fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-02-01 01:29:58 +09:00
Code Issues Projects Releases Packages Wiki Activity

#1012 multimedia_link XSS 취약점

Browse source
This commit is contained in:
Solid0 2014-10-20 19:03:22 +09:00 committed by bnu
parent 5f50740d96
commit 4b56f1b777
3 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

6
common/js/common.js
View file

@ -416,7 +416,7 @@ function _displayMultimedia(src, width, height, options) {
if(/\.(gif|jpg|jpeg|bmp|png)$/i.test(src)){ if(/\.(gif|jpg|jpeg|bmp|png)$/i.test(src)){
html = '<img src="'+src+'" width="'+width+'" height="'+height+'" />'; html = '<img src="'+src+'" width="'+width+'" height="'+height+'" />';
} else if(/\.flv$/i.test(src) || /\.mov$/i.test(src) || /\.moov$/i.test(src) || /\.m4v$/i.test(src)) { } else if(/\.flv$/i.test(src) || /\.mov$/i.test(src) || /\.moov$/i.test(src) || /\.m4v$/i.test(src)) {
html = '<embed src="'+request_uri+'common/img/flvplayer.swf" allowfullscreen="true" autostart="'+autostart+'" width="'+width+'" height="'+height+'" flashvars="&file='+src+'&width='+width+'&height='+height+'&autostart='+autostart+'" wmode="'+params.wmode+'" />'; html = '<embed src="'+request_uri+'common/img/flvplayer.swf" allowfullscreen="true" allowscriptaccess="never" autostart="'+autostart+'" width="'+width+'" height="'+height+'" flashvars="&file='+src+'&width='+width+'&height='+height+'&autostart='+autostart+'" wmode="'+params.wmode+'" />';
} else if(/\.swf/i.test(src)) { } else if(/\.swf/i.test(src)) {
clsid = 'clsid:D27CDB6E-AE6D-11cf-96B8-444553540000'; clsid = 'clsid:D27CDB6E-AE6D-11cf-96B8-444553540000';
@ -429,14 +429,14 @@ function _displayMultimedia(src, width, height, options) {
html += '<param name="'+name+'" value="'+params[name]+'" />'; html += '<param name="'+name+'" value="'+params[name]+'" />';
} }
} }
html += '' + '<embed src="'+src+'" autostart="'+autostart+'" width="'+width+'" height="'+height+'" flashvars="'+params.flashvars+'" wmode="'+params.wmode+'"></embed>' + '</object>'; html += '' + '<embed src="'+src+'" allowscriptaccess="never" autostart="'+autostart+'" width="'+width+'" height="'+height+'" flashvars="'+params.flashvars+'" wmode="'+params.wmode+'"></embed>' + '</object>';
} else { } else {
if (jQuery.browser.mozilla || jQuery.browser.opera) { if (jQuery.browser.mozilla || jQuery.browser.opera) {
// firefox and opera uses 0 or 1 for autostart parameter. // firefox and opera uses 0 or 1 for autostart parameter.
autostart = (params.autostart && params.autostart != 'false') ? '1' : '0'; autostart = (params.autostart && params.autostart != 'false') ? '1' : '0';
} }
html = '<embed src="'+src+'" autostart="'+autostart+'" width="'+width+'" height="'+height+'"'; html = '<embed src="'+src+'" allowscriptaccess="never" autostart="'+autostart+'" width="'+width+'" height="'+height+'"';
if(params.wmode == 'transparent') { if(params.wmode == 'transparent') {
html += ' windowlessvideo="1"'; html += ' windowlessvideo="1"';
} }

6
common/js/xe.js
View file

@ -415,7 +415,7 @@ function _displayMultimedia(src, width, height, options) {
if(/\.(gif|jpg|jpeg|bmp|png)$/i.test(src)){ if(/\.(gif|jpg|jpeg|bmp|png)$/i.test(src)){
html = '<img src="'+src+'" width="'+width+'" height="'+height+'" />'; html = '<img src="'+src+'" width="'+width+'" height="'+height+'" />';
} else if(/\.flv$/i.test(src) || /\.mov$/i.test(src) || /\.moov$/i.test(src) || /\.m4v$/i.test(src)) { } else if(/\.flv$/i.test(src) || /\.mov$/i.test(src) || /\.moov$/i.test(src) || /\.m4v$/i.test(src)) {
html = '<embed src="'+request_uri+'common/img/flvplayer.swf" allowfullscreen="true" autostart="'+autostart+'" width="'+width+'" height="'+height+'" flashvars="&file='+src+'&width='+width+'&height='+height+'&autostart='+autostart+'" wmode="'+params.wmode+'" />'; html = '<embed src="'+request_uri+'common/img/flvplayer.swf" allowfullscreen="true" allowscriptaccess="never" autostart="'+autostart+'" width="'+width+'" height="'+height+'" flashvars="&file='+src+'&width='+width+'&height='+height+'&autostart='+autostart+'" wmode="'+params.wmode+'" />';
} else if(/\.swf/i.test(src)) { } else if(/\.swf/i.test(src)) {
clsid = 'clsid:D27CDB6E-AE6D-11cf-96B8-444553540000'; clsid = 'clsid:D27CDB6E-AE6D-11cf-96B8-444553540000';
@ -428,14 +428,14 @@ function _displayMultimedia(src, width, height, options) {
html += '<param name="'+name+'" value="'+params[name]+'" />'; html += '<param name="'+name+'" value="'+params[name]+'" />';
} }
} }
html += '' + '<embed src="'+src+'" autostart="'+autostart+'" width="'+width+'" height="'+height+'" flashvars="'+params.flashvars+'" wmode="'+params.wmode+'"></embed>' + '</object>'; html += '' + '<embed src="'+src+'" allowscriptaccess="never" autostart="'+autostart+'" width="'+width+'" height="'+height+'" flashvars="'+params.flashvars+'" wmode="'+params.wmode+'"></embed>' + '</object>';
} else { } else {
if (jQuery.browser.mozilla || jQuery.browser.opera) { if (jQuery.browser.mozilla || jQuery.browser.opera) {
// firefox and opera uses 0 or 1 for autostart parameter. // firefox and opera uses 0 or 1 for autostart parameter.
autostart = (params.autostart && params.autostart != 'false') ? '1' : '0'; autostart = (params.autostart && params.autostart != 'false') ? '1' : '0';
} }
html = '<embed src="'+src+'" autostart="'+autostart+'" width="'+width+'" height="'+height+'"'; html = '<embed src="'+src+'" allowscriptaccess="never" autostart="'+autostart+'" width="'+width+'" height="'+height+'"';
if(params.wmode == 'transparent') { if(params.wmode == 'transparent') {
html += ' windowlessvideo="1"'; html += ' windowlessvideo="1"';
} }

2
common/js/xe.min.js vendored
View file

File diff suppressed because one or more lines are too long