Context Navigation

← Previous Changeset
Next Changeset →

Changeset 37976

Timestamp:

07/05/2016 04:15:04 PM (5 years ago)

Author:

swissspidy

Message:

Update/Install: Reject invalid messages in the Shiny Updates postMessage handler.

This prevents conflicts with third-party messages (e.g. sent by browser extensions). The updates script expects a specific JSON-encoded message and now bails early if it's not valid JSON.

Fixes #37125.

File:

: 1 edited

trunk/src/wp-admin/js/updates.js (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/src/wp-admin/js/updates.js

-                      r37974
+                      r37976
+            }
+            message = $.parseJSON( originalEvent.data );
+            try {
+                message = $.parseJSON( originalEvent.data );
+            } catch ( e ) {
+                return;
+            }
             if ( 'undefined' === typeof message.action ) {

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

WordPress.org

Make WordPress Core

Context Navigation

Changeset 37976

Legend:

trunk/src/wp-admin/js/updates.js

Download in other formats: