fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-01 16:22:41 +09:00
Code Issues Projects Releases Packages Wiki Activity

#18692685 : prevent CSRF attack

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/sandbox@7306 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
haneul 2010-02-23 06:47:01 +00:00
parent 0b13ce95d0
commit 6f9888f518
4 changed files with 36 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

26
config/func.inc.php
View file

@ -688,6 +688,7 @@
if($src) {
$url_info = parse_url($src);
$query = $url_info['query'];
$query = str_replace("&","&",$query);
$queries = explode('&', $query);
$cnt = count($queries);
for($i=0;$i<$cnt;$i++) {
@ -860,4 +861,29 @@
return false;
}
function stripEmbedTagForAdmin(&$content, $writer_member_srl)
{
if(!Context::get('is_logged')) return;
$oModuleModel = &getModel('module');
$logged_info = Context::get('logged_info');
if($writer_member_srl != $logged_info->member_srl && ($logged_info->is_admin == "Y" || $oModuleModel->isSiteAdmin($logged_info)) )
{
if($writer_member_srl)
{
$oMemberModel =& getModel('member');
$member_info = $oMemberModel->getMemberInfoByMemberSrl($writer_member_srl);
if($member_info->is_admin == "Y")
{
return;
}
}
$security_msg = "<div style='border: 1px solid #DDD; background: #FAFAFA; text-align:center; margin: 1em 0;'><p style='margin: 1em;'>".Context::getLang('security_warning_embed')."</p></div>";
$content = preg_replace('/<embed[^>]+>(\s*<\/embed>)?/is', $security_msg, $content);
$content = preg_replace('/<img[^>]+editor_component="multimedia_link"[^>]*>(\s*<\/img>)?/is', $security_msg, $content);
}
return;
}
?>