fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-03 16:51:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

RVE-2024-1 always escape DocumentItem->getTitleText()

Browse source
This commit is contained in:
Kijin Sung 2024-01-20 00:40:36 +09:00
parent a3650bb899
commit 152fb4e753
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
modules/document/document.item.php
View file

@ -495,7 +495,8 @@ class DocumentItem extends BaseObject
return;
}
return $cut_size ? cut_str($this->get('title'), $cut_size, $tail) : $this->get('title');
$title = $cut_size ? cut_str($this->get('title'), $cut_size, $tail) : $this->get('title');
return escape($title, false);
}
function getVoted()
@ -593,7 +594,7 @@ class DocumentItem extends BaseObject
return false;
}
$title = escape($this->getTitleText($cut_size, $tail), false);
$title = $this->getTitleText($cut_size, $tail);
$this->add('title_color', trim($this->get('title_color') ?? ''));
$attrs = array();