fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOR-282 Cleaned up more issues with XSS.

Browse Source
This commit is contained in:
Chloe Deguzman
2016-03-03 13:23:23 +00:00
parent 3bf9e110db
commit 67812cc2f3
3 changed files with 17 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
workflow/engine/skinEngine/base/error404.php
View File

@@ -13,17 +13,29 @@ if (isset($_GET["url"]) && $_GET["url"] != "") {
$sysSys = "";
$sysLang = "";
$sysSkin = "";
if (isset($url[1]) && preg_match("/^sys(.+)$/", $url[1], $match)) {
$sysSys = $match[1];
}
// Check if sys path exists
$checkDir = PATH_DATA."sites/".$sysSys;
if(!is_dir($checkDir)) {
$sysSys = '';
}
}
if (isset($url[2])) {
$sysLang = $url[2];
}
if (isset($url[3])) {
$sysSkin = $url[3];
// Check if sys path exists
$checkDir = PATH_SKIN_ENGINE.$sysSkin;
if(!is_dir($checkDir)) {
$sysSkin = '';
}
}
if ($sysSys != "" && $sysLang != "" && $sysSkin != "") {