fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-04 17:21:39 +09:00
Code Issues Projects Releases Packages Wiki Activity

added code that blocked XSS scripting

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@10132 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
devjin 2012-02-16 09:10:31 +00:00
parent 20b23b2487
commit efe463161e
2 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
modules/layout/layout.admin.controller.php
View file

@ -249,7 +249,8 @@
return new Object(-1, 'msg_invalid_request');
}
$code = preg_replace('/<\?.*(\?>)?/sm', '', $code);
$code = preg_replace('/<\?.*(\?>)?/Usm', '', $code);
$code = preg_replace('/<script[\s]*language[\s]*=("|\')php("|\')[\s]*>.*<\/script>/Usm', '', $code);
$oLayoutModel = &getModel('layout');
$layout_file = $oLayoutModel->getUserLayoutHtml($layout_srl);

4
modules/layout/layout.view.php
View file

@ -40,6 +40,10 @@
$layout_srl = Context::get('layout_srl');
$code = Context::get('code');
$code = preg_replace('/<\?.*(\?>)?/Usm', '', $code);
$code = preg_replace('/<script[\s]*language[\s]*=("|\')php("|\')[\s]*>.*<\/script>/Usm', '', $code);
$code_css = Context::get('code_css');
if(!$layout_srl || !$code) return new Object(-1, 'msg_invalid_request');
// Get the layout information