mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-04-27 22:33:10 +09:00
SECISSUE fix #989 parameter를 이용한 XSS 공격 가능성 방어
This commit is contained in:
bnu
parent
bc786236b1
commit
6c0196c917
1 changed files with 6 additions and 4 deletions
|
|
@ -1267,15 +1267,17 @@ class Context
|
|||
$val = array($val);
|
||||
}
|
||||
|
||||
$result = array();
|
||||
foreach($val as $k => $v)
|
||||
{
|
||||
$k = htmlentities($k);
|
||||
if($key === 'page' || $key === 'cpage' || substr_compare($key, 'srl', -3) === 0)
|
||||
{
|
||||
$val[$k] = !preg_match('/^[0-9,]+$/', $v) ? (int) $v : $v;
|
||||
$result[$k] = !preg_match('/^[0-9,]+$/', $v) ? (int) $v : $v;
|
||||
}
|
||||
elseif($key === 'mid' || $key === 'vid' || $key === 'search_keyword')
|
||||
{
|
||||
$val[$k] = htmlspecialchars($v, ENT_COMPAT | ENT_HTML401, 'UTF-8', FALSE);
|
||||
$result[$k] = htmlspecialchars($v, ENT_COMPAT | ENT_HTML401, 'UTF-8', FALSE);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -1286,12 +1288,12 @@ class Context
|
|||
|
||||
if(!is_array($v))
|
||||
{
|
||||
$val[$k] = trim($v);
|
||||
$result[$k] = trim($v);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $isArray ? $val : $val[0];
|
||||
return $isArray ? $result : $result[0];
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue