mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-08 03:01:43 +09:00
다국어 등 코드를 생성하여 만들어지는 cache 파일의 취약점 수정
- 관리자 메뉴, 사용자 지정 다국어 cache를 object cache로 변경 - xpressengine/xe-core#2182
This commit is contained in:
Kijin Sung
parent
999bc92753
commit
e48179aa05
6 changed files with 73 additions and 97 deletions
|
|
@ -1896,7 +1896,7 @@ class menuAdminController extends menu
|
|||
$names = $oMenuAdminModel->getMenuItemNames($node->name, $site_srl);
|
||||
foreach($names as $key => $val)
|
||||
{
|
||||
$name_arr_str .= sprintf('"%s"=>%s,', $key, var_export($val, true));
|
||||
$name_arr_str .= sprintf('%s => %s, ', var_export($key, true), var_export($val, true));
|
||||
}
|
||||
$name_str = sprintf('$_names = array(%s); print $_names[$lang_type];', $name_arr_str);
|
||||
|
||||
|
|
@ -1940,23 +1940,23 @@ class menuAdminController extends menu
|
|||
if($group_srls)$group_check_code = sprintf('($is_admin==true||(is_array($group_srls)&&count(array_intersect($group_srls, array(%s))))||($is_logged&&%s))',$group_srls,$group_srls == -1?1:0);
|
||||
else $group_check_code = "true";
|
||||
$attribute = sprintf(
|
||||
'node_srl="%s" parent_srl="%s" menu_name_key=\'%s\' text="<?php if(%s) { %s }?>" url="<?php print(%s?"%s":"")?>" href="<?php print(%s?%s:"")?>" is_shortcut="%s" desc="%s" open_window="%s" expand="%s" normal_btn="%s" hover_btn="%s" active_btn="%s" link="<?php if(%s) {?>%s<?php }?>"',
|
||||
'node_srl="%d" parent_srl="%d" menu_name_key=%s text="<?php if(%s) { %s }?>" url="<?php print(%s?%s:"")?>" href="<?php print(%s?%s:"")?>" is_shortcut=%s desc=%s open_window=%s expand=%s normal_btn=%s hover_btn=%s active_btn=%s link="<?php if(%s) {?>%s<?php }?>"',
|
||||
$menu_item_srl,
|
||||
$node->parent_srl,
|
||||
addslashes($node->name),
|
||||
var_export($node->name, true),
|
||||
$group_check_code,
|
||||
$name_str,
|
||||
$group_check_code,
|
||||
$url,
|
||||
var_export($url, true),
|
||||
$group_check_code,
|
||||
$href,
|
||||
$is_shortcut,
|
||||
$desc,
|
||||
$open_window,
|
||||
$expand,
|
||||
$normal_btn,
|
||||
$hover_btn,
|
||||
$active_btn,
|
||||
var_export($is_shortcut, true),
|
||||
var_export($desc, true),
|
||||
var_export($open_window, true),
|
||||
var_export($expand, true),
|
||||
var_export($normal_btn, true),
|
||||
var_export($hover_btn, true),
|
||||
var_export($active_btn, true),
|
||||
$group_check_code,
|
||||
$link
|
||||
);
|
||||
|
|
@ -2069,26 +2069,26 @@ class menuAdminController extends menu
|
|||
}
|
||||
// Create properties (check if it belongs to the menu node by url_list. It looks a trick but fast and powerful)
|
||||
$attribute = sprintf(
|
||||
'"node_srl" => %d, "parent_srl" => %d, "menu_name_key" => \'%s\', "isShow" => (%s ? true : false), "text" => (%s ? $_menu_names[%d][$lang_type] : ""), "href" => (%s ? %s : ""), "url" => (%s ? "%s" : ""), "is_shortcut" => "%s", "desc" => \'%s\', "open_window" => "%s", "normal_btn" => "%s", "hover_btn" => "%s", "active_btn" => "%s", "selected" => (array(%s) && in_array(Context::get("mid"), array(%s)) ? 1 : 0), "expand" => \'%s\', "list" => array(%s), "link" => (%s ? (array(%s) && in_array(Context::get("mid"), array(%s)) ? %s : %s) : ""),',
|
||||
'"node_srl" => %d, "parent_srl" => %d, "menu_name_key" => %s, "isShow" => (%s ? true : false), "text" => (%s ? $_menu_names[%d][$lang_type] : ""), "href" => (%s ? %s : ""), "url" => (%s ? %s : ""), "is_shortcut" => %s, "desc" => %s, "open_window" => %s, "normal_btn" => %s, "hover_btn" => %s, "active_btn" => %s, "selected" => (array(%s) && in_array(Context::get("mid"), array(%s)) ? 1 : 0), "expand" => %s, "list" => array(%s), "link" => (%s ? (array(%s) && in_array(Context::get("mid"), array(%s)) ? %s : %s) : ""),',
|
||||
$node->menu_item_srl,
|
||||
$node->parent_srl,
|
||||
strip_tags(addslashes($node->name)),
|
||||
var_export(strip_tags($node->name), true),
|
||||
$group_check_code,
|
||||
$group_check_code,
|
||||
$node->menu_item_srl,
|
||||
$group_check_code,
|
||||
$href,
|
||||
$group_check_code,
|
||||
$url,
|
||||
$is_shortcut,
|
||||
$desc,
|
||||
$open_window,
|
||||
$normal_btn,
|
||||
$hover_btn,
|
||||
$active_btn,
|
||||
var_export($url, true),
|
||||
var_export($is_shortcut, true),
|
||||
var_export($desc, true),
|
||||
var_export($open_window, true),
|
||||
var_export($normal_btn, true),
|
||||
var_export($hover_btn, true),
|
||||
var_export($active_btn, true),
|
||||
$selected,
|
||||
$selected,
|
||||
$expand,
|
||||
var_export($expand, true),
|
||||
$child_buff,
|
||||
$group_check_code,
|
||||
$selected,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue