fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-03 16:51:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'upstream/develop' into develop

Browse source
This commit is contained in:
Kijin Sung 2022-06-09 21:15:40 +09:00
commit 11e00b01d1
1 changed files with 9 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

18
modules/page/page.view.php
View file

@ -67,15 +67,6 @@ class pageView extends page
{
Context::set('module_srl', $this->module_srl);
}
// Kick out anyone who tries to exploit RVE-2022-2.
foreach (Context::getRequestVars() as $key => $val)
{
if (preg_match('/[\{\}\(\)<>\$\'"]/', $key) || preg_match('/[\{\}\(\)<>\$\'"]/', $val))
{
throw new Rhymix\Framework\Exceptions\SecurityViolation();
}
}
// Get page content according to page type.
$page_type_name = strtolower($this->module_info->page_type);
@ -167,6 +158,15 @@ class pageView extends page
return;
}
// Kick out anyone who tries to exploit RVE-2022-2.
foreach (Context::getRequestVars() as $key => $val)
{
if (preg_match('/[\{\}\(\)<>\$\'"]/', $key) || preg_match('/[\{\}\(\)<>\$\'"]/', $val))
{
throw new Rhymix\Framework\Exceptions\SecurityViolation();
}
}
// External URL
if (preg_match('!^[a-z]+://!i', $this->path))
{