fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-07 10:41:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

embed whitelist를 별도로 캐싱하지 않고 직접 include하여 사용하도록 변경

Browse source
This commit is contained in:
Kijin Sung 2016-01-07 10:14:40 +09:00
parent ca3001141c
commit bd15128e14
4 changed files with 1702 additions and 312 deletions
Download patch file Download diff file Expand all files Collapse all files

21
modules/admin/admin.admin.controller.php
View file

@ -549,17 +549,24 @@ class adminAdminController extends admin
$white_object = preg_replace("/[\r\n|\r|\n]+/", '|@|', $white_object);
$white_object = preg_replace("/[\s\'\"]+/", '', $white_object);
$white_object = explode('|@|', $white_object);
$white_object = array_unique($white_object);
$white_object = array_unique(array_map(function($item) {
return preg_match('@^https?://(.*)$@i', $item, $matches) ? $matches[1] : $item;
}, $white_object));
natcasesort($white_object);
$white_iframe = $vars->embed_white_iframe;
$white_iframe = preg_replace("/[\r\n|\r|\n]+/", '|@|', $white_iframe);
$white_iframe = preg_replace("/[\s\'\"]+/", '', $white_iframe);
$white_iframe = explode('|@|', $white_iframe);
$white_iframe = array_unique($white_iframe);
$white_iframe = array_unique(array_map(function($item) {
return preg_match('@^https?://(.*)$@i', $item, $matches) ? $matches[1] : $item;
}, $white_iframe));
natcasesort($white_iframe);
$whitelist = new stdClass;
$whitelist->object = $white_object;
$whitelist->iframe = $white_iframe;
$whitelist = array(
'object' => $white_object,
'iframe' => $white_iframe,
);
$db_info->embed_white_object = $white_object;
$db_info->embed_white_iframe = $white_iframe;
@ -570,10 +577,6 @@ class adminAdminController extends admin
return new Object(-1, 'msg_invalid_request');
}
require_once(_XE_PATH_ . 'classes/security/EmbedFilter.class.php');
$oEmbedFilter = EmbedFilter::getInstance();
$oEmbedFilter->_makeWhiteDomainList($whitelist);
if(!in_array(Context::getRequestMethod(), array('XMLRPC','JSON')))
{
$returnUrl = Context::get('success_return_url');

1
modules/admin/admin.admin.view.php
View file

@ -460,7 +460,6 @@ class adminAdminView extends admin
Context::set('htmlFooter', htmlspecialchars($config->htmlFooter));
// embed filter
require_once(_XE_PATH_ . 'classes/security/EmbedFilter.class.php');
$oEmbedFilter = EmbedFilter::getInstance();
context::set('embed_white_object', implode(PHP_EOL, $oEmbedFilter->whiteUrlList));
context::set('embed_white_iframe', implode(PHP_EOL, $oEmbedFilter->whiteIframeUrlList));