From d090ffd65b605cbcaff1d13cc293309e259b7e43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BA=B7=E7=9B=9BDiscuz!?= Date: Mon, 9 Jan 2017 15:00:54 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=20XSS=E6=BC=8F=E6=B4=9E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- upload/static/image/admincp/getcolor.htm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/upload/static/image/admincp/getcolor.htm b/upload/static/image/admincp/getcolor.htm index 21e67f0..f1deb0f 100644 --- a/upload/static/image/admincp/getcolor.htm +++ b/upload/static/image/admincp/getcolor.htm @@ -34,7 +34,9 @@ function setvalue(obj) { if(varnamev) { parent.$(varnamev).value = setv; } - if(fun) eval('parent.'+fun+'("'+setv+'")'); + if(fun && (fun == 'sethtml_color' || fun == 'spaceDiy.setBgColor' || fun == 'spaceDiy.setTextColor' || fun == 'spaceDiy.setLinkColor')) { + eval('parent.'+fun+'("'+setv+'")'); + } } function v(v) {