fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-25 13:22:16 +09:00
Code Issues Projects Releases Packages Wiki Activity

fix #1145 SECISSUE xe_js_callback 필터링 적용

Browse source
This commit is contained in:
bnu 2015-01-06 17:10:50 +09:00
parent ab314a4ec5
commit b3817eb42d
1 changed files with 11 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

13
classes/context/Context.class.php
View file

@ -1113,7 +1113,7 @@ class Context
{
is_a($this, 'Context') ? $self = $this : $self = self::getInstance();
$self->js_callback_func = isset($_GET['xe_js_callback']) ? $_GET['xe_js_callback'] : $_POST['xe_js_callback'];
$self->js_callback_func = $self->getJSCallbackFunc();
($type && $self->request_method = $type) or
(strpos($_SERVER['CONTENT_TYPE'], 'json') && $self->request_method = 'JSON') or
@ -1458,7 +1458,16 @@ class Context
function getJSCallbackFunc()
{
is_a($this, 'Context') ? $self = $this : $self = self::getInstance();
return $self->js_callback_func;
$js_callback_func = isset($_GET['xe_js_callback']) ? $_GET['xe_js_callback'] : $_POST['xe_js_callback'];
if(!preg_match('/^[a-z0-9\.]+$/i', $js_callback_func))
{
unset($js_callback_func);
unset($_GET['xe_js_callback']);
unset($_POST['xe_js_callback']);
}
return $js_callback_func;
}
/**