Fix #12554. Sanitize data from POST. Close gh-908.

author Markus Staab <markus.staab@redaxo.de>

Mon, 10 Sep 2012 02:00:53 +0000 (22:00 -0400)

committer Dave Methvin <dave.methvin@gmail.com>

Mon, 10 Sep 2012 02:03:25 +0000 (22:03 -0400)
author Markus Staab <markus.staab@redaxo.de>
Mon, 10 Sep 2012 02:00:53 +0000 (22:00 -0400)
committer Dave Methvin <dave.methvin@gmail.com>
Mon, 10 Sep 2012 02:03:25 +0000 (22:03 -0400)
diff --git a/AUTHORS.txt b/AUTHORS.txt

index 43223bd10c07f092597a01f235e221da39a688ec..f9fdff973a9e4eb9e088e4fdd2f2a32fe18d3204 100644 (file)
--- a/AUTHORS.txt
+++ b/AUTHORS.txt
@@ -131,4 +131,5 @@ Chris Faulkner <thefaulkner@gmail.com>
  Elijah Manor <elijah.manor@gmail.com>
  Daniel Chatfield <chatfielddaniel@googlemail.com>
  Nikita Govorov <nikita.govorov@gmail.com>
-Mike Pennisi <mike@mikepennisi.com>
-\ No newline at end of file
+Mike Pennisi <mike@mikepennisi.com>
+Markus Staab <markus.staab@redaxo.de>
+\ No newline at end of file
diff --git a/test/polluted.php b/test/polluted.php

index 54b52d20d066154d8b617846bca6a127a1bd7b42..31a77c36196b449cb5a4851a480fcf6e8b393067 100644 (file)
--- a/test/polluted.php
+++ b/test/polluted.php
@@ -42,11 +42,22 @@
         if( count($_POST) ) {
                 $includes = array();
                 foreach( $_POST as $name => $ver ){
+                       if ( empty( $libraries[ $name ] )) {
+                               echo "unsupported library ". $name;
+                               exit;
+                       }
+               
                         $url = $libraries[ $name ][ "url" ];
                         if( $name == "YUI" && $ver[0] == "2" ) {
-                               $url = str_replace( "/yui", "/yuiloader", $url, $count = 2 );
+                               $url = str_replace( "/yui", "/yuiloader", $url);
+                       }
+                       
+                       if ( empty( $libraries[ $name ][ "versions" ][ $ver ] )) {
+                               echo "library ". $name ." not supported in version ". $ver;
+                               exit;
                         }
-                       $include = "<script src='$baseURL".str_replace("XYZ", $ver, $url, $count = 1)."'></script>\n";
+                       
+                       $include = "<script src='$baseURL".str_replace("XYZ", $ver, $url)."'></script>\n";
                         if( $lib == "prototype" ) { // prototype must be included first
                                 array_unshift( $includes, $include );
                         } else {
author	Markus Staab <markus.staab@redaxo.de>
	Mon, 10 Sep 2012 02:00:53 +0000 (22:00 -0400)
committer	Dave Methvin <dave.methvin@gmail.com>
	Mon, 10 Sep 2012 02:03:25 +0000 (22:03 -0400)
AUTHORS.txt		patch \| blob \| history
test/polluted.php		patch \| blob \| history