fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-02 16:52:16 +09:00
Code Issues Projects Releases Packages Wiki Activity

Revert "fix #1978 회원정보의 서명에서 발생할 수 있는 취약점 해결"

Browse source 
This reverts commit 0765c73d04.

See: xpressengine/xe-core#1979
This commit is contained in:
Kijin Sung 2016-10-28 16:27:48 +09:00
parent e519d30688
commit 40c43e8fa0
2 changed files with 1 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/member/member.controller.php
View file

@ -1499,7 +1499,6 @@ class memberController extends member
{ {
$signature = trim(removeHackTag($signature)); $signature = trim(removeHackTag($signature));
$signature = preg_replace('/<(\/?)(embed|object|param)/is', '&lt;$1$2', $signature); $signature = preg_replace('/<(\/?)(embed|object|param)/is', '&lt;$1$2', $signature);
$signature = removeHackTag($signature);
$check_signature = trim(str_replace(array('&nbsp;',"\n","\r"),'',strip_tags($signature,'<img><object>'))); $check_signature = trim(str_replace(array('&nbsp;',"\n","\r"),'',strip_tags($signature,'<img><object>')));
$path = sprintf('files/member_extra_info/signature/%s/', getNumberingPath($member_srl)); $path = sprintf('files/member_extra_info/signature/%s/', getNumberingPath($member_srl));

2
modules/member/member.model.php
View file

@ -1052,7 +1052,7 @@ class memberModel extends member
{ {
$buff = FileHandler::readFile($filename); $buff = FileHandler::readFile($filename);
$signature = preg_replace('/<\?.*\?>/', '', $buff); $signature = preg_replace('/<\?.*\?>/', '', $buff);
$GLOBALS['__member_info__']['signature'][$member_srl] = removeHackTag($signature); $GLOBALS['__member_info__']['signature'][$member_srl] = $signature;
} }
else $GLOBALS['__member_info__']['signature'][$member_srl] = null; else $GLOBALS['__member_info__']['signature'][$member_srl] = null;
} }