fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-27 07:09:56 +09:00
Code Issues Projects Releases Packages Wiki Activity

Fix RVE-2023-1 editor module XSS

Browse source
This commit is contained in:
Kijin Sung 2023-07-05 01:34:48 +09:00
parent 103f5ce884
commit ed7a0bd4e2
2 changed files with 7 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/editor/skins/ckeditor/editor.html
View file

@ -143,11 +143,9 @@ var auto_saved_msg = "{$lang->msg_auto_saved}";
<!--@if($enable_component)-->
{@ $xe_component = array(); }
<!--@foreach($component_list as $component_name => $component)-->
{@ $xe_component[] = $component_name . ":'" . htmlentities($component->title, ENT_QUOTES, 'UTF-8') . "'"; }
{@ $xe_component[$component_name] = escape($component->title, false)}
<!--@endforeach-->
{@ $xe_component = implode(',', $xe_component); }
settings.ckeconfig.xe_component_arrays = {{$xe_component}};
settings.ckeconfig.xe_component_arrays = {json_encode($xe_component)};
<!--@else-->
settings.ckeconfig.xe_component_arrays = {};
<!--@endif-->