fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-10 20:44:28 +09:00
Code Issues Projects Releases Packages Wiki Activity

RVE-2022-3 filter skin parameter in poll module

Browse source
This commit is contained in:
Kijin Sung 2022-06-28 20:07:07 +09:00
parent 1672fd8cdc
commit 693fb9e041
2 changed files with 18 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

20
modules/poll/poll.controller.php
View file

@ -349,18 +349,9 @@ class pollController extends poll
$oDB->commit(); $oDB->commit();
//$skin = Context::get('skin');
//if(!$skin || !is_dir(RX_BASEDIR . 'modules/poll/skins/'.$skin)) $skin = 'default';
// Get tpl
//$tpl = $oPollModel->getPollHtml($poll_srl, '', $skin);
$this->add('poll_srl', $poll_srl); $this->add('poll_srl', $poll_srl);
$this->add('poll_item_srl',$item_srls); $this->add('poll_item_srl',$item_srls);
//$this->add('tpl',$tpl);
$this->setMessage('success_poll'); $this->setMessage('success_poll');
//$returnUrl = Context::get('success_return_url') ? Context::get('success_return_url') : getNotEncodedUrl('', 'module', 'admin', 'act', 'dispPollAdminConfig');
//$this->setRedirectUrl($returnUrl);
} }
/** /**
@ -370,8 +361,15 @@ class pollController extends poll
{ {
$poll_srl = Context::get('poll_srl'); $poll_srl = Context::get('poll_srl');
$skin = Context::get('skin'); $skin = Context::get('skin') ?: 'default';
if(!$skin || !is_dir(RX_BASEDIR . 'modules/poll/skins/'.$skin)) $skin = 'default'; if (!preg_match('/^[a-zA-Z0-9_-]+$/', $skin))
{
throw new Rhymix\Framework\Exceptions\InvalidRequest();
}
if (!Rhymix\Framework\Storage::isDirectory(RX_BASEDIR . 'modules/poll/skins/' . $skin))
{
$skin = 'default';
}
$oPollModel = getModel('poll'); $oPollModel = getModel('poll');
$tpl = $oPollModel->getPollResultHtml($poll_srl, $skin); $tpl = $oPollModel->getPollResultHtml($poll_srl, $skin);

10
modules/poll/poll.model.php
View file

@ -320,7 +320,15 @@ class pollModel extends poll
*/ */
public function getPollGetColorsetList() public function getPollGetColorsetList()
{ {
$skin = Context::get('skin'); $skin = Context::get('skin') ?: 'default';
if (!preg_match('/^[a-zA-Z0-9_-]+$/', $skin))
{
throw new Rhymix\Framework\Exceptions\InvalidRequest();
}
if (!Rhymix\Framework\Storage::isDirectory(RX_BASEDIR . 'modules/poll/skins/' . $skin))
{
$skin = 'default';
}
$oModuleModel = getModel('module'); $oModuleModel = getModel('module');
$skin_info = $oModuleModel->loadSkinInfo($this->module_path, $skin); $skin_info = $oModuleModel->loadSkinInfo($this->module_path, $skin);