fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-22 12:49:55 +09:00
Code Issues Projects Releases Packages Wiki Activity

간단한 XSS 시도 체크 기능 추가

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/trunk@2270 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
zero 2007-08-09 06:03:06 +00:00
parent 109c58d126
commit 054e41fbbc
2 changed files with 11 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

9
classes/module/ModuleHandler.class.php
View file

@ -49,8 +49,13 @@
if(!$mid) $this->mid = Context::get('mid');
else $this->mid = $mid;
if(!$document_srl) $this->document_srl = Context::get('document_srl');
else $this->document_srl = $document_srl;
if(!$document_srl) $this->document_srl = (int)Context::get('document_srl');
else $this->document_srl = (int)$document_srl;
// 기본 변수들의 검사 (XSS방지를 위한 기초적 검사)
if($this->module && !eregi("^([a-z0-9\_\-]+)$",$this->module)) die(Context::getLang("msg_invalid_request"));
if($this->mid && !eregi("^([a-z0-9\_\-]+)$",$this->mid)) die(Context::getLang("msg_invalid_request"));
if($this->act && !eregi("^([a-z0-9\_\-]+)$",$this->act)) die(Context::getLang("msg_invalid_request"));
// 애드온 실행 (모듈 실행 전)
$called_position = 'before_module_init';