fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-07 10:41:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

file XSS Defense change

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/trunk@10229 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
ovclas 2012-02-28 05:34:44 +00:00
parent a709df327a
commit 774a187f65
2 changed files with 1 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
classes/context/Context.class.php
View file

@ -756,6 +756,7 @@ class Context {
foreach($_FILES as $key => $val) {
$tmp_name = $val['tmp_name'];
if(!$tmp_name || !is_uploaded_file($tmp_name)) continue;
$val['name'] = htmlspecialchars($val['name']);
$this->set($key, $val, true);
$this->is_uploaded = true;
}

3
modules/file/file.controller.php
View file

@ -512,9 +512,6 @@
$args->member_srl = $member_srl;
$args->sid = md5(rand(rand(1111111,4444444),rand(4444445,9999999)));
$security = new Security($args->source_filename);
$args->source_filename = $security->encodeHTML();
$output = executeQuery('file.insertFile', $args);
if(!$output->toBool()) return $output;
// Call a trigger (after)