From 3dd266048b1486801055b8aa56574a71ab0b25a3 Mon Sep 17 00:00:00 2001
From: Tim van Dijen <tvdijen@gmail.com>
Date: Wed, 20 Mar 2019 17:22:08 +0100
Subject: [PATCH] Use sanitized request-data

Silence scrutinizer
---
 modules/discopower/www/tablist.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/discopower/www/tablist.php b/modules/discopower/www/tablist.php
index 9f58fe513..9b6319bbd 100644
--- a/modules/discopower/www/tablist.php
+++ b/modules/discopower/www/tablist.php
@@ -17,12 +17,12 @@ if (!is_array($tabs)) {
 
 // handle JSON vs JSONP requests
 if (isset($_REQUEST['callback'])) {
-    if (!preg_match('/^[a-z0-9_]+$/i', $_REQUEST['callback'])) {
-        throw new \SimpleSAML\Error\Exception('Unsafe JSONP callback function name "'.$_REQUEST['callback'].'"');
+    if (!preg_match('/^[a-z0-9_]+$/i', $_REQUEST['callback'], $matches)) {
+        throw new \SimpleSAML\Error\Exception('Unsafe JSONP callback function name "'.$matches[0].'"');
     }
     $jsonp = true;
     header('Content-Type: application/javascript');
-    echo addslashes($_REQUEST['callback']) . '(';
+    echo addslashes($matches[0]).'(';
 } else {
     $jsonp = false;
     header('Content-Type: application/json');
-- 
GitLab