fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-11 04:52:14 +09:00
Code Issues Projects Releases Packages Wiki Activity

RVE-2024-1 always escape DocumentItem->getTitleText()

Browse source
This commit is contained in:
Kijin Sung 2024-01-20 00:40:36 +09:00
parent a3650bb899
commit 152fb4e753
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
modules/document/document.item.php
View file

@ -495,7 +495,8 @@ class DocumentItem extends BaseObject
return; return;
} }
return $cut_size ? cut_str($this->get('title'), $cut_size, $tail) : $this->get('title'); $title = $cut_size ? cut_str($this->get('title'), $cut_size, $tail) : $this->get('title');
return escape($title, false);
} }
function getVoted() function getVoted()
@ -593,7 +594,7 @@ class DocumentItem extends BaseObject
return false; return false;
} }
$title = escape($this->getTitleText($cut_size, $tail), false); $title = $this->getTitleText($cut_size, $tail);
$this->add('title_color', trim($this->get('title_color') ?? '')); $this->add('title_color', trim($this->get('title_color') ?? ''));
$attrs = array(); $attrs = array();