Source: php-horde-editor Severity: serious Tags: security Justification: security reason EOL X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Dear Maintainer,
ckeditor4 go to EOL since June by upstream.
You use ckeditor3. With my javascript hat maint of ckeditor I think we could
migrate your software to ckeditor4
I believe the first change is the following patch:
diff --git a/Horde_Editor-2.0.5/lib/Horde/Editor/Ckeditor.php
b/Horde_Editor-2.0.5/lib/Horde/Editor/Ckeditor.php
index 3a58ccd..33e8564 100644
--- a/Horde_Editor-2.0.5/lib/Horde/Editor/Ckeditor.php
+++ b/Horde_Editor-2.0.5/lib/Horde/Editor/Ckeditor.php
@@ -40,9 +40,7 @@ class Horde_Editor_Ckeditor extends Horde_Editor
return;
}
- $ck_file = empty($params['basic'])
- ? 'ckeditor/ckeditor.js'
- : 'ckeditor/ckeditor_basic.js';
+ $ck_file = 'ckeditor/ckeditor.js';
if (isset($params['config'])) {
if (is_array($params['config'])) {
@@ -84,6 +82,7 @@ class Horde_Editor_Ckeditor extends Horde_Editor
case 'msie':
case 'mozilla':
case 'opera':
+ case 'edge':
// MSIE: 5.5+
// Firefox: 1.5+
// Opera: 9.5+
After it will need to change if needed the config here in order to remove
plugins
https://sources.debian.org/src/php-horde-
imp/6.2.27-3/imp-6.2.27/lib/Script/Package/Editor.php/?hl=33#L33
I could help if needed but I need a means to test the modification
Bastien
signature.asc
Description: This is a digitally signed message part.
