fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-02 00:32:15 +09:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'develop' into pr/multidomain

Browse source
This commit is contained in:
Kijin Sung 2017-03-01 21:50:51 +09:00
commit 210b6b4147
75 changed files with 2102 additions and 425 deletions
Download patch file Download diff file Expand all files Collapse all files

9
common/framework/filters/htmlfilter.php
View file

@ -516,11 +516,16 @@ class HTMLFilter
{
return $attr[0];
}
if (preg_match('/^(?:on|data-|(?:accesskey|class|contextmenu|contenteditable|dir|draggable|dropzone|editor_component|hidden|id|lang|name|style|tabindex|title)$)/', $attrkey))
if (preg_match('/^(?:on|data-|(?:accesskey|class|contextmenu|contenteditable|dir|draggable|dropzone|editor_component|hidden|id|lang|name|style|tabindex|title|rx_encoded_properties)$)/i', $attrkey))
{
return $attr[0];
}
$attrs[$attrkey] = htmlspecialchars_decode($attr[2]);
$attrval = utf8_normalize_spaces(utf8_clean(html_entity_decode($attr[2])));
if (preg_match('/^javascript:/i', preg_replace('/\s+/', '', $attrval)))
{
return '';
}
$attrs[$attrkey] = $attrval;
return '';
}, $match[0]);
if ($tag === 'img' && !preg_match('/\ssrc="/', $html))

9
common/framework/session.php
View file

@ -1185,15 +1185,6 @@ class Session
public static function destroyCookiesFromConflictingDomains(array $cookies)
{
$override_domains = config('session.override_domains');
if ($override_domains === null && !Config::get('session.domain') && !ini_get('session.cookie_domain'))
{
list($lifetime, $refresh_interval, $domain, $path) = self::_getParams();
if (substr($domain, 0, 4) === 'www.')
{
$override_domains[] = $domain;
$override_domains[] = substr($domain, 4);
}
}
if (!$override_domains)
{
return false;