From 054e41fbbcfa1dc174d5bb66068af4aae91d6a68 Mon Sep 17 00:00:00 2001
From: zero <skklove@gmail.com>
Date: Thu, 9 Aug 2007 06:03:06 +0000
Subject: [PATCH] =?UTF-8?q?=EA=B0=84=EB=8B=A8=ED=95=9C=20XSS=20=EC=8B=9C?=
 =?UTF-8?q?=EB=8F=84=20=EC=B2=B4=ED=81=AC=20=EA=B8=B0=EB=8A=A5=20=EC=B6=94?=
 =?UTF-8?q?=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

git-svn-id: http://xe-core.googlecode.com/svn/trunk@2270 201d5d3c-b55e-5fd7-737f-ddc643e51545
---
 classes/context/Context.class.php      | 4 ++++
 classes/module/ModuleHandler.class.php | 9 +++++++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/classes/context/Context.class.php b/classes/context/Context.class.php
index 622fb4829..f4fee677b 100644
--- a/classes/context/Context.class.php
+++ b/classes/context/Context.class.php
@@ -85,6 +85,9 @@
                 }
             }
 
+            if(!in_array($this->lang_type, $lang_supported)) $this->lang_type = $this->db_info->lang_type;
+            if(!$this->lang_type) $this->lang_type = "en";
+
             Context::set('lang_supported', $lang_supported);
 
             $this->setLangType($this->lang_type);
@@ -402,6 +405,7 @@
             if(!count($_REQUEST)) return;
 
             foreach($_REQUEST as $key => $val) {
+                if($key == "page" || substr($key,-3)=="srl") $val = (int)$val;
                 if(is_array($val)) {
                     for($i=0;$i<count($val);$i++) {
                         if(get_magic_quotes_gpc()) $val[$i] = stripslashes($val[$i]);
diff --git a/classes/module/ModuleHandler.class.php b/classes/module/ModuleHandler.class.php
index 40d6ea8ca..b6e330ea9 100644
--- a/classes/module/ModuleHandler.class.php
+++ b/classes/module/ModuleHandler.class.php
@@ -49,8 +49,13 @@
             if(!$mid) $this->mid = Context::get('mid');
             else $this->mid = $mid;
 
-            if(!$document_srl) $this->document_srl = Context::get('document_srl');
-            else $this->document_srl = $document_srl;
+            if(!$document_srl) $this->document_srl = (int)Context::get('document_srl');
+            else $this->document_srl = (int)$document_srl;
+
+            // 기본 변수들의 검사 (XSS방지를 위한 기초적 검사)
+            if($this->module && !eregi("^([a-z0-9\_\-]+)$",$this->module)) die(Context::getLang("msg_invalid_request"));
+            if($this->mid && !eregi("^([a-z0-9\_\-]+)$",$this->mid)) die(Context::getLang("msg_invalid_request"));
+            if($this->act && !eregi("^([a-z0-9\_\-]+)$",$this->act)) die(Context::getLang("msg_invalid_request"));
 
             // 애드온 실행 (모듈 실행 전)
             $called_position = 'before_module_init';