fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-09 11:44:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

Fix direct file access via procFileGetList

Browse source 
@conory
This commit is contained in:
Kijin Sung 2017-03-08 17:14:23 +09:00
parent 23a130f53c
commit 910610e62d
2 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/file/file.controller.php
View file

@ -546,6 +546,12 @@ class fileController extends file
function procFileGetList()
{
if(!Context::get('is_logged')) return new Object(-1,'msg_not_permitted');
$logged_info = Context::get('logged_info');
if($logged_info->is_admin !== 'Y' && !getModel('module')->isSiteAdmin($logged_info))
{
return new Object(-1,'msg_not_permitted');
}
$fileSrls = Context::get('file_srls');
if($fileSrls) $fileSrlList = explode(',', $fileSrls);