mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-06 18:21:39 +09:00
Merge branch 'develop' into pr/misc-refactor
Conflicts: classes/module/ModuleHandler.class.php
This commit is contained in:
Kijin Sung
commit
8e5f0b53bd
9 changed files with 82 additions and 74 deletions
|
|
@ -63,6 +63,11 @@ class ModuleHandler extends Handler
|
|||
{
|
||||
$this->entry = Context::convertEncodingStr($entry);
|
||||
}
|
||||
if(!$this->module && $this->mid === 'admin')
|
||||
{
|
||||
Context::set('module', $this->module = 'admin');
|
||||
Context::set('mid', $this->mid = null);
|
||||
}
|
||||
|
||||
// Validate variables to prevent XSS
|
||||
$isInvalid = NULL;
|
||||
|
|
@ -402,7 +407,22 @@ class ModuleHandler extends Handler
|
|||
return $oMessageObject;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// check CSRF for POST actions
|
||||
if(Context::getRequestMethod() === 'POST' && Context::isInstalled())
|
||||
{
|
||||
if($xml_info->action->{$this->act} && $xml_info->action->{$this->act}->check_csrf !== 'false' && !checkCSRF())
|
||||
{
|
||||
$this->_setInputErrorToContext();
|
||||
$this->error = 'msg_invalid_request';
|
||||
$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
|
||||
$oMessageObject->setError(-1);
|
||||
$oMessageObject->setMessage($this->error);
|
||||
$oMessageObject->dispMessage();
|
||||
return $oMessageObject;
|
||||
}
|
||||
}
|
||||
|
||||
if($this->module_info->use_mobile != "Y")
|
||||
{
|
||||
Mobile::setMobile(FALSE);
|
||||
|
|
@ -410,16 +430,6 @@ class ModuleHandler extends Handler
|
|||
|
||||
$logged_info = Context::get('logged_info');
|
||||
|
||||
// check CSRF for POST actions
|
||||
if(Context::getRequestMethod() === 'POST' && Context::isInstalled() && $this->act !== 'procFileUpload' && !checkCSRF()) {
|
||||
$this->error = 'msg_invalid_request';
|
||||
$oMessageObject = self::getModuleInstance('message', $display_mode);
|
||||
$oMessageObject->setError(-1);
|
||||
$oMessageObject->setMessage($this->error);
|
||||
$oMessageObject->dispMessage();
|
||||
return $oMessageObject;
|
||||
}
|
||||
|
||||
// Admin ip
|
||||
if($kind == 'admin' && $_SESSION['denied_admin'] == 'Y')
|
||||
{
|
||||
|
|
@ -552,7 +562,22 @@ class ModuleHandler extends Handler
|
|||
return $oMessageObject;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// check CSRF for POST actions
|
||||
if(Context::getRequestMethod() === 'POST' && Context::isInstalled())
|
||||
{
|
||||
if($xml_info->action->{$this->act} && $xml_info->action->{$this->act}->check_csrf !== 'false' && !checkCSRF())
|
||||
{
|
||||
$this->_setInputErrorToContext();
|
||||
$this->error = 'msg_invalid_request';
|
||||
$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
|
||||
$oMessageObject->setError(-1);
|
||||
$oMessageObject->setMessage($this->error);
|
||||
$oMessageObject->dispMessage();
|
||||
return $oMessageObject;
|
||||
}
|
||||
}
|
||||
|
||||
if($type == "view" && Mobile::isFromMobilePhone())
|
||||
{
|
||||
$orig_type = "view";
|
||||
|
|
@ -986,6 +1011,12 @@ class ModuleHandler extends Handler
|
|||
}
|
||||
|
||||
$php_file = FileHandler::exists($menu->php_file);
|
||||
if(!$php_file)
|
||||
{
|
||||
$oMenuAdminController = $oMenuAdminController ?: getAdminController('menu');
|
||||
$oMenuAdminController->makeXmlFile((isset($homeMenuSrl) && $homeMenuSrl) ? $homeMenuSrl : $menu->menu_srl);
|
||||
$php_file = FileHandler::exists($menu->php_file);
|
||||
}
|
||||
if($php_file)
|
||||
{
|
||||
include($php_file);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue