fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-04 01:01:41 +09:00
Code Issues Projects Releases Packages Wiki Activity

Add option to restrict excessively large data: URLs in inline images, enabled by default, 64KB by default

Browse source
This commit is contained in:
Kijin Sung 2024-10-09 16:13:17 +09:00
parent 44608bbe90
commit 1a489a3f1c
4 changed files with 39 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

22
modules/board/board.controller.php
View file

@ -63,6 +63,17 @@ class BoardController extends Board
throw new Rhymix\Framework\Exception('msg_content_too_long');
}
// Return error if content conains excessively large data URLs.
$inline_data_url_limit = ($this->module_info->inline_data_url_limit ?: 64) * 1024;
preg_match_all('!src="\s*(data:[^,]*,[a-z0-9+/=%$!._-]+)!i', (string)$obj->content, $matches);
foreach ($matches[1] as $match)
{
if (strlen($match) > $inline_data_url_limit)
{
throw new Rhymix\Framework\Exception('msg_data_url_restricted');
}
}
// Check category
$category_list = DocumentModel::getCategoryList($this->module_srl);
if (count($category_list) > 0)
@ -472,6 +483,17 @@ class BoardController extends Board
throw new Rhymix\Framework\Exception('msg_content_too_long');
}
// Return error if content conains excessively large data URLs.
$inline_data_url_limit = ($this->module_info->inline_data_url_limit ?: 64) * 1024;
preg_match_all('!src="\s*(data:[^,]*,[a-z0-9+/=%$!._-]+)!i', (string)$obj->content, $matches);
foreach ($matches[1] as $match)
{
if (strlen($match) > $inline_data_url_limit)
{
throw new Rhymix\Framework\Exception('msg_data_url_restricted');
}
}
if(!$this->module_info->use_status) $this->module_info->use_status = 'PUBLIC';
if(!is_array($this->module_info->use_status))
{