From 9f127793be20c1e23f31c66b5efd4a0acaea2642 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sat, 26 Jan 2013 18:37:09 +0000
Subject: Make JSONP support optional and disabled by default (#12992).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11272 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 lib/redmine/views/builders/json.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/redmine/views/builders/json.rb b/lib/redmine/views/builders/json.rb
index b55e952e7..feae6de53 100644
--- a/lib/redmine/views/builders/json.rb
+++ b/lib/redmine/views/builders/json.rb
@@ -25,7 +25,10 @@ module Redmine
 
         def initialize(request, response)
           super
-          self.jsonp = (request.params[:callback] || request.params[:jsonp]).to_s.gsub(/[^a-zA-Z0-9_]/, '')
+          callback = request.params[:callback] || request.params[:jsonp]
+          if callback && Setting.jsonp_enabled?
+            self.jsonp = callback.to_s.gsub(/[^a-zA-Z0-9_]/, '')
+          end
         end
 
         def output
-- 
cgit v1.2.3