fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-06 02:01:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

#18838841 : fixed XSS, CSRF vulnerability and version up to 1.4.0.11

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/sandbox@7366 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
haneul 2010-04-14 09:54:07 +00:00
parent cdd05eaeaa
commit 144d307e48
3 changed files with 10 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

9
modules/communication/communication.controller.php
View file

@ -85,7 +85,8 @@
}
function sendMessage($sender_srl, $receiver_srl, $title, $content, $sender_log = true) {
$content = removeHackTag($content);
$content = removeHackTag($content);
$title = htmlspecialchars($title);
// 보내는 사용자의 쪽지함에 넣을 쪽지
$sender_args->sender_srl = $sender_srl;
@ -346,7 +347,8 @@
// 변수 정리
$args->friend_group_srl = trim(Context::get('friend_group_srl'));
$args->member_srl = $logged_info->member_srl;
$args->title = Context::get('title');
$args->title = Context::get('title');
$args->title = htmlspecialchars($args->title);
if(!$args->title) return new Object(-1, 'msg_invalid_request');
// friend_group_srl이 있으면 수정
@ -376,7 +378,8 @@
// 변수 정리
$args->friend_group_srl= Context::get('friend_group_srl');
$args->member_srl = $logged_info->member_srl;
$args->title = Context::get('title');
$args->title = Context::get('title');
$args->title = htmlspecialchars($args->title);
if(!$args->title) return new Object(-1, 'msg_invalid_request');
$output = executeQuery('communication.renameFriendGroup', $args);