WordPress.org

Make WordPress Core

Changeset 37976


Ignore:
Timestamp:
07/05/2016 04:15:04 PM (4 years ago)
Author:
swissspidy
Message:

Update/Install: Reject invalid messages in the Shiny Updates postMessage handler.

This prevents conflicts with third-party messages (e.g. sent by browser extensions). The updates script expects a specific JSON-encoded message and now bails early if it's not valid JSON.

Fixes #37125.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/js/updates.js

    r37974 r37976  
    21452145            }
    21462146
    2147             message = $.parseJSON( originalEvent.data );
     2147            try {
     2148                message = $.parseJSON( originalEvent.data );
     2149            } catch ( e ) {
     2150                return;
     2151            }
    21482152
    21492153            if ( 'undefined' === typeof message.action ) {
Note: See TracChangeset for help on using the changeset viewer.