fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-25 21:32:51 +09:00
Code Issues Projects Releases Packages Wiki Activity

fix #1747 갤러리 컴포넌트를 이용한 CSRF 취약점 해결

Browse source
This commit is contained in:
bnu 2015-09-14 14:43:02 +09:00
parent f101082245
commit 859e283746
1 changed files with 11 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

16
modules/editor/components/image_gallery/image_gallery.class.php
View file

@ -43,18 +43,24 @@ class image_gallery extends EditorHandler
*/
function transHTML($xml_obj)
{
$gallery_info = new stdClass;
$gallery_info->srl = rand(111111,999999);
$gallery_info->border_thickness = $xml_obj->attrs->border_thickness;
$gallery_info = new stdClass();
$gallery_info->srl = rand(111111, 999999);
$gallery_info->border_thickness = (int)$xml_obj->attrs->border_thickness;
$gallery_info->gallery_style = $xml_obj->attrs->gallery_style;
$color_preg = "/^([a-fA-F0-9]{6})/";
$gallery_info->border_color = preg_replace($color_preg,"#$1",$xml_obj->attrs->border_color);
$gallery_info->bg_color = preg_replace($color_preg,"#$1",$xml_obj->attrs->bg_color);
$gallery_info->gallery_align = $xml_obj->attrs->gallery_align;
if(!in_array($gallery_info->gallery_align, array('left', 'center', 'right'))) {
$gallery_info->gallery_align = 'center';
}
$images_list = $xml_obj->attrs->images_list;
$images_list = preg_replace('/\.(gif|jpg|jpeg|png) /i',".\\1\n",$images_list);
$gallery_info->images_list = explode("\n",trim($images_list));
$images_list = preg_replace('/\.(gif|jpe?g|png) /i', ".\\1\n", $images_list);
$images_list = explode("\n", trim($images_list));
$gallery_info->images_list = preg_grep("/^[a-z0-9\/]+\.(gif|jpe?g|png)+$/", $images_list);
// If you set the output to output the XML code generated a list of the image
if(Context::getResponseMethod() == 'XMLRPC')
{