fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-10 20:44:28 +09:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1783 from YJSoft/security/1015-001

Browse source 
SECISSUE 허용되지 않은 방식으로 act를 실행할 수 있는 문제 고침
This commit is contained in:
bnu 2015-10-16 14:20:38 +09:00
commit e335ed4af8
1 changed files with 28 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

30
classes/module/ModuleHandler.class.php
View file

@ -525,6 +525,34 @@ class ModuleHandler extends Handler
$tpl_path = $oModule->getTemplatePath(); $tpl_path = $oModule->getTemplatePath();
$orig_module = $oModule; $orig_module = $oModule;
$xml_info = $oModuleModel->getModuleActionXml($forward->module);
// SECISSUE also check foward act method
// check REQUEST_METHOD in controller
if($type == 'controller')
{
$allowedMethod = $xml_info->action->{$forward->act}->method;
if(!$allowedMethod)
{
$allowedMethodList[0] = 'POST';
}
else
{
$allowedMethodList = explode('|', strtoupper($allowedMethod));
}
if(!in_array(strtoupper($_SERVER['REQUEST_METHOD']), $allowedMethodList))
{
$this->error = "msg_invalid_request";
$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
return $oMessageObject;
}
}
if($type == "view" && Mobile::isFromMobilePhone()) if($type == "view" && Mobile::isFromMobilePhone())
{ {
$orig_type = "view"; $orig_type = "view";
@ -557,8 +585,6 @@ class ModuleHandler extends Handler
return $oMessageObject; return $oMessageObject;
} }
$xml_info = $oModuleModel->getModuleActionXml($forward->module);
if($this->module == "admin" && $type == "view") if($this->module == "admin" && $type == "view")
{ {
if($logged_info->is_admin == 'Y') if($logged_info->is_admin == 'Y')