fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-02 01:52:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

Add 'command' type to R\F\Security::sanitize()

Browse source
This commit is contained in:
Kijin Sung 2026-03-31 21:02:33 +09:00
parent ae44685306
commit b1f84365a5
2 changed files with 18 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
common/framework/Security.php
View file

@ -37,13 +37,19 @@ class Security
case 'filename':
if (!utf8_check($input)) return false;
return Filters\FilenameFilter::clean($input);
// Clean up SVG content to prevent various attacks.
case 'svg':
if (!utf8_check($input)) return false;
$sanitizer = new \enshrined\svgSanitize\Sanitizer();
return strval($sanitizer->sanitize($input));
// Clean up a path to prevent argument injection.
case 'command':
if (!utf8_check($input)) return false;
if (\RX_WINDOWS || preg_match('![^a-z0-9/._-]!', $input)) return escapeshellarg($input);
return strval($input);
// Unknown filters.
default:
throw new Exception('Unknown filter type for sanitize: ' . $type);