady:function(){function a(){try{document.addEventListener?(document.removeEventListener("DOMContentLoaded",a,
!1),b()):document.attachEvent&&"complete"===document.readyState&&(document.detachEvent("onreadystatechange",a),b())}catch(d){}}function b(){for(var a;a=d.shift();)a()}var d=[];return function(b){d.push(b);"complete"===document.readyState&&setTimeout(a,1);if(1==d.length)if(document.addEventListener)document.addEventListener("DOMContentLoaded",a,!1),window.addEventListener("load",a,!1);else if(document.attachEvent){document.attachEvent("onreadystatechange",a);window.attachEvent("onload",a);b=!1;try{b=
!window.frameElement}catch(e){}if(document.documentElement.doScroll&&b){var c=function(){try{document.documentElement.doScroll("left")}catch(b){setTimeout(c,1);return}a()};c()}}}}()},c=window.CKEDITOR_GETURL;if(c){var a=b.url;b.url=function(f){return c.call(b,f)||a.call(b,f)}}return b}());
(e=this.icons[a+"-rtl"]);e||(e=this.icons[a])}a=c||e&&e.path||"";d=d||e&&e.offset;return a&&"background-image:url("+CKEDITOR.getUrl(a)+");background-position:0 "+d+"px;"}};CKEDITOR.tools.extend(CKEDITOR.editor.prototype,{getUiColor:function(){return this.uiColor},setUiColor:function(a){var b=f(CKEDITOR.document);return(this.setUiColor=function(a){var c=CKEDITOR.skin.chameleon,d=[[h,a]];this.uiColor=a;e([b],c(this,"editor"),d);e(k,c(this,"panel"),d)}).call(this,a)}});var g="cke_ui_color",k=[],h=/\$color/g;
CKEDITOR.on("instanceLoaded",function(a){if(!CKEDITOR.env.ie||!CKEDITOR.env.quirks){var b=a.editor,a=function(a){a=(a.data[0]||a.data).element.getElementsByTag("iframe").getItem(0).getFrameDocument();if(!a.getById("cke_ui_color")){a=f(a);k.push(a);var c=b.getUiColor();c&&e([a],CKEDITOR.skin.chameleon(b,"panel"),[[h,c]])}};b.on("panelShow",a);b.on("menuShow",a);b.config.uiColor&&b.setUiColor(b.config.uiColor)}})})();
(function(){if(CKEDITOR.env.webkit)CKEDITOR.env.hc=false;else{var b=CKEDITOR.dom.element.createFromHtml('<div style="width:0px;height:0px;position:absolute;left:-10000px;border: 1px solid;border-color: red blue;"></div>',CKEDITOR.document);b.appendTo(CKEDITOR.document.getHead());try{CKEDITOR.env.hc=b.getComputedStyle("border-top-color")==b.getComputedStyle("border-right-color")}catch(c){CKEDITOR.env.hc=false}b.remove()}if(CKEDITOR.env.hc)CKEDITOR.env.cssClass=CKEDITOR.env.cssClass+" cke_hc";CKEDITOR.document.appendStyleText(".cke{visibility:hidden;}");
-CKEDITOR.status="loaded";CKEDITOR.fireOnce("loaded");if(b=CKEDITOR._.pending){delete CKEDITOR._.pending;for(var a=0;a<b.length;a++){CKEDITOR.editor.prototype.constructor.apply(b[a][0],b[a][1]);CKEDITOR.add(b[a][0])}}})();/*
+CKEDITOR.status="loaded";CKEDITOR.fireOnce("loaded");if(b=CKEDITOR._.pending){delete CKEDITOR._.pending;for(var a=0;a<b.length;a++){CKEDITOR.editor.prototype.constructor.apply(b[a][0],b[a][1]);CKEDITOR.add(b[a][0])}}})();
+/*
Copyright (c) 2003-2013, CKSource - Frederico Knabben. All rights reserved.
