fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-09 11:44:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

Move XSS filtering before multilang juggling

Browse source
This commit is contained in:
Kijin Sung 2022-02-07 02:13:59 +09:00
parent 5a95f0c3f3
commit df1438ea04
1 changed files with 6 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

12
modules/document/document.controller.php
View file

@ -903,6 +903,12 @@ class documentController extends document
$obj->content = getModel('editor')->converter($obj, 'document'); $obj->content = getModel('editor')->converter($obj, 'document');
} }
// Remove iframe and script if not a top adminisrator in the session.
if($logged_info->is_admin != 'Y')
{
$obj->content = removeHackTag($obj->content);
}
// Change not extra vars but language code of the original document if document's lang_code is different from author's setting. // Change not extra vars but language code of the original document if document's lang_code is different from author's setting.
if($source_obj->get('lang_code') != Context::getLangType()) if($source_obj->get('lang_code') != Context::getLangType())
{ {
@ -928,12 +934,6 @@ class documentController extends document
} }
} }
// Remove iframe and script if not a top adminisrator in the session.
if($logged_info->is_admin != 'Y')
{
$obj->content = removeHackTag($obj->content);
}
// if temporary document, regdate is now setting // if temporary document, regdate is now setting
if($source_obj->get('status') == $this->getConfigStatus('temp')) $obj->regdate = date('YmdHis'); if($source_obj->get('status') == $this->getConfigStatus('temp')) $obj->regdate = date('YmdHis');