fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-09 03:32:00 +09:00
Code Issues Projects Releases Packages Wiki Activity

Fix TypeError in page.view.php if an array is passed in the URL

Browse source
This commit is contained in:
Kijin Sung 2025-05-23 20:26:24 +09:00
parent f99102ca33
commit bb95f24617
1 changed files with 30 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

38
modules/page/page.view.php
View file

@ -188,14 +188,8 @@ class PageView extends Page
return; return;
} }
// Kick out anyone who tries to exploit RVE-2022-2. // Check parameters.
foreach (Context::getRequestVars() as $key => $val) $this->_checkParams(Context::getRequestVars());
{
if (preg_match('/[\{\}\(\)<>\$\'"]/', $key) || preg_match('/[\{\}\(\)<>\$\'"]/', $val))
{
throw new Rhymix\Framework\Exceptions\SecurityViolation();
}
}
// External URL // External URL
if (preg_match('!^[a-z]+://!i', $this->path)) if (preg_match('!^[a-z]+://!i', $this->path))
@ -210,6 +204,34 @@ class PageView extends Page
} }
} }
/**
* Check parameters for suspicious keys or values.
*
* This helps protect external pages from RVE-2022-2.
*
* @param array|object $vars
* @return void
*/
protected function _checkParams($vars)
{
foreach ($vars as $key => $val)
{
if (preg_match('/[\{\}\(\)<>\$\'"]/', $key))
{
throw new Rhymix\Framework\Exceptions\SecurityViolation();
}
if (is_array($val) || is_object($val))
{
$this->_checkParams($val);
}
elseif (preg_match('/[\{\}\(\)<>\$\'"]/', (string)$val))
{
throw new Rhymix\Framework\Exceptions\SecurityViolation();
}
}
}
/** /**
* @brief Save the file and return if a file is requested by http * @brief Save the file and return if a file is requested by http
*/ */