Skip to content
Permalink
Browse files

Fix #12554. Sanitize data from POST. Close gh-908.

  • Loading branch information...
staabm authored and dmethvin committed Sep 10, 2012
1 parent 5fb258b commit b62e5522910766a8fb9f1cf29e069360ae75a902
Showing with 15 additions and 3 deletions.
  1. +2 −1 AUTHORS.txt
  2. +13 −2 test/polluted.php
@@ -131,4 +131,5 @@ Chris Faulkner <thefaulkner@gmail.com>
Elijah Manor <elijah.manor@gmail.com>
Daniel Chatfield <chatfielddaniel@googlemail.com>
Nikita Govorov <nikita.govorov@gmail.com>
Mike Pennisi <mike@mikepennisi.com>
Mike Pennisi <mike@mikepennisi.com>
Markus Staab <markus.staab@redaxo.de>
@@ -42,11 +42,22 @@
if( count($_POST) ) {
$includes = array();
foreach( $_POST as $name => $ver ){
if ( empty( $libraries[ $name ] )) {
echo "unsupported library ". $name;
exit;
}
$url = $libraries[ $name ][ "url" ];
if( $name == "YUI" && $ver[0] == "2" ) {
$url = str_replace( "/yui", "/yuiloader", $url, $count = 2 );
$url = str_replace( "/yui", "/yuiloader", $url);
}
if ( empty( $libraries[ $name ][ "versions" ][ $ver ] )) {
echo "library ". $name ." not supported in version ". $ver;
exit;
}
$include = "<script src='$baseURL".str_replace("XYZ", $ver, $url, $count = 1)."'></script>\n";
$include = "<script src='$baseURL".str_replace("XYZ", $ver, $url)."'></script>\n";
if( $lib == "prototype" ) { // prototype must be included first
array_unshift( $includes, $include );
} else {

3 comments on commit b62e552

@DBJDBJ

This comment has been minimized.

Copy link

replied Sep 12, 2012

Hi Dave Methwin ;o) Thank You for sending me contributors email. I am really honoured.
When I can hope to see my name in the AUTORS.txt ?

@dmethvin

This comment has been minimized.

Copy link
Member

replied Sep 13, 2012

@DBJDBJ

This comment has been minimized.

Copy link

replied Sep 14, 2012

Even better .... Thanks ;o)

Please sign in to comment.
You can’t perform that action at this time.