fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-06 10:11:38 +09:00
Code Issues Projects Releases Packages Wiki Activity

Revert "fix #1978 회원정보의 서명에서 발생할 수 있는 취약점 해결"

Browse source 
This reverts commit 0765c73d04.

See: xpressengine/xe-core#1979
This commit is contained in:
Kijin Sung 2016-10-28 16:27:48 +09:00
parent e519d30688
commit 40c43e8fa0
2 changed files with 1 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/member/member.controller.php
View file

@ -1499,7 +1499,6 @@ class memberController extends member
{
$signature = trim(removeHackTag($signature));
$signature = preg_replace('/<(\/?)(embed|object|param)/is', '&lt;$1$2', $signature);
$signature = removeHackTag($signature);
$check_signature = trim(str_replace(array('&nbsp;',"\n","\r"),'',strip_tags($signature,'<img><object>')));
$path = sprintf('files/member_extra_info/signature/%s/', getNumberingPath($member_srl));

2
modules/member/member.model.php
View file

@ -1052,7 +1052,7 @@ class memberModel extends member
{
$buff = FileHandler::readFile($filename);
$signature = preg_replace('/<\?.*\?>/', '', $buff);
$GLOBALS['__member_info__']['signature'][$member_srl] = removeHackTag($signature);
$GLOBALS['__member_info__']['signature'][$member_srl] = $signature;
}
else $GLOBALS['__member_info__']['signature'][$member_srl] = null;
}