fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-23 20:32:14 +09:00
Code Issues Projects Releases Packages Wiki Activity

Add defenses against XEVE-19-008

Browse source 
xpressengine/xe-core@1f048c94
This commit is contained in:
Kijin Sung 2019-11-22 21:33:59 +09:00
parent 2dd78849cf
commit 00e70f80df
4 changed files with 64 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

3
modules/module/module.view.php
View file

@ -22,7 +22,8 @@ class moduleView extends module
function dispModuleSkinInfo()
{
$selected_module = Context::get('selected_module');
$skin = Context::get('skin');
$skin = preg_replace('/[^a-zA-Z0-9-_]/', '', Context::get('skin'));
// Get modules/skin information
$module_path = sprintf("./modules/%s/", $selected_module);
if(!is_dir($module_path)) throw new Rhymix\Framework\Exceptions\InvalidRequest;