Permalink
Browse files

sanitzed data from POST. fixes #12254.

  • Loading branch information...
1 parent 0f553ed commit bb42b81ae71890b02d871c3dfac3195a521d1cc1 @staabm committed Aug 24, 2012
Showing with 12 additions and 1 deletion.
  1. +12 −1 test/polluted.php
View
@@ -42,11 +42,22 @@
if( count($_POST) ) {
$includes = array();
foreach( $_POST as $name => $ver ){
+ if ( empty( $libraries[ $name ] )) {
+ echo "unsupported library ". $name;
+ exit;
+ }
+
$url = $libraries[ $name ][ "url" ];
if( $name == "YUI" && $ver[0] == "2" ) {
$url = str_replace( "/yui", "/yuiloader", $url, $count = 2 );
}
- $include = "<script src='$baseURL".str_replace("XYZ", $ver, $url, $count = 1)."'></script>\n";
+
+ if ( empty( $libraries[ $name ][ "versions" ][ $ver ] )) {
+ echo "library ". $name ." no supported in version ". $ver;
+ exit;
+ }
+
+ $include = "<script src='$baseURL".str_replace("XYZ", $ver, $url)."'></script>\n";
if( $lib == "prototype" ) { // prototype must be included first
array_unshift( $includes, $include );
} else {

0 comments on commit bb42b81

Please sign in to comment.