fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-13 07:22:13 +09:00
Code Issues Projects Releases Packages Wiki Activity

fix #1262

Browse source 
- parameter key를 통한 XSS 방지
This commit is contained in:
bnu 2015-02-16 17:42:59 +09:00
parent 2ddf51f9d8
commit d3fba73ae6
1 changed files with 10 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

13
classes/context/Context.class.php
View file

@ -367,6 +367,8 @@ class Context
$this->allow_rewrite = ($this->db_info->use_rewrite == 'Y' ? TRUE : FALSE);
// set locations for javascript use
$url = array();
$current_url = self::getRequestUri();
if($_SERVER['REQUEST_METHOD'] == 'GET')
{
if($this->get_vars)
@ -386,17 +388,21 @@ class Context
$url[] = $key . '=' . urlencode($val);
}
}
$this->set('current_url', self::getRequestUri() . '?' . join('&', $url));
$current_url = self::getRequestUri();
if($url) $current_url .= '?' . join('&', $url);
}
else
{
$this->set('current_url', $this->getUrl());
$current_url = $this->getUrl();
}
}
else
{
$this->set('current_url', self::getRequestUri());
$current_url = self::getRequestUri();
}
$this->set('current_url', $current_url);
$this->set('request_uri', self::getRequestUri());
}
@ -1157,6 +1163,7 @@ class Context
{
continue;
}
$key = htmlentities($key);
$val = $this->_filterRequestVar($key, $val);
if($requestMethod == 'GET' && isset($_GET[$key]))