Created
February 28, 2012 10:45
-
-
Save croxton/1931841 to your computer and use it in GitHub Desktop.
JSONP with ExpressionEngine - core hack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Currently you're stuck if you need to return JSONP from a EE template, because appending callback=? to your uri will make EE throw an Invalid Get Date error. In case you didn't know, JSONP is a great way to do cross-domain AJAX and let your EE website function as a web service. | |
To get round this restriction in EE 2.4 amend line 116 of /system/expressionengine/core/EE_Input.php from: | |
elseif (preg_match("#(;|\?|exec\s*\(|system\s*\(|passthru\s*\(|cmd\s*\(|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})#i", $val)) | |
To: | |
elseif (preg_match("#(;|\?\S+|exec\s*\(|system\s*\(|passthru\s*\(|cmd\s*\(|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})#i", $val)) | |
This still gives you protection against the use of ? in query strings to pass arguments, but allows you to append a ? to the very end of your query only - which is all we need. | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment