fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-07 10:41:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

XSS, Webshell defence

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.3.2@12278 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
ovclas 2012-11-22 02:37:50 +00:00
parent fdcafe536e
commit 0c0604d24d
2 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
modules/document/document.admin.view.php
View file

@ -59,6 +59,9 @@
Context::set('status_name_list', $statusNameList);
Context::set('page_navigation', $output->page_navigation);
$oSecurity = new Security();
$oSecurity->encodeHTML('document_list..variables.');
// set a search option used in the template
$count_search_option = count($this->search_option);
for($i=0;$i<$count_search_option;$i++) {

2
modules/install/install.admin.controller.php
View file

@ -150,7 +150,7 @@
$buff = '<?php if(!defined("__ZBXE__")) exit();'."\n";
foreach($ftp_info as $key => $val) {
if(!$val) continue;
if(preg_match('/(<\?|<\?php|\?>)/xsm', preg_replace('/\s/', '', $val)))
if(preg_match('/(<\?|<\?php|\?>|fputs|fopen|fwrite|fgets|fread|\/\*|\*\/|chr\()/xsm', preg_replace('/\s/', '', $val)))
{
continue;
}