diff --git a/classes/context/Context.class.php b/classes/context/Context.class.php index 57fdb521b..5a168e251 100644 --- a/classes/context/Context.class.php +++ b/classes/context/Context.class.php @@ -113,6 +113,11 @@ class Context { * @var bool true if attached file exists */ var $is_uploaded = false; + /** + * Check init + * @var bool false if init fail + */ + var $isSuccessInit = true; /** * returns static context object (Singleton). It's to use Context without declaration of an object @@ -802,6 +807,12 @@ class Context { function _setRequestArgument() { if(!count($_REQUEST)) return; + $pattern = array( + '/<\?/iUsm', + '/<\%/iUsm', + '/ $val) { if($val === '' || Context::get($key)) continue; $val = $this->_filterRequestVar($key, $val); @@ -812,9 +823,15 @@ class Context { if($set_to_vars) { - $val = preg_replace('/<\?.*(\?>)?/iUsm', '', $val); - $val = preg_replace('/<\%.*(\%>)?/iUsm', '', $val); - $val = preg_replace('/.*<[\s]*\/[\s]*script[\s]*>/iUsm', '', $val); + foreach($pattern AS $key2=>$value2) + { + $result = preg_match($value2, $val); + if($result) + { + $this->isSuccessInit = false; + break; + } + } } $this->set($key, $val, $set_to_vars); diff --git a/classes/module/ModuleHandler.class.php b/classes/module/ModuleHandler.class.php index 8a135f953..11b42fce7 100644 --- a/classes/module/ModuleHandler.class.php +++ b/classes/module/ModuleHandler.class.php @@ -38,6 +38,14 @@ $this->act = Context::get('act'); return; } + + $oContext = Context::getInstance(); + if($oContext->isSuccessInit == false) + { + $this->error = 'msg_invalid_request'; + return; + } + // Set variables from request arguments $this->module = $module?$module:Context::get('module'); $this->act = $act?$act:Context::get('act');