Skip to content

Commit 4767f24

Browse files
committed
Limit number of included scripts in get_scripts.js.php
This avoids potential DOS, the limit is same as we use for generating the URLs. Signed-off-by: Michal Čihař <michal@cihar.com>
1 parent 5633b1d commit 4767f24

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

Diff for: js/get_scripts.js.php

+2-1
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,8 @@ function () {
3636

3737
$_GET['scripts'] = json_decode($_GET['scripts']);
3838
if (! empty($_GET['scripts']) && is_array($_GET['scripts'])) {
39-
foreach ($_GET['scripts'] as $script) {
39+
// Only up to 10 scripts as this is what we generate
40+
foreach (array_slice($_GET['scripts'], 0, 10) as $script) {
4041
// Sanitise filename
4142
$script_name = 'js';
4243

0 commit comments

Comments
 (0)