From d3fba73ae6ab78df4da2ae18d7d9bb72b3021b68 Mon Sep 17 00:00:00 2001 From: bnu Date: Mon, 16 Feb 2015 17:42:59 +0900 Subject: [PATCH 1/8] =?UTF-8?q?fix=20#1262=20-=20parameter=20key=EB=A5=BC?= =?UTF-8?q?=20=ED=86=B5=ED=95=9C=20XSS=20=EB=B0=A9=EC=A7=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- classes/context/Context.class.php | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/classes/context/Context.class.php b/classes/context/Context.class.php index 1ed44854d..2f8ca22e6 100644 --- a/classes/context/Context.class.php +++ b/classes/context/Context.class.php @@ -367,6 +367,8 @@ class Context $this->allow_rewrite = ($this->db_info->use_rewrite == 'Y' ? TRUE : FALSE); // set locations for javascript use + $url = array(); + $current_url = self::getRequestUri(); if($_SERVER['REQUEST_METHOD'] == 'GET') { if($this->get_vars) @@ -386,17 +388,21 @@ class Context $url[] = $key . '=' . urlencode($val); } } - $this->set('current_url', self::getRequestUri() . '?' . join('&', $url)); + + $current_url = self::getRequestUri(); + if($url) $current_url .= '?' . join('&', $url); } else { - $this->set('current_url', $this->getUrl()); + $current_url = $this->getUrl(); } } else { - $this->set('current_url', self::getRequestUri()); + $current_url = self::getRequestUri(); } + + $this->set('current_url', $current_url); $this->set('request_uri', self::getRequestUri()); } @@ -1157,6 +1163,7 @@ class Context { continue; } + $key = htmlentities($key); $val = $this->_filterRequestVar($key, $val); if($requestMethod == 'GET' && isset($_GET[$key])) From 510fc05c1f1ac9b7739ce7c9f9d6846434baac22 Mon Sep 17 00:00:00 2001 From: bnu Date: Tue, 17 Feb 2015 14:51:51 +0900 Subject: [PATCH 2/8] fix #1246 --- common/tpl/redirect.html | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/common/tpl/redirect.html b/common/tpl/redirect.html index 72a28491c..e785edf71 100644 --- a/common/tpl/redirect.html +++ b/common/tpl/redirect.html @@ -5,8 +5,9 @@ - \ No newline at end of file + From 8c32b15967500cf824842253c1f9777602789870 Mon Sep 17 00:00:00 2001 From: MinSoo Kim Date: Mon, 16 Feb 2015 15:58:47 +0900 Subject: [PATCH 3/8] =?UTF-8?q?#1198=20=EC=9E=84=EC=8B=9C=20=EC=A0=80?= =?UTF-8?q?=EC=9E=A5=EA=B8=80=EC=9D=B4=20=ED=91=9C=EC=8B=9C=EB=90=98?= =?UTF-8?q?=EC=A7=80=20=EC=95=8A=EA=B2=8C=20=ED=95=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 권한이 있는 사람들만 임시 저장글을 VIEW 에서 볼 수 있게 수정 --- modules/board/board.view.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/modules/board/board.view.php b/modules/board/board.view.php index 97465b585..96a103f9d 100644 --- a/modules/board/board.view.php +++ b/modules/board/board.view.php @@ -267,6 +267,16 @@ class boardView extends board } } + // if the document is TEMP saved, check Grant + if($oDocument->getStatus() == 'TEMP') + { + $logged_info = Context::get('logged_info'); + if(!$oDocument->isGranted()) + { + $oDocument = $oDocumentModel->getDocument(0); + } + } + } else { From 685486c86ef6fd54ae4c9907bb73a456e6c74490 Mon Sep 17 00:00:00 2001 From: MinSoo Kim Date: Mon, 16 Feb 2015 16:04:50 +0900 Subject: [PATCH 4/8] =?UTF-8?q?#1198=20=EC=9D=98=EB=AF=B8=20=EC=97=86?= =?UTF-8?q?=EB=8A=94=20=EC=BD=94=EB=93=9C=20=ED=95=9C=20=EC=A4=84=20?= =?UTF-8?q?=EC=82=AD=EC=A0=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/board/board.view.php | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/board/board.view.php b/modules/board/board.view.php index 96a103f9d..18aeed71a 100644 --- a/modules/board/board.view.php +++ b/modules/board/board.view.php @@ -270,7 +270,6 @@ class boardView extends board // if the document is TEMP saved, check Grant if($oDocument->getStatus() == 'TEMP') { - $logged_info = Context::get('logged_info'); if(!