Fixed: make sure we do not return as suggestions menu item paths that will be...

Fixed: make sure we do not return as suggestions menu item paths that will be denied by the client-side plugin.

Fixed: make sure we do not return as suggestions menu item paths that will be...
Fixed: make sure we do not return as suggestions menu item paths that will be denied by the client-side plugin.
99fb8ee3 · Henri MEDOT · 9a7b1653 · 99fb8ee3 · 99fb8ee3 · 99fb8ee3
Commit 99fb8ee3 authored Jul 24, 2011 by Henri MEDOT
--- a/ckeditor_link.module
+++ b/ckeditor_link.module
@@ -332,3 +332,7 @@ function ckeditor_link_url($path = NULL, $langcode) {

  return url($path, $options);
 }
+
+function _ckeditor_link_check_path($path) {
+  return preg_match('`^[a-z][\w\/\.-]*$`i', $path);
+}
--- a/includes/ckeditor_link.i18nmenu.inc
+++ b/includes/ckeditor_link.i18nmenu.inc
@@ -31,10 +31,12 @@ function ckeditor_link_ckeditor_link_i18nmenu_autocomplete($string) {
    $sql .= ' ORDER BY link_title';
    $result = db_query_range($sql, $args, 0, 10);
    while ($item = db_fetch_object($result)) {
-      $router_item = menu_get_item($item->link_path);
-      if ($router_item && $router_item['access']) {
-        $path = ckeditor_link_path_prefix_language($item->link_path, $item->language);
-        $matches[$path] = $item->link_title;
+      if (_ckeditor_link_check_path($item->link_path)) {
+        $router_item = menu_get_item($item->link_path);
+        if ($router_item && $router_item['access']) {
+          $path = ckeditor_link_path_prefix_language($item->link_path, $item->language);
+          $matches[$path] = $item->link_title;
+        }
      }
    }
  }

--- a/includes/ckeditor_link.menu.inc
+++ b/includes/ckeditor_link.menu.inc
@@ -23,12 +23,14 @@ function ckeditor_link_ckeditor_link_menu_autocomplete($string) {
    $sql .= ' ORDER BY link_title';
    $result = db_query_range($sql, $args, 0, 10);
    while ($item = db_fetch_object($result)) {
-      $router_item = menu_get_item($item->link_path);
-      if ($router_item && $router_item['access']) {
-        $options = unserialize($item->options);
-        $langcode = (isset($options['langcode'])) ? $options['langcode'] : '';
-        $path = ckeditor_link_path_prefix_language($item->link_path, $langcode);
-        $matches[$path] = $item->link_title;
+      if (_ckeditor_link_check_path($item->link_path)) {
+        $router_item = menu_get_item($item->link_path);
+        if ($router_item && $router_item['access']) {
+          $options = unserialize($item->options);
+          $langcode = (isset($options['langcode'])) ? $options['langcode'] : '';
+          $path = ckeditor_link_path_prefix_language($item->link_path, $langcode);
+          $matches[$path] = $item->link_title;
+        }
      }
    }
  }