diff options
| -rw-r--r-- | web/lib/aurjson.class.php | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index e102fed4..e646c636 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -110,9 +110,13 @@ class AurJSON { return; } - if (isset($http_data['callback'])) { + $callback = $http_data['callback']; + if (isset($callback)) { + if (!preg_match('/^[a-zA-Z0-9().]{1,128}$/D', $callback)) { + return $this->json_error('Invalid callback name.'); + } header('content-type: text/javascript'); - return $http_data['callback'] . "({$json})"; + return '/**/' . $callback . '(' . $json . ')'; } else { header('content-type: application/json'); return $json; |