fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-31 17:19:59 +09:00
Code Issues Projects Releases Packages Wiki Activity

xss defense change

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@10227 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
ovclas 2012-02-28 05:18:21 +00:00
parent ab274266c5
commit 2634244f96
2 changed files with 1 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
classes/context/Context.class.php
View file

@ -758,6 +758,7 @@ class Context {
foreach($_FILES as $key => $val) { foreach($_FILES as $key => $val) {
$tmp_name = $val['tmp_name']; $tmp_name = $val['tmp_name'];
if(!$tmp_name || !is_uploaded_file($tmp_name)) continue; if(!$tmp_name || !is_uploaded_file($tmp_name)) continue;
$val['name'] = htmlspecialchars($val['name']);
$this->set($key, $val, true); $this->set($key, $val, true);
$this->is_uploaded = true; $this->is_uploaded = true;
} }

3
modules/file/file.controller.php
View file

@ -512,9 +512,6 @@
$args->member_srl = $member_srl; $args->member_srl = $member_srl;
$args->sid = md5(rand(rand(1111111,4444444),rand(4444445,9999999))); $args->sid = md5(rand(rand(1111111,4444444),rand(4444445,9999999)));
$security = new Security($args->source_filename);
$args->source_filename = $security->encodeHTML();
$output = executeQuery('file.insertFile', $args); $output = executeQuery('file.insertFile', $args);
if(!$output->toBool()) return $output; if(!$output->toBool()) return $output;
// Call a trigger (after) // Call a trigger (after)