Fix #12554. Sanitize data from POST. Close gh-908.

AUTHORS.txt

@@ -131,4 +131,5 @@ Chris Faulkner <thefaulkner@gmail.com>
 Elijah Manor <elijah.manor@gmail.com>
 Daniel Chatfield <chatfielddaniel@googlemail.com>
 Nikita Govorov <nikita.govorov@gmail.com>
-Mike Pennisi <mike@mikepennisi.com>
+Mike Pennisi <mike@mikepennisi.com>
+Markus Staab <markus.staab@redaxo.de>

test/polluted.php

@@ -42,11 +42,22 @@
 	if( count($_POST) ) {
 		$includes = array();
 		foreach( $_POST as $name => $ver ){
+			if ( empty( $libraries[ $name ] )) {
+				echo "unsupported library ". $name;
+				exit;
+			}
+		
 			$url = $libraries[ $name ][ "url" ];
 			if( $name == "YUI" && $ver[0] == "2" ) {
-				$url = str_replace( "/yui", "/yuiloader", $url, $count = 2 );
+				$url = str_replace( "/yui", "/yuiloader", $url);
 			}
-			$include = "<script src='$baseURL".str_replace("XYZ", $ver, $url, $count = 1)."'></script>\n";
+			
+			if ( empty( $libraries[ $name ][ "versions" ][ $ver ] )) {
+				echo "library ". $name ." not supported in version ". $ver;
+				exit;
+			}
+			
+			$include = "<script src='$baseURL".str_replace("XYZ", $ver, $url)."'></script>\n";
 			if( $lib == "prototype" ) { // prototype must be included first
 				array_unshift( $includes, $include );
 			} else {