fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-07 18:51:41 +09:00
Code Issues Projects Releases Packages Wiki Activity

fix #1231 SECISSUE

Browse source 
- `dispModuleFileBox` act에 `input` parameter를 이용한 XSS 취약점
- 제보 : 한국인터넷진흥원
This commit is contained in:
bnu 2015-02-04 13:53:48 +09:00
parent 97cae83049
commit 0f3140b491
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/module/module.view.php
View file

@ -140,6 +140,10 @@ class moduleView extends module
if($logged_info->is_admin !='Y' && !$logged_info->is_site_admin) return new Object(-1, 'msg_not_permitted');
$input_name = Context::get('input');
if(!preg_match('/^[a-z0-9_]+$/i', $input_name))
{
return new Object(-1, 'msg_invalid_request');
}
if(!$input_name) return new Object(-1, 'msg_not_permitted');