fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-09 12:02:24 +09:00
Code Issues Projects Releases Packages Wiki Activity

Additional XSS checks #1088

Browse source
This commit is contained in:
Kijin Sung 2018-09-18 13:27:55 +09:00
parent e03ccbd7a9
commit 19331e6746
2 changed files with 12 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

17
classes/context/Context.class.php
View file

@ -1407,20 +1407,17 @@ class Context
} }
elseif($_val = trim($_val)) elseif($_val = trim($_val))
{ {
if(in_array($key, array('page', 'cpage')) || ends_with('srl', $key, false)) if(in_array($key, array('page', 'cpage')) || ends_with('srl', $key, false) && preg_match('/[^0-9,]/', $_val))
{ {
if(preg_match('/[^0-9,]/', $_val)) $_val = (int)$_val;
{
$_val = (int)$_val;
}
} }
elseif(in_array($key, array('mid', 'search_keyword', 'xe_validator_id'))) elseif(in_array($key, array('mid', 'vid', 'search_target', 'search_keyword', 'xe_validator_id')) || count($_GET))
{ {
$_val = escape($_val, false); $_val = escape($_val, false);
} if(ends_with('url', $key, false))
elseif($key === 'vid') {
{ $_val = strtr($_val, array('&' => '&'));
$_val = urlencode($_val); }
} }
} }
$result[escape($_key)] = $_val; $result[escape($_key)] = $_val;

6
classes/security/UploadFileFilter.class.php
View file

@ -67,7 +67,11 @@ class UploadFileFilter
*/ */
protected static function _checkSVG($fp, $from, $to) protected static function _checkSVG($fp, $from, $to)
{ {
if (self::_matchStream('/<script|xlink:href\s*=\s*"(?!data:)/i', $fp, $from, $to)) if (self::_matchStream('/<script|<handler\b|xlink:href\s*=\s*"(?!data:)/i', $fp, $from, $to))
{
return false;
}
if (self::_matchStream('/\b(?:ev:(?:event|listener|observer)|on[a-z]+)\s*=/i', $fp, $from, $to))
{ {
return false; return false;
} }