Fix - PHP: Validate the JSONP callback as a valid Javascript function

.datatables-commit-sync

@@ -1 +1 @@
-a93fb4bfd244230f71f8c9dea10102f0b1cb4ff0
+76239c3054300b0e3658a9ab2fce901c255d1537

examples/server_side/scripts/jsonp.php

@@ -63,7 +63,14 @@ $sql_details = array(
  */
 require( 'ssp.class.php' );
 
-echo $_GET['callback'].'('.json_encode(
-	SSP::simple( $_GET, $sql_details, $table, $primaryKey, $columns )
-).');';
+// Validate the JSONP to make use it is an okay Javascript function to execute
+$jsonp = preg_match('/^[$A-Z_][0-9A-Z_$]*$/i', $_GET['callback']) ?
+	$_GET['callback'] :
+	false;
+
+if ( $jsonp ) {
+	echo $jsonp.'('.json_encode(
+		SSP::simple( $_GET, $sql_details, $table, $primaryKey, $columns )
+	).');';
+}