From aaeb0807bfd7f22433a2dd84ec7145b501465bb6 2016-01-16 09:08:06
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: 2016-01-16 09:08:06
Subject: [PATCH] Accept dots in JSONP callback (#13718).

git-svn-id: http://svn.redmine.org/redmine/trunk@15066 e93f8b46-1217-0410-a6f0-8f06a7374b81

---

diff --git a/lib/redmine/views/builders/json.rb b/lib/redmine/views/builders/json.rb
index 50833fd..5a38ee0 100644
--- a/lib/redmine/views/builders/json.rb
+++ b/lib/redmine/views/builders/json.rb
@@ -27,7 +27,7 @@ module Redmine
           super
           callback = request.params[:callback] || request.params[:jsonp]
           if callback && Setting.jsonp_enabled?
-            self.jsonp = callback.to_s.gsub(/[^a-zA-Z0-9_]/, '')
+            self.jsonp = callback.to_s.gsub(/[^a-zA-Z0-9_.]/, '')
           end
         end
 
diff --git a/test/integration/api_test/jsonp_test.rb b/test/integration/api_test/jsonp_test.rb
index 5cb5f5d..16acc17 100644
--- a/test/integration/api_test/jsonp_test.rb
+++ b/test/integration/api_test/jsonp_test.rb
@@ -52,11 +52,11 @@ class Redmine::ApiTest::JsonpTest < Redmine::ApiTest::Base
 
   def test_jsonp_should_strip_invalid_characters_from_callback
     with_settings :jsonp_enabled => '1' do
-      get '/trackers.json?callback=+-aA$1_'
+      get '/trackers.json?callback=+-aA$1_.'
     end
 
     assert_response :success
-    assert_match %r{^aA1_\(\{"trackers":.+\}\)$}, response.body
+    assert_match %r{^aA1_.\(\{"trackers":.+\}\)$}, response.body
     assert_equal 'application/javascript; charset=utf-8', response.headers['Content-Type']
   end