mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-20 03:39:56 +09:00
merge from branch luminous (version 1.5.4.2, ~r12561)
git-svn-id: http://xe-core.googlecode.com/svn/trunk@12611 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
flyskyko
parent
2263200ce4
commit
cc47d2b247
196 changed files with 3655 additions and 2033 deletions
|
|
@ -326,7 +326,7 @@
|
|||
$request_uri = Context::getRequestUri();
|
||||
if(!$num_args) return $request_uri;
|
||||
|
||||
$url = Context::getUrl($num_args, $args_list);
|
||||
$url = Context::getUrl($num_args, $args_list, null, false);
|
||||
if(!preg_match('/^http/i',$url)){
|
||||
preg_match('/^(http|https):\/\/([^\/]+)\//',$request_uri,$match);
|
||||
$url = Context::getUrl($num_args, $args_list, null, false);
|
||||
|
|
@ -780,7 +780,7 @@
|
|||
$oEmbedFilter->check($content);
|
||||
|
||||
// change the specific tags to the common texts
|
||||
$content = preg_replace('@<(\/?(?:html|body|head|title|meta|base|link|script|style|applet)(/*)[\w\s>])@i', '<$1', $content);
|
||||
$content = preg_replace('@<(\/?(?:html|body|head|title|meta|base|link|script|style|applet)(/*).*?>)@i', '<$1', $content);
|
||||
|
||||
/**
|
||||
* Remove codes to abuse the admin session in src by tags of imaages and video postings
|
||||
|
|
@ -938,7 +938,7 @@
|
|||
**/
|
||||
function getRequestUriByServerEnviroment()
|
||||
{
|
||||
return $_SERVER['REQUEST_URI'];
|
||||
return removeHackTag($_SERVER['REQUEST_URI']);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -1131,6 +1131,38 @@
|
|||
}
|
||||
}
|
||||
|
||||
function checkCSRF()
|
||||
{
|
||||
if($_SERVER['REQUEST_METHOD'] != 'POST')
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
$defaultUrl = Context::getDefaultUrl();
|
||||
$referer = parse_url($_SERVER["HTTP_REFERER"]);
|
||||
|
||||
$oModuleModel = &getModel('module');
|
||||
$siteModuleInfo = $oModuleModel->getDefaultMid();
|
||||
|
||||
if($siteModuleInfo->site_srl == 0)
|
||||
{
|
||||
if(!strstr(strtolower($defaultUrl), strtolower($referer['host'])))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$virtualSiteInfo = $oModuleModel->getSiteInfo($siteModuleInfo->site_srl);
|
||||
if(strtolower($virtualSiteInfo->domain) != strtolower(Context::get('vid')) && !strstr(strtolower($virtualSiteInfo->domain), strtolower($referer['host'])))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Print raw html header
|
||||
*
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue