fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-02 01:52:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

Fix RVE-2026-1 arbitrary file association by extra var

Browse source
This commit is contained in:
Kijin Sung 2026-02-16 21:56:44 +09:00
parent c5d453a2df
commit f131a616eb
5 changed files with 44 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/document/document.model.php
View file

@ -111,6 +111,7 @@ class DocumentModel extends Document
foreach($GLOBALS['XE_EXTRA_KEYS'][$module_srl] as $idx => $key)
{
$document_extra_vars[$idx] = clone($key);
$document_extra_vars[$idx]->parent_srl = $document_srl;
// set variable value in user language
if(isset($document_extra_values[$idx][$user_lang_code]))