diff options
Diffstat (limited to 'demos/autocomplete/search.php')
| -rw-r--r-- | demos/autocomplete/search.php | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/demos/autocomplete/search.php b/demos/autocomplete/search.php index 04bda4224..6ab404ccb 100644 --- a/demos/autocomplete/search.php +++ b/demos/autocomplete/search.php @@ -1,6 +1,6 @@ <?php -sleep( 3 ); +sleep( 2 ); // no term passed - just exit early with no response if (empty($_GET['term'])) exit ; $q = strtolower($_GET["term"]); @@ -573,7 +573,6 @@ $items = array( "Heuglin's Gull"=>"Larus heuglini" ); - $result = array(); foreach ($items as $key=>$value) { if (strpos(strtolower($key), $q) !== false) { @@ -584,6 +583,15 @@ foreach ($items as $key=>$value) { } // json_encode is available in PHP 5.2 and above, or you can install a PECL module in earlier versions -echo json_encode($result); +$output = json_encode($result); + +if ($_GET["callback"]) { + // Escape special characters to avoid XSS attacks via direct loads of this + // page with a callback that contains HTML. This is a lot easier than validating + // the callback name. + $output = htmlspecialchars($_GET["callback"]) . "($output);"; +} + +echo $output; -?>
\ No newline at end of file +?> |