mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-04 17:21:39 +09:00
Fix open redirect in ncenterlite module
This commit is contained in:
Kijin Sung
parent
05df47f4e1
commit
290ee0974d
3 changed files with 49 additions and 5 deletions
|
|
@ -985,9 +985,19 @@ class ncenterliteController extends ncenterlite
|
|||
function procNcenterliteRedirect()
|
||||
{
|
||||
$logged_info = Context::get('logged_info');
|
||||
$url = Context::get('url');
|
||||
if(!$logged_info || !$logged_info->member_srl)
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\MustLogin;
|
||||
}
|
||||
|
||||
$notify = Context::get('notify');
|
||||
if(!$logged_info || !$url || !$notify)
|
||||
if(!strlen($notify))
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
|
||||
$notify_info = getModel('ncenterlite')->getNotification($notify, $logged_info->member_srl);
|
||||
if (!$notify_info)
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
|
|
@ -998,8 +1008,7 @@ class ncenterliteController extends ncenterlite
|
|||
return $output;
|
||||
}
|
||||
|
||||
$url = str_replace('&', '&', $url);
|
||||
header('Location: ' . $url, TRUE, 302);
|
||||
header('Location: ' . $notify_info->target_url, true, 302);
|
||||
Context::close();
|
||||
exit;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -188,7 +188,7 @@ class ncenterliteModel extends ncenterlite
|
|||
{
|
||||
$v->text = $this->getNotificationText($v);
|
||||
$v->ago = $this->getAgo($v->regdate);
|
||||
$v->url = getUrl('','act','procNcenterliteRedirect', 'notify', $v->notify, 'url', $v->target_url);
|
||||
$v->url = getUrl('','act','procNcenterliteRedirect', 'notify', $v->notify);
|
||||
if($v->target_member_srl)
|
||||
{
|
||||
$profileImage = $oMemberModel->getProfileImage($v->target_member_srl);
|
||||
|
|
@ -405,6 +405,29 @@ class ncenterliteModel extends ncenterlite
|
|||
$this->add('colorset_list', $colorsets);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get information about a single notification.
|
||||
*
|
||||
* @param string $notify
|
||||
* @param int $member_srl
|
||||
* @return object|false
|
||||
*/
|
||||
public function getNotification($notify, $member_srl)
|
||||
{
|
||||
$args = new stdClass;
|
||||
$args->notify = $notify;
|
||||
$args->member_srl = $member_srl;
|
||||
$output = executeQuery('ncenterlite.getNotify', $args);
|
||||
if ($output->toBool() && $output->data)
|
||||
{
|
||||
return $output->data;
|
||||
}
|
||||
else
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the notification text.
|
||||
*
|
||||
|
|
|
|||
12
modules/ncenterlite/queries/getNotify.xml
Normal file
12
modules/ncenterlite/queries/getNotify.xml
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
<query id="getNotify" action="select">
|
||||
<tables>
|
||||
<table name="ncenterlite_notify" />
|
||||
</tables>
|
||||
<columns>
|
||||
<column name="*" />
|
||||
</columns>
|
||||
<conditions>
|
||||
<condition operation="equal" column="notify" var="notify" notnull="notnull" />
|
||||
<condition operation="equal" column="member_srl" var="member_srl" filter="number" notnull="notnull" pipe="and" />
|
||||
</conditions>
|
||||
</query>
|
||||
Loading…
Add table
Add a link
Reference in a new issue