fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-12 07:11:42 +09:00
Code Issues Projects Releases Packages Wiki Activity

#2127 에디터 컴포넌트에 관련한 보안 문제 고침

Browse source
This commit is contained in:
bnu 2017-08-10 16:11:32 +09:00 committed by Kijin Sung
parent d0d5e81e08
commit 3b557978e9
3 changed files with 15 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
modules/editor/editor.admin.view.php
View file

@ -104,6 +104,12 @@ class editorAdminView extends editor
// Get information of the editor component // Get information of the editor component
$oEditorModel = getModel('editor'); $oEditorModel = getModel('editor');
$component = $oEditorModel->getComponent($component_name,$site_srl); $component = $oEditorModel->getComponent($component_name,$site_srl);
if(!$component->component_name) {
$this->stop('msg_invalid_request');
return;
}
Context::set('component', $component); Context::set('component', $component);
// Get a group list to set a group // Get a group list to set a group
$oMemberModel = getModel('member'); $oMemberModel = getModel('member');
@ -138,7 +144,7 @@ class editorAdminView extends editor
//Security //Security
$security = new Security(); $security = new Security();
$security->encodeHTML('group_list..title'); $security->encodeHTML('group_list..title');
$security->encodeHTML('component...'); $security->encodeHTML('component...', 'component_name');
$security->encodeHTML('mid_list..title','mid_list..list..browser_title'); $security->encodeHTML('mid_list..title','mid_list..list..browser_title');
$this->setTemplatePath($this->module_path.'tpl'); $this->setTemplatePath($this->module_path.'tpl');

2
modules/editor/editor.model.php
View file

@ -694,6 +694,8 @@ class editorModel extends editor
} }
$component = $output->data; $component = $output->data;
if(!$output->data) return false;
$component_name = $component->component_name; $component_name = $component->component_name;
unset($xml_info); unset($xml_info);

6
modules/editor/editor.view.php
View file

@ -62,6 +62,12 @@ class editorView extends editor
$oEditorModel = getModel('editor'); $oEditorModel = getModel('editor');
$component = $oEditorModel->getComponent($component_name, $site_srl); $component = $oEditorModel->getComponent($component_name, $site_srl);
if(!$component->component_name) {
$this->stop('msg_invalid_request');
return;
}
Context::set('component', $component); Context::set('component', $component);
$this->setTemplatePath($this->module_path.'tpl'); $this->setTemplatePath($this->module_path.'tpl');