Author: annis
Date: 2010-04-29 12:19:04 +0200 (Thu, 29 Apr 2010)
New Revision: 29313
Modified:
plugins/ahDoctrineEasyEmbeddedRelationsPlugin/trunk/lib/form/ahNewRelationField.php
Log:
Merge branch 'master' into HEAD
Modified:
plugins/ahDoctrineEasyEmbeddedRelationsPlugin/trunk/lib/form/ahNewRelationField.php
===================================================================
---
plugins/ahDoctrineEasyEmbeddedRelationsPlugin/trunk/lib/form/ahNewRelationField.php
2010-04-29 08:37:14 UTC (rev 29312)
+++
plugins/ahDoctrineEasyEmbeddedRelationsPlugin/trunk/lib/form/ahNewRelationField.php
2010-04-29 10:19:04 UTC (rev 29313)
@@ -22,7 +22,11 @@
public function getJavaScripts()
{
if (false === $this->getOption('addJavascript')) return array();
-
- return
array(sprintf('/ahDoctrineEasyEmbeddedRelationsPlugin/js/ahDoctrineEasyEmbeddedRelationsPlugin.%s.js',
$this->getOption('addJavascript')));
+
+ // allow only 0-9,a-z,A-Z,- and _ for framework name (LFI protection)
+ $cleanFrameworkName = preg_replace('#[^0-9a-z._-]#i', '',
$this->getOption('useJSFramework'));
+
+ $filename = sprintf('ahDoctrineEasyEmbeddedRelationsPlugin.%s.js',
$cleanFrameworkName);
+ return array('/ahDoctrineEasyEmbeddedRelationsPlugin/js/' . $filename);
}
}
\ No newline at end of file
--
You received this message because you are subscribed to the Google Groups
"symfony SVN" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/symfony-svn?hl=en.
