Use sanitized request-data

Silence scrutinizer

Use sanitized request-data
Silence scrutinizer
3dd26604 · Tim van Dijen · GitHub · d9ec7129 · 3dd26604
Unverified Commit 3dd26604 authored 6 years ago by Tim van Dijen Committed by GitHub 6 years ago
--- a/modules/discopower/www/tablist.php
+++ b/modules/discopower/www/tablist.php
@@ -17,12 +17,12 @@ if (!is_array($tabs)) {
 // handle JSON vs JSONP requests
 if (isset($_REQUEST['callback'])) {
-    if (!preg_match('/^[a-z0-9_]+$/i', $_REQUEST['callback'])) {
+    if (!preg_match('/^[a-z0-9_]+$/i', $_REQUEST['callback'], $matches)) {
-        throw new \SimpleSAML\Error\Exception('Unsafe JSONP callback function name "'.$_REQUEST['callback'].'"');
+        throw new \SimpleSAML\Error\Exception('Unsafe JSONP callback function name "'.$matches[0].'"');
    }
    $jsonp = true;
    header('Content-Type: application/javascript');
-    echo addslashes($_REQUEST['callback']) . '(';
+    echo addslashes($matches[0]).'(';
 } else {
    $jsonp = false;
    header('Content-Type: application/json');