Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

sanitzed data from POST. fixes #12254. #908

Closed
wants to merge 3 commits into from

3 participants

Markus Staab Mike Sherov Dave Methvin
test/polluted.php
((9 lines not shown))
45 50 $url = $libraries[ $name ][ "url" ];
46 51 if( $name == "YUI" && $ver[0] == "2" ) {
47 52 $url = str_replace( "/yui", "/yuiloader", $url, $count = 2 );
48 53 }
49   - $include = "<script src='$baseURL".str_replace("XYZ", $ver, $url, $count = 1)."'></script>\n";
  54 +
  55 + if ( empty( $libraries[ $name ][ "versions" ][ $ver ] )) {
  56 + echo "library ". $name ." no supported in version ". $ver;
  57 + exit;
  58 + }
  59 +
  60 + $include = "<script src='$baseURL".str_replace("XYZ", $ver, $url)."'></script>\n";
2
Mike Sherov Collaborator

what happened to $count = 1 parameter here?

Markus Staab
staabm added a note

The parameter is passed by reference and hold the value how many args have been replaced. Since it is not read after the call it is not necessary..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
test/polluted.php
((9 lines not shown))
45 50 $url = $libraries[ $name ][ "url" ];
46 51 if( $name == "YUI" && $ver[0] == "2" ) {
47 52 $url = str_replace( "/yui", "/yuiloader", $url, $count = 2 );
48 53 }
49   - $include = "<script src='$baseURL".str_replace("XYZ", $ver, $url, $count = 1)."'></script>\n";
  54 +
  55 + if ( empty( $libraries[ $name ][ "versions" ][ $ver ] )) {
  56 + echo "library ". $name ." no supported in version ". $ver;
2
Mike Sherov Collaborator

typo: 'no => not

Markus Staab
staabm added a note

Will fix it on monday

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Markus Staab

@mikesherov fixed the typo and removed another occurence of a $count = XX var, which also was un-necessary.

Mike Sherov
Collaborator

Looks good to me!

Markus Staab staabm deleted the branch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.

Showing 1 changed file with 13 additions and 2 deletions. Show diff stats Hide diff stats

  1. +13 2 test/polluted.php
15 test/polluted.php
@@ -42,11 +42,22 @@
42 42 if( count($_POST) ) {
43 43 $includes = array();
44 44 foreach( $_POST as $name => $ver ){
  45 + if ( empty( $libraries[ $name ] )) {
  46 + echo "unsupported library ". $name;
  47 + exit;
  48 + }
  49 +
45 50 $url = $libraries[ $name ][ "url" ];
46 51 if( $name == "YUI" && $ver[0] == "2" ) {
47   - $url = str_replace( "/yui", "/yuiloader", $url, $count = 2 );
  52 + $url = str_replace( "/yui", "/yuiloader", $url);
  53 + }
  54 +
  55 + if ( empty( $libraries[ $name ][ "versions" ][ $ver ] )) {
  56 + echo "library ". $name ." not supported in version ". $ver;
  57 + exit;
48 58 }
49   - $include = "<script src='$baseURL".str_replace("XYZ", $ver, $url, $count = 1)."'></script>\n";
  59 +
  60 + $include = "<script src='$baseURL".str_replace("XYZ", $ver, $url)."'></script>\n";
50 61 if( $lib == "prototype" ) { // prototype must be included first
51 62 array_unshift( $includes, $include );
52 63 } else {

Tip: You can add notes to lines in a file. Hover to the left of a line to make a note

Something went wrong with that request. Please try again.