fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-06 18:21:39 +09:00
Code Issues Projects Releases Packages Wiki Activity

Remove _rx_ajax_compat and _rx_csrf_token from request vars

Browse source 
JSON/XMLRPC 호환성 확보와 CSRF 공격 방지를 위해 사용되는 이 변수들이
Context::getRequestVars()에 포함되어 불필요하게 여기저기 저장되거나
URL에 포함되어 나오는 문제를 방지합니다.
This commit is contained in:
Kijin Sung 2017-07-02 21:46:50 +09:00
parent 107765a19d
commit 5ae15f4b66
2 changed files with 16 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

22
classes/context/Context.class.php
View file

@ -176,7 +176,15 @@ class Context
/**
* Reserved words cache
*/
private static $_reserved = null;
private static $_reserved_words = null;
/**
* Reserved keys cache
*/
private static $_reserved_keys = array(
'_rx_ajax_compat' => true,
'_rx_csrf_token' => true,
);
/**
* Singleton instance
@ -1157,7 +1165,7 @@ class Context
$requestMethod = self::getRequestMethod();
foreach($_REQUEST as $key => $val)
{
if($val === '' || self::get($key))
if($val === '' || isset(self::$_reserved_keys[$key]) || self::get($key))
{
continue;
}
@ -2510,16 +2518,16 @@ class Context
*/
public static function isReservedWord($word)
{
if (self::$_reserved === null)
if (self::$_reserved_words === null)
{
self::$_reserved = (include RX_BASEDIR . 'common/defaults/reserved.php');
if (!is_array(self::$_reserved))
self::$_reserved_words = (include RX_BASEDIR . 'common/defaults/reserved.php');
if (!is_array(self::$_reserved_words))
{
self::$_reserved = array();
self::$_reserved_words = array();
}
}
return isset(self::$_reserved[$word]);
return isset(self::$_reserved_words[$word]);
}
/**