Validate JS callback is valid identifier for jsonp

author Michael Ang <mang@archive.org>

Fri, 5 Mar 2010 22:32:08 +0000 (22:32 +0000)

committer Michael Ang <mang@archive.org>

Fri, 5 Mar 2010 22:32:08 +0000 (22:32 +0000)
author Michael Ang <mang@archive.org>
Fri, 5 Mar 2010 22:32:08 +0000 (22:32 +0000)
committer Michael Ang <mang@archive.org>
Fri, 5 Mar 2010 22:32:08 +0000 (22:32 +0000)
diff --git a/BookReaderIA/datanode/BookReaderImages.php b/BookReaderIA/datanode/BookReaderImages.php

index 9128489..90debd4 100644 (file)
--- a/BookReaderIA/datanode/BookReaderImages.php
+++ b/BookReaderIA/datanode/BookReaderImages.php
@@ -48,11 +48,15 @@ if (isset($_REQUEST['ext'])) {
    $ext = $_REQUEST['ext'];
  } else {
    // Default to jpg
-  $ext = 'jpg';
+  $ext = 'jpeg';
  }
  if (isset($_REQUEST['callback'])) {
-  // XXX sanitize
+  // validate callback is valid JS identifier (only)
    $callback = $_REQUEST['callback'];
+  $identifierPatt = '/^[[:alpha:]$_]([[:alnum:]$_])*$/';
+  if (! preg_match($identifierPatt, $callback)) {
+    BRfatal('Invalid callback');
+  }
  } else {
    $callback = null;
  }
author	Michael Ang <mang@archive.org>
	Fri, 5 Mar 2010 22:32:08 +0000 (22:32 +0000)
committer	Michael Ang <mang@archive.org>
	Fri, 5 Mar 2010 22:32:08 +0000 (22:32 +0000)