fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-08 03:01:43 +09:00
Code Issues Projects Releases Packages Wiki Activity

Move some security measures from ModuleHandler to Context

Browse source
This commit is contained in:
Kijin Sung 2020-06-17 22:31:22 +09:00
parent b5740052fc
commit 85c2f87f13
2 changed files with 9 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

20
classes/module/ModuleHandler.class.php
View file

@ -94,26 +94,6 @@ class ModuleHandler extends Handler
Context::set('mid', $this->mid = null);
}
// Validate variables to prevent XSS
$isInvalid = false;
if($this->module && !preg_match('/^[a-zA-Z0-9_-]+$/', $this->module))
{
$isInvalid = true;
}
if($this->mid && !preg_match('/^[a-zA-Z0-9_-]+$/', $this->mid))
{
$isInvalid = true;
}
if($this->act && !preg_match('/^[a-zA-Z0-9_-]+$/', $this->act))
{
$isInvalid = true;
}
if($isInvalid)
{
$this->error = 'msg_security_violation';
return;
}
// call a trigger before moduleHandler init
self::triggerCall('moduleHandler.init', 'before', $this);