Fix #12554. Sanitize data from POST. Close gh-908.

jquery · Sep 10, 2012 · b62e552 · b62e552 · DBJDBJ · Sep 12, 2012
1 parent 5fb258b
commit b62e552
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 3 deletions.
diff --git a/AUTHORS.txt b/AUTHORS.txt
@@ -131,4 +131,5 @@ Chris Faulkner <thefaulkner@gmail.com>
 Elijah Manor <elijah.manor@gmail.com>
 Daniel Chatfield <chatfielddaniel@googlemail.com>
 Nikita Govorov <nikita.govorov@gmail.com>
-Mike Pennisi <mike@mikepennisi.com>
+Mike Pennisi <mike@mikepennisi.com>
+Markus Staab <markus.staab@redaxo.de>
diff --git a/test/polluted.php b/test/polluted.php
@@ -42,11 +42,22 @@
 	if( count($_POST) ) {
 		$includes = array();
 		foreach( $_POST as $name => $ver ){
+			if ( empty( $libraries[ $name ] )) {
+				echo "unsupported library ". $name;
+				exit;
+			}
+
 			$url = $libraries[ $name ][ "url" ];
 			if( $name == "YUI" && $ver[0] == "2" ) {
-				$url = str_replace( "/yui", "/yuiloader", $url, $count = 2 );
+				$url = str_replace( "/yui", "/yuiloader", $url);
+			}
+
+			if ( empty( $libraries[ $name ][ "versions" ][ $ver ] )) {
+				echo "library ". $name ." not supported in version ". $ver;
+				exit;
 			}
-			$include = "<script src='$baseURL".str_replace("XYZ", $ver, $url, $count = 1)."'></script>\n";
+
+			$include = "<script src='$baseURL".str_replace("XYZ", $ver, $url)."'></script>\n";
 			if( $lib == "prototype" ) { // prototype must be included first
 				array_unshift( $includes, $include );
 			} else {