fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-19 18:32:52 +09:00
Code Issues Projects Releases Packages Wiki Activity

Fix XEVE-18-006

Browse source
This commit is contained in:
Kijin Sung 2018-12-18 15:50:45 +09:00
parent 6b209f64da
commit 6a9a884680
7 changed files with 56 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

14
modules/comment/comment.controller.php
View file

@ -393,6 +393,12 @@ class commentController extends comment
// Remove manual member info to prevent forgery. This variable can be set by triggers only.
unset($obj->manual_member_info);
// Sanitize variables
$obj->comment_srl = intval($obj->comment_srl);
$obj->module_srl = intval($obj->module_srl);
$obj->document_srl = intval($obj->document_srl);
$obj->parent_srl = intval($obj->parent_srl);
// call a trigger (before)
$output = ModuleHandler::triggerCall('comment.insertComment', 'before', $obj);
if(!$output->toBool())
@ -756,7 +762,13 @@ class commentController extends comment
// Remove manual member info to prevent forgery. This variable can be set by triggers only.
unset($obj->manual_member_info);
// Sanitize variables
$obj->comment_srl = intval($obj->comment_srl);
$obj->module_srl = intval($obj->module_srl);
$obj->document_srl = intval($obj->document_srl);
$obj->parent_srl = intval($obj->parent_srl);
// call a trigger (before)
$output = ModuleHandler::triggerCall('comment.updateComment', 'before', $obj);
if(!$output->toBool())