fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-08 03:01:43 +09:00
Code Issues Projects Releases Packages Wiki Activity

Fix #1752 user_lang escaping in menu

Browse source
This commit is contained in:
Kijin Sung 2015-09-17 11:31:31 +09:00
parent b93c5de6b1
commit 7fd1e4dc7d
1 changed files with 13 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

17
modules/menu/menu.admin.controller.php
View file

@ -543,9 +543,12 @@ class menuAdminController extends menu
if($request->menu_desc) $args->desc = $request->menu_desc; if($request->menu_desc) $args->desc = $request->menu_desc;
else $args->desc = ''; else $args->desc = '';
$args->name = strip_tags(removeHackTag($args->name)); if(!preg_match('/^\\$user_lang->[a-zA-Z0-9]+$/', $args->name))
{
$args->name = strip_tags(removeHackTag($args->name));
}
$args->desc = strip_tags(removeHackTag($args->desc)); $args->desc = strip_tags(removeHackTag($args->desc));
debugPrint($args);
if($request->module_id && strncasecmp('http', $request->module_id, 4) === 0) if($request->module_id && strncasecmp('http', $request->module_id, 4) === 0)
{ {
return new Object(-1, 'msg_invalid_request'); return new Object(-1, 'msg_invalid_request');
@ -732,7 +735,10 @@ debugPrint($request);
if($request->menu_desc) $args->desc = $request->menu_desc; if($request->menu_desc) $args->desc = $request->menu_desc;
else $args->desc = ''; else $args->desc = '';
$args->name = removeHackTag($args->name); if(!preg_match('/^\\$user_lang->[a-zA-Z0-9]+$/', $args->name))
{
$args->name = strip_tags(removeHackTag($args->name));
}
$args->desc = removeHackTag($args->desc); $args->desc = removeHackTag($args->desc);
unset($args->group_srls); unset($args->group_srls);
@ -813,7 +819,10 @@ debugPrint($request);
public function _updateMenuItem($itemInfo) public function _updateMenuItem($itemInfo)
{ {
$itemInfo->name = removeHackTag($itemInfo->name); if(!preg_match('/^\\$user_lang->[a-zA-Z0-9]+$/', $itemInfo->name))
{
$itemInfo->name = removeHackTag($itemInfo->name);
}
$itemInfo->desc = removeHackTag($itemInfo->desc); $itemInfo->desc = removeHackTag($itemInfo->desc);
$output = executeQuery('menu.updateMenuItem', $itemInfo); $output = executeQuery('menu.updateMenuItem', $itemInfo);