fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-02 01:52:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'rhymix:master' into master

Browse source
This commit is contained in:
Lastorder 2026-04-01 12:04:22 +09:00 committed by GitHub
commit dd8fc890f4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
39 changed files with 396 additions and 220 deletions
Download patch file Download diff file Expand all files Collapse all files

8
common/framework/Security.php
View file

@ -37,13 +37,19 @@ class Security
case 'filename':
if (!utf8_check($input)) return false;
return Filters\FilenameFilter::clean($input);
// Clean up SVG content to prevent various attacks.
case 'svg':
if (!utf8_check($input)) return false;
$sanitizer = new \enshrined\svgSanitize\Sanitizer();
return strval($sanitizer->sanitize($input));
// Clean up a path to prevent argument injection.
case 'command':
if (!utf8_check($input)) return false;
if (\RX_WINDOWS || preg_match('![^a-z0-9/._-]!', $input)) return escapeshellarg($input);
return strval($input);
// Unknown filters.
default:
throw new Exception('Unknown filter type for sanitize: ' . $type);