fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-17 09:24:17 +09:00
Code Issues Projects Releases Packages Wiki Activity

Fix unauthorized config manipulation in document and comment modules

Browse source 
Reported by @conory
This commit is contained in:
Kijin Sung 2017-03-01 23:35:12 +09:00
parent f1c24a4690
commit dc84dd1310
2 changed files with 47 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

36
modules/comment/comment.controller.php
View file

@ -1525,14 +1525,28 @@ class commentController extends comment
*/
function procCommentInsertModuleConfig()
{
$module_srl = Context::get('target_module_srl');
if(preg_match('/^([0-9,]+)$/', $module_srl))
$target_module_srl = Context::get('target_module_srl');
$target_module_srl = array_map('trim', explode(',', $target_module_srl));
$logged_info = Context::get('logged_info');
$module_srl = array();
$oModuleModel = getModel('module');
foreach ($target_module_srl as $srl)
{
$module_srl = explode(',', $module_srl);
}
else
{
$module_srl = array($module_srl);
if (!$srl) continue;
$module_info = $oModuleModel->getModuleInfoByModuleSrl($srl);
if (!$module_info->module_srl)
{
return new Object(-1, 'msg_invalid_request');
}
$module_grant = $oModuleModel->getGrant($module_info, $logged_info);
if (!$module_grant->manager)
{
return new Object(-1, 'msg_not_permitted');
}
$module_srl[] = $srl;
}
$comment_config = new stdClass();
@ -1560,14 +1574,8 @@ class commentController extends comment
$comment_config->use_comment_validation = 'N';
}
for($i = 0; $i < count($module_srl); $i++)
foreach ($module_srl as $srl)
{
$srl = trim($module_srl[$i]);
if(!$srl)
{
continue;
}
$output = $this->setCommentModuleConfig($srl, $comment_config);
}