Permalink
Browse files

Fix #12554. Sanitize data from POST. Close gh-908.

  • Loading branch information...
1 parent 5fb258b commit b62e5522910766a8fb9f1cf29e069360ae75a902 @staabm staabm committed with dmethvin Sep 10, 2012
Showing with 15 additions and 3 deletions.
  1. +2 −1 AUTHORS.txt
  2. +13 −2 test/polluted.php
View
@@ -131,4 +131,5 @@ Chris Faulkner <thefaulkner@gmail.com>
Elijah Manor <elijah.manor@gmail.com>
Daniel Chatfield <chatfielddaniel@googlemail.com>
Nikita Govorov <nikita.govorov@gmail.com>
-Mike Pennisi <mike@mikepennisi.com>
+Mike Pennisi <mike@mikepennisi.com>
+Markus Staab <markus.staab@redaxo.de>
View
@@ -42,11 +42,22 @@
if( count($_POST) ) {
$includes = array();
foreach( $_POST as $name => $ver ){
+ if ( empty( $libraries[ $name ] )) {
+ echo "unsupported library ". $name;
+ exit;
+ }
+
$url = $libraries[ $name ][ "url" ];
if( $name == "YUI" && $ver[0] == "2" ) {
- $url = str_replace( "/yui", "/yuiloader", $url, $count = 2 );
+ $url = str_replace( "/yui", "/yuiloader", $url);
+ }
+
+ if ( empty( $libraries[ $name ][ "versions" ][ $ver ] )) {
+ echo "library ". $name ." not supported in version ". $ver;
+ exit;
}
- $include = "<script src='$baseURL".str_replace("XYZ", $ver, $url, $count = 1)."'></script>\n";
+
+ $include = "<script src='$baseURL".str_replace("XYZ", $ver, $url)."'></script>\n";
if( $lib == "prototype" ) { // prototype must be included first
array_unshift( $includes, $include );
} else {

3 comments on commit b62e552

@DBJDBJ
DBJDBJ commented on b62e552 Sep 12, 2012

Hi Dave Methwin ;o) Thank You for sending me contributors email. I am really honoured.
When I can hope to see my name in the AUTORS.txt ?

@dmethvin
Member
@DBJDBJ
DBJDBJ commented on b62e552 Sep 14, 2012

Even better .... Thanks ;o)

Please sign in to comment.