fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-24 12:52:19 +09:00
Code Issues Projects Releases Packages Wiki Activity

fixed XSS scripting

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@10120 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
devjin 2012-02-14 09:56:49 +00:00
parent 734d5fe7a5
commit d187088c98
1 changed files with 10 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

12
modules/layout/layout.admin.controller.php
View file

@ -235,13 +235,21 @@
**/
function procLayoutAdminCodeUpdate() {
$mode = Context::get('mode');
if ($mode == 'reset') return $this->procLayoutAdminCodeReset();
if ($mode == 'reset')
{
return $this->procLayoutAdminCodeReset();
}
$layout_srl = Context::get('layout_srl');
$code = Context::get('code');
$code_css = Context::get('code_css');
$is_post = (Context::getRequestMethod() == 'POST');
if(!$layout_srl || !$code) return new Object(-1, 'msg_invalid_request');
if(!$layout_srl || !$code || !$is_post)
{
return new Object(-1, 'msg_invalid_request');
}
$code = preg_replace('/<\?.*(\?>)?/sm', '', $code);
$oLayoutModel = &getModel('layout');
$layout_file = $oLayoutModel->getUserLayoutHtml($layout_srl);