mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-03 16:51:40 +09:00
Merge branch 'security/pollskin' into develop
This commit is contained in:
Kijin Sung
commit
6e3c9a7c0e
6 changed files with 42 additions and 22 deletions
|
|
@ -93,6 +93,7 @@ class TemplateHandler
|
|||
{
|
||||
// verify arguments
|
||||
$tpl_path = trim(preg_replace('@^' . preg_quote(\RX_BASEDIR, '@') . '|\./@', '', str_replace('\\', '/', $tpl_path)), '/') . '/';
|
||||
$tpl_path = preg_replace('/[\{\}\(\)\[\]<>\$\'"]/', '', $tpl_path);
|
||||
if($tpl_path === '/')
|
||||
{
|
||||
$tpl_path = '';
|
||||
|
|
|
|||
|
|
@ -191,8 +191,13 @@ class editorView extends editor
|
|||
function dispEditorSkinColorset()
|
||||
{
|
||||
$skin = Context::get('skin');
|
||||
if (!preg_match('/^[a-zA-Z0-9_-]+$/', $skin))
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest();
|
||||
}
|
||||
|
||||
$skin_info = ModuleModel::loadSkinInfo($this->module_path,$skin);
|
||||
$colorset = $skin_info->colorset;
|
||||
$colorset = $skin_info->colorset ?? null;
|
||||
Context::set('colorset', $colorset);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -41,12 +41,11 @@ class layoutView extends layout
|
|||
public function dispLayoutPreviewWithModule()
|
||||
{
|
||||
$content = '';
|
||||
$layoutSrl = Context::get('layout_srl');
|
||||
|
||||
$module = Context::get('module_name');
|
||||
$mid = Context::get('target_mid');
|
||||
$skin = Context::get('skin');
|
||||
$skinType = Context::get('skin_type');
|
||||
$layoutSrl = intval(Context::get('layout_srl'));
|
||||
$module = preg_replace('/[^a-zA-Z0-9_]/', '', Context::get('module_name'));
|
||||
$mid = preg_replace('/[^a-zA-Z0-9\/_-]/', '', Context::get('target_mid'));
|
||||
$skin = preg_replace('/[^a-zA-Z0-9_-]/', '', Context::get('skin'));
|
||||
$skinType = Context::get('skin_type') === 'M' ? 'M' : 'P';
|
||||
|
||||
try
|
||||
{
|
||||
|
|
|
|||
|
|
@ -957,8 +957,16 @@ class moduleModel extends module
|
|||
{
|
||||
// Read xml file having skin information
|
||||
if(substr($path,-1)!='/') $path .= '/';
|
||||
if(!preg_match('/^[a-zA-Z0-9_-]+$/', $skin))
|
||||
{
|
||||
return;
|
||||
}
|
||||
$skin_xml_file = sprintf("%s%s/%s/skin.xml", $path, $dir, $skin);
|
||||
if(!file_exists($skin_xml_file)) return;
|
||||
if(!file_exists($skin_xml_file))
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
// Create XmlParser object
|
||||
$oXmlParser = new XeXmlParser();
|
||||
$_xml_obj = $oXmlParser->loadXmlFile($skin_xml_file);
|
||||
|
|
|
|||
|
|
@ -349,18 +349,9 @@ class pollController extends poll
|
|||
|
||||
$oDB->commit();
|
||||
|
||||
//$skin = Context::get('skin');
|
||||
//if(!$skin || !is_dir(RX_BASEDIR . 'modules/poll/skins/'.$skin)) $skin = 'default';
|
||||
// Get tpl
|
||||
//$tpl = $oPollModel->getPollHtml($poll_srl, '', $skin);
|
||||
|
||||
$this->add('poll_srl', $poll_srl);
|
||||
$this->add('poll_item_srl',$item_srls);
|
||||
//$this->add('tpl',$tpl);
|
||||
$this->setMessage('success_poll');
|
||||
|
||||
//$returnUrl = Context::get('success_return_url') ? Context::get('success_return_url') : getNotEncodedUrl('', 'module', 'admin', 'act', 'dispPollAdminConfig');
|
||||
//$this->setRedirectUrl($returnUrl);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -370,8 +361,15 @@ class pollController extends poll
|
|||
{
|
||||
$poll_srl = Context::get('poll_srl');
|
||||
|
||||
$skin = Context::get('skin');
|
||||
if(!$skin || !is_dir(RX_BASEDIR . 'modules/poll/skins/'.$skin)) $skin = 'default';
|
||||
$skin = Context::get('skin') ?: 'default';
|
||||
if (!preg_match('/^[a-zA-Z0-9_-]+$/', $skin))
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest();
|
||||
}
|
||||
if (!Rhymix\Framework\Storage::isDirectory(RX_BASEDIR . 'modules/poll/skins/' . $skin))
|
||||
{
|
||||
$skin = 'default';
|
||||
}
|
||||
|
||||
$oPollModel = getModel('poll');
|
||||
$tpl = $oPollModel->getPollResultHtml($poll_srl, $skin);
|
||||
|
|
|
|||
|
|
@ -221,9 +221,10 @@ class pollModel extends poll
|
|||
if(!$output->data) return '';
|
||||
|
||||
$poll = new stdClass;
|
||||
$poll->style = $style;
|
||||
$poll->style = preg_replace('/[^a-zA-Z0-9_-]/', '', $style);
|
||||
$poll->poll_count = (int)$output->data->poll_count;
|
||||
$poll->stop_date = $output->data->stop_date;
|
||||
$skin = preg_replace('/[^a-zA-Z0-9_-]/', '', $skin);
|
||||
|
||||
$columnList = array('poll_index_srl', 'title', 'checkcount', 'poll_count');
|
||||
$output = executeQuery('poll.getPollTitle', $args, $columnList);
|
||||
|
|
@ -279,7 +280,7 @@ class pollModel extends poll
|
|||
if(!$output->data) return '';
|
||||
|
||||
$poll = new stdClass;
|
||||
$poll->style = $skin;
|
||||
$poll->style = preg_replace('/[^a-zA-Z0-9_-]/', '', $skin);
|
||||
$poll->poll_count = (int)$output->data->poll_count;
|
||||
$poll->stop_date = $output->data->stop_date;
|
||||
|
||||
|
|
@ -320,7 +321,15 @@ class pollModel extends poll
|
|||
*/
|
||||
public function getPollGetColorsetList()
|
||||
{
|
||||
$skin = Context::get('skin');
|
||||
$skin = Context::get('skin') ?: 'default';
|
||||
if (!preg_match('/^[a-zA-Z0-9_-]+$/', $skin))
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest();
|
||||
}
|
||||
if (!Rhymix\Framework\Storage::isDirectory(RX_BASEDIR . 'modules/poll/skins/' . $skin))
|
||||
{
|
||||
$skin = 'default';
|
||||
}
|
||||
|
||||
$oModuleModel = getModel('module');
|
||||
$skin_info = $oModuleModel->loadSkinInfo($this->module_path, $skin);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue