Source: php-horde-editor Severity: serious Tags: security Justification: security reason EOL X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Dear Maintainer, ckeditor4 go to EOL since June by upstream. You use ckeditor3. With my javascript hat maint of ckeditor I think we could migrate your software to ckeditor4 I believe the first change is the following patch: diff --git a/Horde_Editor-2.0.5/lib/Horde/Editor/Ckeditor.php b/Horde_Editor-2.0.5/lib/Horde/Editor/Ckeditor.php index 3a58ccd..33e8564 100644 --- a/Horde_Editor-2.0.5/lib/Horde/Editor/Ckeditor.php +++ b/Horde_Editor-2.0.5/lib/Horde/Editor/Ckeditor.php @@ -40,9 +40,7 @@ class Horde_Editor_Ckeditor extends Horde_Editor return; } - $ck_file = empty($params['basic']) - ? 'ckeditor/ckeditor.js' - : 'ckeditor/ckeditor_basic.js'; + $ck_file = 'ckeditor/ckeditor.js'; if (isset($params['config'])) { if (is_array($params['config'])) { @@ -84,6 +82,7 @@ class Horde_Editor_Ckeditor extends Horde_Editor case 'msie': case 'mozilla': case 'opera': + case 'edge': // MSIE: 5.5+ // Firefox: 1.5+ // Opera: 9.5+ After it will need to change if needed the config here in order to remove plugins https://sources.debian.org/src/php-horde- imp/6.2.27-3/imp-6.2.27/lib/Script/Package/Editor.php/?hl=33#L33 I could help if needed but I need a means to test the modification Bastien
signature.asc
Description: This is a digitally signed message part.