Limit number of included scripts in get_scripts.js.php

This avoids potential DOS, the limit is same as we use for generating the URLs. Signed-off-by: Michal Čihař <michal@cihar.com>
phpmyadmin · Jun 15, 2016 · 4767f24 · 4767f24
1 parent 5633b1d
commit 4767f24
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/js/get_scripts.js.php b/js/get_scripts.js.php
@@ -36,7 +36,8 @@ function () {
 
 $_GET['scripts'] = json_decode($_GET['scripts']);
 if (! empty($_GET['scripts']) && is_array($_GET['scripts'])) {
-    foreach ($_GET['scripts'] as $script) {
+    // Only up to 10 scripts as this is what we generate
+    foreach (array_slice($_GET['scripts'], 0, 10) as $script) {
         // Sanitise filename
         $script_name = 'js';