mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-07 02:31:40 +09:00
merge from branch 1.5.3.2 (r12300-r12332)
git-svn-id: http://xe-core.googlecode.com/svn/branches/luminous@12336 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
ovclas
commit
90bf16474c
3 changed files with 47 additions and 4 deletions
|
|
@ -113,6 +113,20 @@ class Context {
|
|||
* @var bool true if attached file exists
|
||||
*/
|
||||
var $is_uploaded = false;
|
||||
/**
|
||||
* Pattern for request vars check
|
||||
* @var array
|
||||
*/
|
||||
var $patterns = array(
|
||||
'/<\?/iUsm',
|
||||
'/<\%/iUsm',
|
||||
'/<script(\s|\S)*language[\s]*=[\s]*("|\')?[\s]*php[\s]*("|\')?(\s|\S)*/iUsm'
|
||||
);
|
||||
/**
|
||||
* Check init
|
||||
* @var bool false if init fail
|
||||
*/
|
||||
var $isSuccessInit = true;
|
||||
|
||||
/**
|
||||
* returns static context object (Singleton). It's to use Context without declaration of an object
|
||||
|
|
@ -847,15 +861,36 @@ class Context {
|
|||
|
||||
if($set_to_vars)
|
||||
{
|
||||
$val = preg_replace('/<\?/i', '', $val);
|
||||
$val = preg_replace('/<\%/i', '', $val);
|
||||
$val = preg_replace('/<script\s+language\s*=\s*("|\')php("|\')\s*>/ism', '', $val);
|
||||
$this->_recursiveCheckVar($val);
|
||||
}
|
||||
|
||||
$this->set($key, $val, $set_to_vars);
|
||||
}
|
||||
}
|
||||
|
||||
function _recursiveCheckVar($val)
|
||||
{
|
||||
if(is_string($val))
|
||||
{
|
||||
foreach($this->patterns as $pattern)
|
||||
{
|
||||
$result = preg_match($pattern, $val);
|
||||
if($result)
|
||||
{
|
||||
$this->isSuccessInit = FALSE;
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
else if(is_array($val))
|
||||
{
|
||||
foreach($val as $val2)
|
||||
{
|
||||
$this->_recursiveCheckVar($val2);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle request arguments for JSON
|
||||
*
|
||||
|
|
|
|||
|
|
@ -278,7 +278,7 @@
|
|||
{
|
||||
$click_count_columns = array();
|
||||
foreach($this->columns as $column){
|
||||
if($column->show() && $column instanceof ClickCountExpression)
|
||||
if($column->show() && is_a($column, 'ClickCountExpression'))
|
||||
$click_count_columns[] = $column;
|
||||
}
|
||||
return $click_count_columns;
|
||||
|
|
|
|||
|
|
@ -38,6 +38,14 @@
|
|||
$this->act = Context::get('act');
|
||||
return;
|
||||
}
|
||||
|
||||
$oContext = Context::getInstance();
|
||||
if($oContext->isSuccessInit == false)
|
||||
{
|
||||
$this->error = 'msg_invalid_request';
|
||||
return;
|
||||
}
|
||||
|
||||
// Set variables from request arguments
|
||||
$this->module = $module?$module:Context::get('module');
|
||||
$this->act = $act?$act:Context::get('act');
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue