fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-22 04:39:55 +09:00
Code Issues Projects Releases Packages Wiki Activity

간단한 XSS 시도 체크 기능 추가

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/trunk@2270 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
zero 2007-08-09 06:03:06 +00:00
parent 109c58d126
commit 054e41fbbc
2 changed files with 11 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
classes/context/Context.class.php
View file

@ -85,6 +85,9 @@
}
}
if(!in_array($this->lang_type, $lang_supported)) $this->lang_type = $this->db_info->lang_type;
if(!$this->lang_type) $this->lang_type = "en";
Context::set('lang_supported', $lang_supported);
$this->setLangType($this->lang_type);
@ -402,6 +405,7 @@
if(!count($_REQUEST)) return;
foreach($_REQUEST as $key => $val) {
if($key == "page" || substr($key,-3)=="srl") $val = (int)$val;
if(is_array($val)) {
for($i=0;$i<count($val);$i++) {
if(get_magic_quotes_gpc()) $val[$i] = stripslashes($val[$i]);

9
classes/module/ModuleHandler.class.php
View file

@ -49,8 +49,13 @@
if(!$mid) $this->mid = Context::get('mid');
else $this->mid = $mid;
if(!$document_srl) $this->document_srl = Context::get('document_srl');
else $this->document_srl = $document_srl;
if(!$document_srl) $this->document_srl = (int)Context::get('document_srl');
else $this->document_srl = (int)$document_srl;
// 기본 변수들의 검사 (XSS방지를 위한 기초적 검사)
if($this->module && !eregi("^([a-z0-9\_\-]+)$",$this->module)) die(Context::getLang("msg_invalid_request"));
if($this->mid && !eregi("^([a-z0-9\_\-]+)$",$this->mid)) die(Context::getLang("msg_invalid_request"));
if($this->act && !eregi("^([a-z0-9\_\-]+)$",$this->act)) die(Context::getLang("msg_invalid_request"));
// 애드온 실행 (모듈 실행 전)
$called_position = 'before_module_init';