From 9c0123ae662d0ef82ece5d5caa647bfd4d9a71dc Mon Sep 17 00:00:00 2001
From: dewekk <60457472+dewekk@users.noreply.github.com>
Date: Thu, 24 Mar 2022 18:05:01 +0900
Subject: [PATCH] =?UTF-8?q?=EC=9C=84=EC=A0=AF=20=ED=8E=98=EC=9D=B4?=
 =?UTF-8?q?=EC=A7=80=EC=97=90=EC=84=9C=20=EA=B4=84=ED=98=B8=20=EB=93=B1=20?=
 =?UTF-8?q?GET/POST=20=EB=B6=88=EA=B0=80=20=EB=AC=B8=EC=A0=9C=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

RVE-2022-2 보안 패치가 외부페이지 뿐만 아니라 위젯 페이지에도 적용되어
위젯으로 구현된 검색, 입력폼 등에서 일반적인 괄호를 못 쓰는 문제를 수정합니다.
---
 modules/page/page.view.php | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/modules/page/page.view.php b/modules/page/page.view.php
index f79a1638a..dd2db8a96 100644
--- a/modules/page/page.view.php
+++ b/modules/page/page.view.php
@@ -67,15 +67,6 @@ class pageView extends page
 		{
 			Context::set('module_srl', $this->module_srl);
 		}
-		
-		// Kick out anyone who tries to exploit RVE-2022-2.
-		foreach (Context::getRequestVars() as $key => $val)
-		{
-			if (preg_match('/[\{\}\(\)<>\$\'"]/', $key) || preg_match('/[\{\}\(\)<>\$\'"]/', $val))
-			{
-				throw new Rhymix\Framework\Exceptions\SecurityViolation();
-			}
-		}
 
 		// Get page content according to page type.
 		$page_type_name = strtolower($this->module_info->page_type);
@@ -167,6 +158,15 @@ class pageView extends page
 			return;
 		}
 		
+		// Kick out anyone who tries to exploit RVE-2022-2.
+		foreach (Context::getRequestVars() as $key => $val)
+		{
+			if (preg_match('/[\{\}\(\)<>\$\'"]/', $key) || preg_match('/[\{\}\(\)<>\$\'"]/', $val))
+			{
+				throw new Rhymix\Framework\Exceptions\SecurityViolation();
+			}
+		}
+		
 		// External URL
 		if (preg_match('!^[a-z]+://!i', $this->path))
 		{