Make JSONP support optional and disabled by default (#12992).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11272 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2013-01-26 18:37:09 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2013-01-26 18:37:09 +0000
commit: 9f127793be20c1e23f31c66b5efd4a0acaea2642 (patch)
tree: c3b45ebf7959f1fb6c9693077e12d829567109f8 /lib
parent: 134b66cb290f084a06a8a4ad7a21913cf002ca85 (diff)
download: redmine-9f127793be20c1e23f31c66b5efd4a0acaea2642.tar.gz
redmine-9f127793be20c1e23f31c66b5efd4a0acaea2642.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/redmine/views/builders/json.rb b/lib/redmine/views/builders/json.rb
index b55e952e7..feae6de53 100644
--- a/lib/redmine/views/builders/json.rb
+++ b/lib/redmine/views/builders/json.rb
@@ -25,7 +25,10 @@ module Redmine
 
         def initialize(request, response)
           super
-          self.jsonp = (request.params[:callback] || request.params[:jsonp]).to_s.gsub(/[^a-zA-Z0-9_]/, '')
+          callback = request.params[:callback] || request.params[:jsonp]
+          if callback && Setting.jsonp_enabled?
+            self.jsonp = callback.to_s.gsub(/[^a-zA-Z0-9_]/, '')
+          end
         end
 
         def output
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2013-01-26 18:37:09 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2013-01-26 18:37:09 +0000
commit	9f127793be20c1e23f31c66b5efd4a0acaea2642 (patch)
tree	c3b45ebf7959f1fb6c9693077e12d829567109f8 /lib
parent	134b66cb290f084a06a8a4ad7a21913cf002ca85 (diff)
download	redmine-9f127793be20c1e23f31c66b5efd4a0acaea2642.tar.gz redmine-9f127793be20c1e23f31c66b5efd4a0acaea2642.zip