Added error message if the json content got thrown away because there was javascript in it

2024-11-07 08:34:42 +01:00 · 2010-06-29 12:58:55 +00:00 · 2010-06-29 12:58:55 +00:00 · 6558a861a1
commit 6558a861a1
parent c30c4ce198
1 changed files with 4 additions and 0 deletions
--- a/json.php
+++ b/json.php
@ -90,6 +90,10 @@ if (isset($_GET['menuaction']))
 	$json = new egw_json_request();

 	//Check whether the request data is set
+	if (isset($GLOBALS['egw_unset_vars']['_POST[json_data]']))
+	{
+		throw new egw_exception_assertion_failed("JSON Data contains script tags. Aborting...");
+	}
 	$json->parseRequest($_GET['menuaction'], (array)$_POST['json_data']);
 	common::egw_exit();
 }