fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-07 18:51:41 +09:00
Code Issues Projects Releases Packages Wiki Activity

다국어 등 코드를 생성하여 만들어지는 cache 파일의 취약점 수정

Browse source 
- 관리자 메뉴, 사용자 지정 다국어 cache를 object cache로 변경
- xpressengine/xe-core#2182
This commit is contained in:
Kijin Sung 2017-11-30 22:50:36 +09:00
parent 999bc92753
commit e48179aa05
6 changed files with 73 additions and 97 deletions
Download patch file Download diff file Expand all files Collapse all files

43
modules/module/module.controller.php
View file

@ -1041,45 +1041,34 @@ class moduleController extends module
* @brief Change user-defined language
*/
function replaceDefinedLangCode(&$output, $isReplaceLangCode = true)
{
if($isReplaceLangCode)
{
$output = preg_replace_callback('!\$user_lang->([a-z0-9\_]+)!is', array($this,'_replaceLangCode'), $output);
}
}
function _replaceLangCode($matches)
{
static $lang = null;
if(is_null($lang))
if($isReplaceLangCode)
{
$cache_file = sprintf('%sfiles/cache/lang_defined/%d.%s.php', _XE_PATH_, 0, Context::getLangType());
if(!file_exists($cache_file))
if($lang === null)
{
$oModuleAdminController = getAdminController('module');
$oModuleAdminController->makeCacheDefinedLangCode(0);
}
if(file_exists($cache_file))
{
$moduleAdminControllerMtime = filemtime(_XE_PATH_ . 'modules/module/module.admin.controller.php');
$cacheFileMtime = filemtime($cache_file);
if($cacheFileMtime < $moduleAdminControllerMtime)
$lang = Rhymix\Framework\Cache::get('site_and_module:user_defined_langs:' . $args->site_srl . ':' . Context::getLangType());
if($lang === null)
{
$oModuleAdminController = getAdminController('module');
$oModuleAdminController->makeCacheDefinedLangCode(0);
$lang = $oModuleAdminController->makeCacheDefinedLangCode($site_module_info->site_srl);
}
require_once($cache_file);
}
$output = preg_replace_callback('!\$user_lang->([a-z0-9\_]+)!is', function($matches) use($lang) {
if(isset($lang[$matches[1]]) && !Context::get($matches[1]))
{
return $lang[$matches[1]];
}
else
{
return str_replace('$user_lang->', '', $matches[0]);
}
}, $output);
}
if(!Context::get($matches[1]) && $lang[$matches[1]]) return $lang[$matches[1]];
return str_replace('$user_lang->','',$matches[0]);
}
/**
* @brief Add and update a file into the file box
*/