fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-10 04:03:01 +09:00
Code Issues Projects Releases Packages Wiki Activity

fix #1230 SECISSUE

Browse source 
- `xeVirtualRequestUrl` parameter를 이용한 XSS 취약점
- 제보 : 한국인터넷진흥원
This commit is contained in:
bnu 2015-02-04 13:52:42 +09:00
parent a33a4b3081
commit 97cae83049
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
classes/display/VirtualXMLDisplayHandler.php
View file

@ -14,8 +14,8 @@ class VirtualXMLDisplayHandler
$message = $oModule->getMessage();
$redirect_url = $oModule->get('redirect_url');
$request_uri = Context::get('xeRequestURI');
$request_url = Context::get('xeVirtualRequestUrl');
$output = new stdClass;
$request_url = Context::getRequestUri();
$output = new stdClass();
if(substr_compare($request_url, '/', -1) !== 0)
{