fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-08 19:21:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

#309 SECISSUE homepage필드를 이용한 XSS 공격 방어, 댓글 작성시에도 적용

Browse source
This commit is contained in:
khongchi 2014-03-12 13:41:49 +09:00
parent 775f68a31a
commit ecb5628725
2 changed files with 21 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
modules/document/document.controller.php
View file

@ -398,7 +398,15 @@ class documentController extends document
if(!$obj->commentStatus) $obj->commentStatus = 'DENY';
if($obj->commentStatus == 'DENY') $this->_checkCommentStatusForOldVersion($obj);
if($obj->allow_trackback!='Y') $obj->allow_trackback = 'N';
if($obj->homepage && !preg_match('/^[a-z]+:\/\//i',$obj->homepage)) $obj->homepage = 'http://'.$obj->homepage;
if($obj->homepage)
{
$obj->homepage = removeHackTag($obj->homepage);
if(!preg_match('/^[a-z]+:\/\//i',$obj->homepage))
{
$obj->homepage = 'http://'.$obj->homepage;
}
}
if($obj->notify_message != 'Y') $obj->notify_message = 'N';
// can modify regdate only manager