fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-02 01:52:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

RVE-2022-3 filter skin parameter in poll module

Browse source
This commit is contained in:
Kijin Sung 2022-06-28 20:07:07 +09:00
parent 1672fd8cdc
commit 693fb9e041
2 changed files with 18 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

10
modules/poll/poll.model.php
View file

@ -320,7 +320,15 @@ class pollModel extends poll
*/
public function getPollGetColorsetList()
{
$skin = Context::get('skin');
$skin = Context::get('skin') ?: 'default';
if (!preg_match('/^[a-zA-Z0-9_-]+$/', $skin))
{
throw new Rhymix\Framework\Exceptions\InvalidRequest();
}
if (!Rhymix\Framework\Storage::isDirectory(RX_BASEDIR . 'modules/poll/skins/' . $skin))
{
$skin = 'default';
}
$oModuleModel = getModel('module');
$skin_info = $oModuleModel->loadSkinInfo($this->module_path, $skin);