fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-06 18:21:39 +09:00
Code Issues Projects Releases Packages Wiki Activity

Reapply "Fix #2005 XEVE-16-008 XSS 방지 및 XSS를 통해 특정 명령을 실행할 수 있는 보안취약점 해결"

Browse source 
This reverts commit e9f9bec9ca.
This commit is contained in:
Kijin Sung 2017-01-12 15:21:44 +09:00
parent e9f9bec9ca
commit 1577955664
8 changed files with 19 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
modules/menu/menu.admin.controller.php
View file

@ -1975,20 +1975,23 @@ class menuAdminController extends menu
// Get data from child nodes if exist.
if($menu_item_srl&&$tree[$menu_item_srl]) $child_output = $this->getPhpCacheCode($tree[$menu_item_srl], $tree, $site_srl, $domain);
else $child_output = array("buff"=>"", "url_list"=>array());
// List variables
$names = $oMenuAdminModel->getMenuItemNames($node->name, $site_srl);
unset($name_arr_str);
foreach($names as $key => $val)
{
$name_arr_str .= sprintf('"%s"=>"%s",',$key, str_replace(array('\\','"'),array('\\\\','"'),$val));
$name_arr_str .= sprintf('"%s"=>\'%s\',', $key, str_replace(array('\\','\''), array('\\\\','\\\''), strip_tags($val)));
}
$name_str = sprintf('$_menu_names[%d] = array(%s); %s', $node->menu_item_srl, $name_arr_str, $child_output['name']);
// If url value is not empty in the current node, put the value into an array url_list
if($node->url) $child_output['url_list'][] = $node->url;
$output['url_list'] = array_merge($output['url_list'], $child_output['url_list']);
// If node->group_srls value exists
if($node->group_srls)$group_check_code = sprintf('($is_admin==true||(is_array($group_srls)&&count(array_intersect($group_srls, array(%s))))||($is_logged && %s))',$node->group_srls,$node->group_srls == -1?1:0);
else $group_check_code = "true";
// List variables
$href = str_replace(array('&','"','<','>'),array('&amp;','&quot;','&lt;','&gt;'),$node->href);
$url = str_replace(array('&','"','<','>'),array('&amp;','&quot;','&lt;','&gt;'),$node->url);
@ -2042,10 +2045,10 @@ class menuAdminController extends menu
}
// Create properties (check if it belongs to the menu node by url_list. It looks a trick but fast and powerful)
$attribute = sprintf(
'"node_srl"=>"%s","parent_srl"=>"%s","menu_name_key"=>\'%s\',"isShow"=>(%s?true:false),"text"=>(%s?$_menu_names[%d][$lang_type]:""),"href"=>(%s?%s:""),"url"=>(%s?"%s":""),"is_shortcut"=>"%s","desc"=>\'%s\',"open_window"=>"%s","normal_btn"=>"%s","hover_btn"=>"%s","active_btn"=>"%s","selected"=>(array(%s)&&in_array(Context::get("mid"),array(%s))?1:0),"expand"=>"%s", "list"=>array(%s), "link"=>(%s? ( array(%s)&&in_array(Context::get("mid"),array(%s)) ?%s:%s):""),',
'"node_srl" => %d, "parent_srl" => %d, "menu_name_key" => \'%s\', "isShow" => (%s ? true : false), "text" => (%s ? $_menu_names[%d][$lang_type] : ""), "href" => (%s ? %s : ""), "url" => (%s ? "%s" : ""), "is_shortcut" => "%s", "desc" => \'%s\', "open_window" => "%s", "normal_btn" => "%s", "hover_btn" => "%s", "active_btn" => "%s", "selected" => (array(%s) && in_array(Context::get("mid"), array(%s)) ? 1 : 0), "expand" => \'%s\', "list" => array(%s), "link" => (%s ? (array(%s) && in_array(Context::get("mid"), array(%s)) ? %s : %s) : ""),',
$node->menu_item_srl,
$node->parent_srl,
addslashes($node->name),
strip_tags(addslashes($node->name)),
$group_check_code,
$group_check_code,
$node->menu_item_srl,