fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-05 17:51:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

98267d90d5 보안 숫자 검사하지 않고 intval 처리 하여 새 그룹 등록 여부 확인

Browse source
This commit is contained in:
BJRambo 2021-05-30 19:29:20 +09:00
parent 98267d90d5
commit 960d0018d0
1 changed files with 3 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

15
modules/communication/communication.controller.php
View file

@ -690,20 +690,10 @@ class communicationController extends communication
throw new Rhymix\Framework\Exceptions\MustLogin;
}
$friend_group_srl = trim(Context::get('friend_group_srl'));
$friend_group_srl = intval(trim(Context::get('friend_group_srl')));
// Variables
$args = new stdClass();
if($friend_group_srl)
{
if(!is_numeric($friend_group_srl))
{
throw new Rhymix\Framework\Exceptions\InvalidRequest;
}
$args->friend_group_srl = $friend_group_srl;
}
$args->member_srl = $this->user->member_srl;
$args->title = escape(Context::get('title'));
@ -713,8 +703,9 @@ class communicationController extends communication
}
// modify if friend_group_srl exists.
if($args->friend_group_srl)
if($friend_group_srl)
{
$args->friend_group_srl = $friend_group_srl;
$output = executeQuery('communication.renameFriendGroup', $args);
$msg_code = 'success_updated';
}