Fix #12554. Sanitize data from POST. Close jquerygh-908.

staabm · dmethvin · commit b62e55229107 · 2012-09-09T22:03:25.000-04:00
diff --git a/AUTHORS.txt b/AUTHORS.txt
@@ -131,4 +131,5 @@ Chris Faulkner <thefaulkner@gmail.com>
 Elijah Manor <elijah.manor@gmail.com>
 Daniel Chatfield <chatfielddaniel@googlemail.com>
 Nikita Govorov <nikita.govorov@gmail.com>
-Mike Pennisi <mike@mikepennisi.com>
+Mike Pennisi <mike@mikepennisi.com>
+Markus Staab <markus.staab@redaxo.de>
diff --git a/test/polluted.php b/test/polluted.php
@@ -42,11 +42,22 @@
 	if( count($_POST) ) {
 		$includes = array();
 		foreach( $_POST as $name => $ver ){
+			if ( empty( $libraries[ $name ] )) {
+				echo "unsupported library ". $name;
+				exit;
+			}
+		
 			$url = $libraries[ $name ][ "url" ];
 			if( $name == "YUI" && $ver[0] == "2" ) {
-				$url = str_replace( "/yui", "/yuiloader", $url, $count = 2 );
+				$url = str_replace( "/yui", "/yuiloader", $url);
+			}
+			
+			if ( empty( $libraries[ $name ][ "versions" ][ $ver ] )) {
+				echo "library ". $name ." not supported in version ". $ver;
+				exit;
 			}
-			$include = "<script src='$baseURL".str_replace("XYZ", $ver, $url, $count = 1)."'></script>\n";
+			
+			$include = "<script src='$baseURL".str_replace("XYZ", $ver, $url)."'></script>\n";
 			if( $lib == "prototype" ) { // prototype must be included first
 				array_unshift( $includes, $include );
 			} else {

-Original file line number
+Diff line change
 Elijah Manor <[email protected]>
 Daniel Chatfield <[email protected]>
 Nikita Govorov <[email protected]>
 -Mike Pennisi <[email protected]>
 +Mike Pennisi <[email protected]>
 +Markus Staab <[email protected]>