fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-02 01:52:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

Add defenses against XEVE-19-008

Browse source 
xpressengine/xe-core@1f048c94
This commit is contained in:
Kijin Sung 2019-11-22 21:33:59 +09:00
parent 2dd78849cf
commit 00e70f80df
4 changed files with 64 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/editor/editor.model.php
View file

@ -645,6 +645,7 @@ class editorModel extends editor
$lang_type = Context::getLangType();
// Get xml file path of the requested components
$component = preg_replace('/[^a-zA-Z0-9-_]/', '', $component);
$component_path = sprintf('%s/components/%s/', $this->module_path, $component);
$xml_file = sprintf('%sinfo.xml', $component_path);