RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[SECRUITY] Fix XSS vulnerability in API Callback

Browse Source
This commit is contained in:
Sebastian Grewe 2014-06-10 09:45:10 +02:00
parent c381af8291
commit 5d8fecfd81
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/classes/api.class.php
View File

@ -37,8 +37,10 @@ class Api extends Base {
)), $force ? JSON_FORCE_OBJECT : 0
);
// JSONP support issue #1700
if (isset($_REQUEST['callback']))
if (isset($_REQUEST['callback']) && ctype_alpha($_REQUEST['callback'])) {
header('Content-type: application/json; charset=utf-8');
return $_REQUEST['callback'] . '(' . $json . ');';
}
return $json;
}