From 6558a861a1e20c49daddbd7e51c4d8e2a4de4728 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20St=C3=B6ckel?= <andreas.stoeckel@googlemail.com>
Date: Tue, 29 Jun 2010 12:58:55 +0000
Subject: [PATCH] Added error message if the json content got thrown away
 because there was javascript in it

---
 json.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/json.php b/json.php
index 4cb94d984e..fcdd1586da 100644
--- a/json.php
+++ b/json.php
@@ -90,6 +90,10 @@ if (isset($_GET['menuaction']))
 	$json = new egw_json_request();
 
 	//Check whether the request data is set
+	if (isset($GLOBALS['egw_unset_vars']['_POST[json_data]']))
+	{
+		throw new egw_exception_assertion_failed("JSON Data contains script tags. Aborting...");
+	}
 	$json->parseRequest($_GET['menuaction'], (array)$_POST['json_data']);
 	common::egw_exit();
 }