Add defenses against XEVE-19-008

xpressengine/xe-core@1f048c94
This commit is contained in:
Kijin Sung 2019-11-22 21:33:59 +09:00
parent 2dd78849cf
commit 00e70f80df
4 changed files with 64 additions and 61 deletions

View file

@ -22,7 +22,8 @@ class moduleView extends module
function dispModuleSkinInfo()
{
$selected_module = Context::get('selected_module');
$skin = Context::get('skin');
$skin = preg_replace('/[^a-zA-Z0-9-_]/', '', Context::get('skin'));
// Get modules/skin information
$module_path = sprintf("./modules/%s/", $selected_module);
if(!is_dir($module_path)) throw new Rhymix\Framework\Exceptions\InvalidRequest;