From: Markus Staab Date: Mon, 10 Sep 2012 02:00:53 +0000 (-0400) Subject: Fix #12554. Sanitize data from POST. Close gh-908. X-Git-Tag: 1.8.2~25 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=b62e5522910766a8fb9f1cf29e069360ae75a902;p=jquery.git Fix #12554. Sanitize data from POST. Close gh-908. --- diff --git a/AUTHORS.txt b/AUTHORS.txt index 43223bd10..f9fdff973 100644 --- a/AUTHORS.txt +++ b/AUTHORS.txt @@ -131,4 +131,5 @@ Chris Faulkner Elijah Manor Daniel Chatfield Nikita Govorov -Mike Pennisi \ No newline at end of file +Mike Pennisi +Markus Staab \ No newline at end of file diff --git a/test/polluted.php b/test/polluted.php index 54b52d20d..31a77c361 100644 --- a/test/polluted.php +++ b/test/polluted.php @@ -42,11 +42,22 @@ if( count($_POST) ) { $includes = array(); foreach( $_POST as $name => $ver ){ + if ( empty( $libraries[ $name ] )) { + echo "unsupported library ". $name; + exit; + } + $url = $libraries[ $name ][ "url" ]; if( $name == "YUI" && $ver[0] == "2" ) { - $url = str_replace( "/yui", "/yuiloader", $url, $count = 2 ); + $url = str_replace( "/yui", "/yuiloader", $url); + } + + if ( empty( $libraries[ $name ][ "versions" ][ $ver ] )) { + echo "library ". $name ." not supported in version ". $ver; + exit; } - $include = "\n"; + + $include = "\n"; if( $lib == "prototype" ) { // prototype must be included first array_unshift( $includes, $include ); } else {