Fixed potential vulnerability in CJavaScript::encode(): $safe parameter didn't used to be passed to the recursive method calls.

2026-03-05 07:44:05 +01:00 · 2012-10-09 22:27:15 +06:00
parent dcb752416e
commit 4b3ea3c039
2 changed files with 4 additions and 3 deletions
--- a/framework/web/helpers/CJavaScript.php
+++ b/framework/web/helpers/CJavaScript.php
@@ -83,20 +83,20 @@ class CJavaScript
 		elseif($value instanceof CJavaScriptExpression)
 			return $value->__toString();
 		elseif(is_object($value))
-			return self::encode(get_object_vars($value));
+			return self::encode(get_object_vars($value),$safe);
 		elseif(is_array($value))
 		{
 			$es=array();
 			if(($n=count($value))>0 && array_keys($value)!==range(0,$n-1))
 			{
 				foreach($value as $k=>$v)
-					$es[]="'".self::quote($k)."':".self::encode($v);
+					$es[]="'".self::quote($k)."':".self::encode($v,$safe);
 				return '{'.implode(',',$es).'}';
 			}
 			else
 			{
 				foreach($value as $v)
-					$es[]=self::encode($v);
+					$es[]=self::encode($v,$safe);
 				return '['.implode(',',$es).']';
 			}
 		}