Permalink
Browse files

Script loader: Chunk the script names as passed to load-scripts.php i…

…nto 128-character pieces. Avoids hitting a limit for the length of a single variable, such as suhosin.get.max_value_length which defaults to 512. fixes #22757.

git-svn-id: http://core.svn.wordpress.org/trunk@23074 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information...
1 parent fb433d2 commit 2763e74dd8f4f645c304917608a611c2da804b98 @nacin nacin committed Dec 5, 2012
Showing with 10 additions and 3 deletions.
  1. +5 −1 wp-admin/load-scripts.php
  2. +5 −2 wp-includes/script-loader.php
@@ -114,7 +114,11 @@ function get_file($path) {
return @file_get_contents($path);
}
-$load = preg_replace( '/[^a-z0-9,_-]+/i', '', $_GET['load'] );
+$load = $_GET['load'];
+if ( is_array( $load ) )
+ $load = implode( '', $load );
+
+$load = preg_replace( '/[^a-z0-9,_-]+/i', '', $load );
$load = explode(',', $load);
if ( empty($load) )
@@ -689,7 +689,7 @@ function _print_scripts() {
if ( $zip && defined('ENFORCE_GZIP') && ENFORCE_GZIP )
$zip = 'gzip';
- if ( !empty($wp_scripts->concat) ) {
+ if ( $concat = trim( $wp_scripts->concat, ', ' ) ) {
if ( !empty($wp_scripts->print_code) ) {
echo "\n<script type='text/javascript'>\n";
@@ -699,7 +699,10 @@ function _print_scripts() {
echo "</script>\n";
}
- $src = $wp_scripts->base_url . "/wp-admin/load-scripts.php?c={$zip}&load=" . trim($wp_scripts->concat, ', ') . '&ver=' . $wp_scripts->default_version;
+ $concat = str_split( $concat, 128 );
+ $concat = 'load[]=' . implode( '&load[]=', $concat );
+
+ $src = $wp_scripts->base_url . "/wp-admin/load-scripts.php?c={$zip}&" . $concat . '&ver=' . $wp_scripts->default_version;
echo "<script type='text/javascript' src='" . esc_attr($src) . "'></script>\n";
}

0 comments on commit 2763e74

Please sign in to comment.