From: Markus Staab <markus.staab@redaxo.de>
Date: Mon, 10 Sep 2012 02:00:53 +0000 (-0400)
Subject: Fix #12554. Sanitize data from POST. Close gh-908.
X-Git-Tag: 1.8.2~25
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=b62e5522910766a8fb9f1cf29e069360ae75a902;p=jquery.git

Fix #12554. Sanitize data from POST. Close gh-908.
---

diff --git a/AUTHORS.txt b/AUTHORS.txt
index 43223bd10..f9fdff973 100644
--- a/AUTHORS.txt
+++ b/AUTHORS.txt
@@ -131,4 +131,5 @@ Chris Faulkner <thefaulkner@gmail.com>
 Elijah Manor <elijah.manor@gmail.com>
 Daniel Chatfield <chatfielddaniel@googlemail.com>
 Nikita Govorov <nikita.govorov@gmail.com>
-Mike Pennisi <mike@mikepennisi.com>
\ No newline at end of file
+Mike Pennisi <mike@mikepennisi.com>
+Markus Staab <markus.staab@redaxo.de>
\ No newline at end of file
diff --git a/test/polluted.php b/test/polluted.php
index 54b52d20d..31a77c361 100644
--- a/test/polluted.php
+++ b/test/polluted.php
@@ -42,11 +42,22 @@
 	if( count($_POST) ) {
 		$includes = array();
 		foreach( $_POST as $name => $ver ){
+			if ( empty( $libraries[ $name ] )) {
+				echo "unsupported library ". $name;
+				exit;
+			}
+		
 			$url = $libraries[ $name ][ "url" ];
 			if( $name == "YUI" && $ver[0] == "2" ) {
-				$url = str_replace( "/yui", "/yuiloader", $url, $count = 2 );
+				$url = str_replace( "/yui", "/yuiloader", $url);
+			}
+			
+			if ( empty( $libraries[ $name ][ "versions" ][ $ver ] )) {
+				echo "library ". $name ." not supported in version ". $ver;
+				exit;
 			}
-			$include = "<script src='$baseURL".str_replace("XYZ", $ver, $url, $count = 1)."'></script>\n";
+			
+			$include = "<script src='$baseURL".str_replace("XYZ", $ver, $url)."'></script>\n";
 			if( $lib == "prototype" ) { // prototype must be included first
 				array_unshift( $includes, $include );
 			} else {