Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2025-11-06 13:25:44 +01:00
Code Issues Packages Projects Releases Activity

Accept dots in JSONP callback (#13718).

Browse Source 
git-svn-id: http://svn.redmine.org/redmine/trunk@15066 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang
2016-01-16 09:08:06 +00:00
parent 9adf2cb0ea
commit aaeb0807bf
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/redmine/views/builders/json.rb
View File

@@ -27,7 +27,7 @@ module Redmine
super super
callback = request.params[:callback] || request.params[:jsonp] callback = request.params[:callback] || request.params[:jsonp]
if callback && Setting.jsonp_enabled? if callback && Setting.jsonp_enabled?
self.jsonp = callback.to_s.gsub(/[^a-zA-Z0-9_]/, '') self.jsonp = callback.to_s.gsub(/[^a-zA-Z0-9_.]/, '')
end end
end end

4
test/integration/api_test/jsonp_test.rb
View File

@@ -52,11 +52,11 @@ class Redmine::ApiTest::JsonpTest < Redmine::ApiTest::Base
def test_jsonp_should_strip_invalid_characters_from_callback def test_jsonp_should_strip_invalid_characters_from_callback
with_settings :jsonp_enabled => '1' do with_settings :jsonp_enabled => '1' do
get '/trackers.json?callback=+-aA$1_' get '/trackers.json?callback=+-aA$1_.'
end end
assert_response :success assert_response :success
assert_match %r{^aA1_\(\{"trackers":.+\}\)$}, response.body assert_match %r{^aA1_.\(\{"trackers":.+\}\)$}, response.body
assert_equal 'application/javascript; charset=utf-8', response.headers['Content-Type'] assert_equal 'application/javascript; charset=utf-8', response.headers['Content-Type']
end end