fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-05 09:41:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

RVE-2022-3 filter skin parameter and others in dispLayoutPreviewWithModule()

Browse source
This commit is contained in:
Kijin Sung 2022-06-28 20:12:02 +09:00
parent 3dfd78b729
commit 97586855d7
1 changed files with 5 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

11
modules/layout/layout.view.php
View file

@ -41,12 +41,11 @@ class layoutView extends layout
public function dispLayoutPreviewWithModule()
{
$content = '';
$layoutSrl = Context::get('layout_srl');
$module = Context::get('module_name');
$mid = Context::get('target_mid');
$skin = Context::get('skin');
$skinType = Context::get('skin_type');
$layoutSrl = intval(Context::get('layout_srl'));
$module = preg_replace('/[^a-zA-Z0-9_]/', '', Context::get('module_name'));
$mid = preg_replace('/[^a-zA-Z0-9\/_-]/', '', Context::get('target_mid'));
$skin = preg_replace('/[^a-zA-Z0-9_-]/', '', Context::get('skin'));
$skinType = Context::get('skin_type') === 'M' ? 'M' : 'P';
try
{