yetangitu/ampache
1
0
Fork 0
mirror of https://github.com/Yetangitu/ampache synced 2025-10-05 10:49:37 +02:00
Code Issues Releases Wiki Activity

Clean JSON output of user-controlled strings

Browse source 
JSON has some strict rules about what can be escaped, and we should have
been scrubbing to entities all along.
This commit is contained in:
Paul Arthur 2012-03-09 14:02:50 -05:00
parent a7b336e326
commit e8f4577d9a
2 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
lib/javascript/search-data.php
View file

@ -29,7 +29,9 @@ function arrayToJSON($array) {
$json .= arrayToJSON($value);
}
else {
$json .= '"' . $value . '"';
// Make sure to strip backslashes and convert things to
// entities in our output
$json .= '"' . scrub_out(str_replace('\\', '', $value)) . '"';
}
$json .= ' , ';
}