fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-27 14:22:54 +09:00
Code Issues Projects Releases Packages Wiki Activity

Move some security measures from ModuleHandler to Context

Browse source
This commit is contained in:
Kijin Sung 2020-06-17 22:31:22 +09:00
parent b5740052fc
commit 85c2f87f13
2 changed files with 9 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

10
classes/context/Context.class.php
View file

@ -1439,7 +1439,15 @@ class Context
{
$_val = (int)$_val;
}
elseif(in_array($key, array('mid', 'vid', 'search_target', 'search_keyword', 'xe_validator_id')) || $_SERVER['REQUEST_METHOD'] === 'GET')
elseif(in_array($key, array('mid', 'vid', 'act', 'module')))
{
$_val = preg_match('/^[a-zA-Z0-9_-]+$/', $_val) ? $_val : null;
if($_val === null)
{
self::$_instance->security_check = 'DENY ALL';
}
}
elseif(in_array($key, array('search_target', 'search_keyword', 'xe_validator_id')) || $_SERVER['REQUEST_METHOD'] === 'GET')
{
$_val = escape($_val, false);
if(ends_with('url', $key, false))