mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-04-02 01:52:10 +09:00
merge changes of luminous to maserati (~r12676)
git-svn-id: http://xe-core.googlecode.com/svn/branches/maserati@12680 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
flyskyko
commit
0f04bd3f92
50 changed files with 784 additions and 265 deletions
|
|
@ -845,7 +845,7 @@ function removeHackTag($content)
|
|||
purifierHtml($content);
|
||||
|
||||
// change the specific tags to the common texts
|
||||
$content = preg_replace('@<(\/?(?:html|body|head|title|meta|base|link|script|style|applet)(/*)[\w\s>])@i', '<$1', $content);
|
||||
$content = preg_replace('@<(\/?(?:html|body|head|title|meta|base|link|script|style|applet)(/*).*?>)@i', '<$1', $content);
|
||||
|
||||
/**
|
||||
* Remove codes to abuse the admin session in src by tags of imaages and video postings
|
||||
|
|
@ -853,7 +853,7 @@ function removeHackTag($content)
|
|||
*/
|
||||
$content = preg_replace_callback('@<(/?)([a-z]+[0-9]?)((?>"[^"]*"|\'[^\']*\'|[^>])*?\b(?:on[a-z]+|data|style|background|href|(?:dyn|low)?src)\s*=[\s\S]*?)(/?)($|>|<)@i', 'removeSrcHack', $content);
|
||||
|
||||
// xmp tag ?•ì<EFBFBD>¸ ë°?추ê?
|
||||
// xmp tag ?뺤씤 è«??°ë¶½?
|
||||
$content = checkXmpTag($content);
|
||||
return $content;
|
||||
}
|
||||
|
|
@ -887,7 +887,7 @@ function removeSrcHack($match)
|
|||
{
|
||||
$tag = strtolower($match[2]);
|
||||
|
||||
// xmp tag ?•ë¦¬
|
||||
// xmp tag ?뺣â”<EFBFBD>
|
||||
if($tag=='xmp') return "<{$match[1]}xmp>";
|
||||
if($match[1]) return $match[0];
|
||||
if($match[4]) $match[4] = ' '.$match[4];
|
||||
|
|
@ -1223,6 +1223,38 @@ function requirePear()
|
|||
}
|
||||
}
|
||||
|
||||
function checkCSRF()
|
||||
{
|
||||
if($_SERVER['REQUEST_METHOD'] != 'POST')
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
$defaultUrl = Context::getDefaultUrl();
|
||||
$referer = parse_url($_SERVER["HTTP_REFERER"]);
|
||||
|
||||
$oModuleModel = &getModel('module');
|
||||
$siteModuleInfo = $oModuleModel->getDefaultMid();
|
||||
|
||||
if($siteModuleInfo->site_srl == 0)
|
||||
{
|
||||
if(!strstr(strtolower($defaultUrl), strtolower($referer['host'])))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$virtualSiteInfo = $oModuleModel->getSiteInfo($siteModuleInfo->site_srl);
|
||||
if(strtolower($virtualSiteInfo->domain) != strtolower(Context::get('vid')) && !strstr(strtolower($virtualSiteInfo->domain), strtolower($referer['host'])))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Print raw html header
|
||||
*
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue