fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-03 16:51:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

RVE-2022-3 filter skin parameter in EditorView::dispEditorSkinColorset()

Browse source
This commit is contained in:
Kijin Sung 2022-06-28 20:08:06 +09:00
parent bc562b74ba
commit 3dfd78b729
1 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
modules/editor/editor.view.php
View file

@ -191,8 +191,13 @@ class editorView extends editor
function dispEditorSkinColorset()
{
$skin = Context::get('skin');
if (!preg_match('/^[a-zA-Z0-9_-]+$/', $skin))
{
throw new Rhymix\Framework\Exceptions\InvalidRequest();
}
$skin_info = ModuleModel::loadSkinInfo($this->module_path,$skin);
$colorset = $skin_info->colorset;
$colorset = $skin_info->colorset ?? null;
Context::set('colorset', $colorset);
}