From 1ef2a4197159b1766b3d4bbc207bf5523a946025 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Sat, 20 Jan 2024 00:52:34 +0900 Subject: [PATCH] RVE-2024-2 prevent loading cache file as external page --- modules/page/lang/en.php | 3 +++ modules/page/lang/ko.php | 2 ++ modules/page/page.admin.controller.php | 20 ++++++++++++++++---- 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/modules/page/lang/en.php b/modules/page/lang/en.php index 5c337e8a5..5a68c233f 100644 --- a/modules/page/lang/en.php +++ b/modules/page/lang/en.php @@ -26,3 +26,6 @@ $lang->opage_proc_php = 'Execute PHP code'; $lang->opage_proc_tpl = 'Parse as Rhymix template'; $lang->page_management = 'Manage of page'; $lang->page_delete_warning = 'If you delete a page, the files of the page will be removed also.'; +$lang->msg_not_selected_page = 'Page not selected.'; +$lang->msg_invalid_opage_pc_path = 'Invalid path for the external document for PC.'; +$lang->msg_invalid_opage_mobile_path = 'Invalid path for the external document for Mobile.'; diff --git a/modules/page/lang/ko.php b/modules/page/lang/ko.php index e700d7c31..785dc867b 100644 --- a/modules/page/lang/ko.php +++ b/modules/page/lang/ko.php @@ -27,3 +27,5 @@ $lang->opage_proc_tpl = '템플릿 해석'; $lang->page_management = '페이지 관리'; $lang->page_delete_warning = '페이지를 삭제할 때 파일도 함께 삭제합니다'; $lang->msg_not_selected_page = '선택한 페이지가 없습니다.'; +$lang->msg_invalid_opage_pc_path = '사용할 수 없는 PC용 외부 문서 경로입니다.'; +$lang->msg_invalid_opage_mobile_path = '사용할 수 없는 모바일용 외부 문서 경로입니다.'; diff --git a/modules/page/page.admin.controller.php b/modules/page/page.admin.controller.php index 29201704d..8331623a8 100644 --- a/modules/page/page.admin.controller.php +++ b/modules/page/page.admin.controller.php @@ -19,15 +19,26 @@ class PageAdminController extends Page */ function procPageAdminInsert() { - // Create model/controller object of the module module - $oModuleController = getController('module'); - $oModuleModel = getModel('module'); // Set board module $args = Context::getRequestVars(); $args->module = 'page'; $args->mid = $args->page_name; //because if mid is empty in context, set start page mid $args->path = (!$args->path) ? '' : $args->path; $args->mpath = (!$args->mpath) ? '' : $args->mpath; + if (preg_match('!\bfiles/cache/!i', $args->path)) + { + $this->setError(-1); + $this->setMessage('msg_invalid_opage_pc_path'); + $this->setRedirectUrl(Context::get('success_return_url')); + return; + } + if (preg_match('!\bfiles/cache/!i', $args->mpath)) + { + $this->setError(-1); + $this->setMessage('msg_invalid_opage_mobile_path'); + $this->setRedirectUrl(Context::get('success_return_url')); + return; + } $args->opage_proc_php = $args->opage_proc_php ?? 'N'; $args->opage_proc_tpl = $args->opage_proc_tpl ?? 'N'; if ($args->opage_proc_tpl === 'Y') @@ -46,7 +57,7 @@ class PageAdminController extends Page if($args->module_srl) { $columnList = array('module_srl'); - $module_info = $oModuleModel->getModuleInfoByModuleSrl($args->module_srl, $columnList); + $module_info = ModuleModel::getModuleInfoByModuleSrl($args->module_srl, $columnList); if($module_info->module_srl != $args->module_srl) { unset($args->module_srl); @@ -86,6 +97,7 @@ class PageAdminController extends Page } } // Insert/update depending on module_srl + $oModuleController = ModuleController::getInstance(); if(!$args->module_srl) { $output = $oModuleController->insertModule($args);