Skip to content

Commit

Permalink
Merge pull request #1553 from NatLibFi/fix-jsonp-callback-filter
Browse files Browse the repository at this point in the history 
Harden JSONP callback filter
  • Loading branch information
@osma
osma authored Nov 22, 2023
2 parents e9e5447 + 33ef7e8 commit 88c2c78
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion controller/RestController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ private function returnJson($data)
// wrap with JSONP callback if requested
if (filter_input(INPUT_GET, 'callback', FILTER_SANITIZE_FULL_SPECIAL_CHARS)) {
header("Content-type: application/javascript; charset=utf-8");
echo filter_input(INPUT_GET, 'callback', FILTER_UNSAFE_RAW) . "(" . json_encode($data) . ");";
echo filter_input(INPUT_GET, 'callback', FILTER_SANITIZE_FULL_SPECIAL_CHARS) . "(" . json_encode($data) . ");";
return;
}

Expand Down

0 comments on commit 88c2c78

Please sign in to comment.