$oDocument->isGranted()) { $oDocument = $oDocumentModel->getDocument(0); From 9e678a8da9712f57018f6dc4b286e285a456ed3a Mon Sep 17 00:00:00 2001 From: sejin7940 Date: Wed, 21 Jan 2015 23:08:55 +0900 Subject: [PATCH 5/8] Update point.controller.php --- modules/point/point.controller.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/point/point.controller.php b/modules/point/point.controller.php index 3e7cdc3c1..3337b5514 100644 --- a/modules/point/point.controller.php +++ b/modules/point/point.controller.php @@ -420,10 +420,12 @@ class pointController extends point // Get the defaul configurations of the Point Module $config = $oModuleModel->getModuleConfig('point'); // When the requested points are negative, compared it with the current point + $_SESSION['banned_document'][$obj->document_srl] = false; if($config->disable_read_document == 'Y' && $point < 0 && abs($point)>$cur_point) { $message = sprintf(Context::getLang('msg_disallow_by_point'), abs($point), $cur_point); $obj->add('content', $message); + $_SESSION['banned_document'][$obj->document_srl] = true; return new Object(-1, $message); } // If not logged in, pass From 6050f638869b217ae9f3053fb88efb89548df03d Mon Sep 17 00:00:00 2001 From: sejin7940 Date: Wed, 21 Jan 2015 23:09:48 +0900 Subject: [PATCH 6/8] Update document.controller.php --- modules/document/document.controller.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php index 4a2bedfd0..b3d26e818 100644 --- a/modules/document/document.controller.php +++ b/modules/document/document.controller.php @@ -876,7 +876,10 @@ class documentController extends document } // Register session - $_SESSION['readed_document'][$document_srl] = true; + if(!$_SESSION['banned_document'][$document_srl]) + { + + $_SESSION['readed_document'][$document_srl] = true; + + } return TRUE; } From 238180b575a466f17487650d4687f6c85fe58cbf Mon Sep 17 00:00:00 2001 From: sejin7940 Date: Thu, 22 Jan 2015 00:01:24 +0900 Subject: [PATCH 7/8] Update document.controller.php --- modules/document/document.controller.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php index b3d26e818..05f9ecafc 100644 --- a/modules/document/document.controller.php +++ b/modules/document/document.controller.php @@ -878,8 +878,8 @@ class documentController extends document // Register session if(!$_SESSION['banned_document'][$document_srl]) { - + $_SESSION['readed_document'][$document_srl] = true; - + } + $_SESSION['readed_document'][$document_srl] = true; + } return TRUE; } From 6aea065f131d4ed22a5ea2177cc59f4716a6bee3 Mon Sep 17 00:00:00 2001 From: bnu Date: Tue, 17 Feb 2015 14:56:49 +0900 Subject: [PATCH 8/8] version up to 1.7.11 --- config/config.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/config.inc.php b/config/config.inc.php index 5a4ec825f..d566e24dc 100644 --- a/config/config.inc.php +++ b/config/config.inc.php @@ -29,7 +29,7 @@ define('__ZBXE__', __XE__); /** * Display XE's full version. */ -define('__XE_VERSION__', '1.7.10'); +define('__XE_VERSION__', '1.7.11'); define('__XE_VERSION_ALPHA__', (stripos(__XE_VERSION__, 'alpha') !== false)); define('__XE_VERSION_BETA__', (stripos(__XE_VERSION__, 'beta') !== false)); define('__XE_VERSION_RC__', (stripos(__XE_VERSION__, 'rc') !== false));