Skip to site navigation (Press enter)

[webkit-changes] [269282] trunk/Websites/webkit.org

jond Wed, 11 Nov 2020 07:07:58 -0800

Title: [269282] trunk/Websites/webkit.org

Revision: 269282
Author: [email protected]
Date: 2020-11-02 18:09:19 -0800 (Mon, 02 Nov 2020)

Log Message

Input sanitization improvements for Payment Request demo
https://bugs.webkit.org/show_bug.cgi?id=218470


Reviewed by Andy Estes.

* demos/payment-request/merchant-validation.php:

Modified Paths

trunk/Websites/webkit.org/ChangeLog
trunk/Websites/webkit.org/demos/payment-request/merchant-validation.php

Diff

Modified: trunk/Websites/webkit.org/ChangeLog (269281 => 269282)


--- trunk/Websites/webkit.org/ChangeLog	2020-11-03 01:15:13 UTC (rev 269281)
+++ trunk/Websites/webkit.org/ChangeLog	2020-11-03 02:09:19 UTC (rev 269282)
@@ -1,3 +1,12 @@
+2020-11-02  Jon Davis  <[email protected]>
+
+        Input sanitization improvements for Payment Request demo
+        https://bugs.webkit.org/show_bug.cgi?id=218470
+
+        Reviewed by Andy Estes.
+
+        * demos/payment-request/merchant-validation.php:
+
 2020-09-02  Jon Davis  <[email protected]>
 
         Add an STP callout to Web Inspector documentation

Modified: trunk/Websites/webkit.org/demos/payment-request/merchant-validation.php (269281 => 269282)


--- trunk/Websites/webkit.org/demos/payment-request/merchant-validation.php	2020-11-03 01:15:13 UTC (rev 269281)
+++ trunk/Websites/webkit.org/demos/payment-request/merchant-validation.php	2020-11-03 02:09:19 UTC (rev 269282)
@@ -50,7 +50,7 @@
     die('An error occurred parsing the given data in JSON format: ' . $e->getMessage());
 }
 
-$validationURL = isset($postedData['validationURL']) ? $postedData['validationURL'] : '';
+$validationURL = isset($postedData['validationURL']) ? filter_var($postedData['validationURL'], FILTER_SANITIZE_URL) : '';
 $URLcomponents = parse_url($validationURL);
 if (!isset($URLcomponents['scheme']) || !isset($URLcomponents['host']))
     die('The validation URL is not valid.');
@@ -91,7 +91,7 @@
 $curlConnection = curl_init();
 curl_setopt_array($curlConnection, $curlOptions);
 if (!$result = curl_exec($curlConnection))
-    die('An error occurred when connecting to the validation URL: ' . curl_error($curlConnection));
+    die('An error occurred when connecting to the validation URL.'));
 
 curl_close($curlConnection);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes