add basic validation of callback name

2012-03-20 11:05:22 +01:00 · 2012-03-20 11:05:22 +01:00 · 601b87ca01
commit 601b87ca01
parent 266f76d963
2 changed files with 16 additions and 0 deletions
--- a/src/Symfony/Component/HttpFoundation/JsonResponse.php
+++ b/src/Symfony/Component/HttpFoundation/JsonResponse.php
@ -56,6 +56,14 @@ class JsonResponse extends Response
     */
    public function setCallback($callback = null)
    {
+        if ($callback) {
+            // taken from http://www.geekality.net/2011/08/03/valid-javascript-identifier/
+            $pattern = '/^[$_\p{L}][$_\p{L}\p{Mn}\p{Mc}\p{Nd}\p{Pc}\x{200C}\x{200D}]*+$/u';
+            if (!preg_match($pattern, $callback)) {
+                throw new \InvalidArgumentException('The callback name is not valid.');
+            }
+        }
+
        $this->callback = $callback;

        return $this->update();
--- a/tests/Symfony/Tests/Component/HttpFoundation/JsonResponseTest.php
+++ b/tests/Symfony/Tests/Component/HttpFoundation/JsonResponseTest.php
@ -104,4 +104,12 @@ class JsonResponseTest extends \PHPUnit_Framework_TestCase
        $this->assertEquals('callback({"foo":"bar"});', $response->getContent());
        $this->assertEquals('text/javascript', $response->headers->get('Content-Type'));
    }
+
+    public function testSetCallbackInvalidIdentifier()
+    {
+        $response = new JsonResponse('foo');
+
+        $this->setExpectedException('InvalidArgumentException');
+        $response->setCallback('+invalid');
+    }
 }