For licensing, see LICENSE.html or http://ckeditor.com/license
*/
-<!DOCTYPE html>\r
-<?php\r
-/*\r
-Copyright (c) 2003-2013, CKSource - Frederico Knabben. All rights reserved.\r
-For licensing, see LICENSE.html or http://ckeditor.com/license\r
-*/\r
-?>\r
-<html>\r
-<head>\r
- <meta charset="utf-8">\r
- <title>Sample — CKEditor</title>\r
- <link rel="stylesheet" href="sample.css">\r
-</head>\r
-<body>\r
- <h1 class="samples">\r
- CKEditor — Posted Data\r
- </h1>\r
- <table border="1" cellspacing="0" id="outputSample">\r
- <colgroup><col width="120"></colgroup>\r
- <thead>\r
- <tr>\r
- <th>Field Name</th>\r
- <th>Value</th>\r
- </tr>\r
- </thead>\r
-<?php\r
-\r
-if ( isset( $_POST ) )\r
- $postArray = &$_POST ; // 4.1.0 or later, use $_POST\r
-else\r
- $postArray = &$HTTP_POST_VARS ; // prior to 4.1.0, use HTTP_POST_VARS\r
-\r
-foreach ( $postArray as $sForm => $value )\r
-{\r
- if ( get_magic_quotes_gpc() )\r
- $postedValue = htmlspecialchars( stripslashes( $value ) ) ;\r
- else\r
- $postedValue = htmlspecialchars( $value ) ;\r
-\r
-?>\r
- <tr>\r
- <th style="vertical-align: top"><?php echo $sForm?></th>\r
- <td><pre class="samples"><?php echo $postedValue?></pre></td>\r
- </tr>\r
- <?php\r
-}\r
-?>\r
- </table>\r
- <div id="footer">\r
- <hr>\r
- <p>\r
- CKEditor - The text editor for the Internet - <a class="samples" href="http://ckeditor.com/">http://ckeditor.com</a>\r
- </p>\r
- <p id="copy">\r
- Copyright © 2003-2013, <a class="samples" href="http://cksource.com/">CKSource</a> - Frederico Knabben. All rights reserved.\r
- </p>\r
- </div>\r
-</body>\r
-</html>\r
+<!DOCTYPE html>
+<?php
+/*
+Copyright (c) 2003-2013, CKSource - Frederico Knabben. All rights reserved.
+For licensing, see LICENSE.html or http://ckeditor.com/license
+*/
+?>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>Sample — CKEditor</title>
+ <link rel="stylesheet" href="sample.css">
+</head>
+<body>
+ <h1 class="samples">
+ CKEditor — Posted Data
+ </h1>
+ <table border="1" cellspacing="0" id="outputSample">
+ <colgroup><col width="120"></colgroup>
+ <thead>
+ <tr>
+ <th>Field Name</th>
+ <th>Value</th>
+ </tr>
+ </thead>
+<?php
+
+if (!empty($_POST))
+{
+ foreach ( $_POST as $key => $value )
+ {
+ if ( ( !is_string($value) && !is_numeric($value) ) || !is_string($key) )
+ continue;
+
+ if ( get_magic_quotes_gpc() )
+ $value = htmlspecialchars( stripslashes((string)$value) );
+ else
+ $value = htmlspecialchars( (string)$value );
+?>
+ <tr>
+ <th style="vertical-align: top"><?php echo htmlspecialchars( (string)$key ); ?></th>
+ <td><pre class="samples"><?php echo $value; ?></pre></td>
+ </tr>
+ <?php
+ }
+}
+?>
+ </table>
+ <div id="footer">
+ <hr>
+ <p>
+ CKEditor - The text editor for the Internet - <a class="samples" href="http://ckeditor.com/">http://ckeditor.com</a>
+ </p>
+ <p id="copy">
+ Copyright © 2003-2013, <a class="samples" href="http://cksource.com/">CKSource</a> - Frederico Knabben. All rights reserved.
+ </p>
+ </div>
+</body>
+</html>
Got questions, comments, patches, etc.? Contact Jason Woofenden
