firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

댓글 wr_name 이용한 XSS 보안 취약점 수정

Browse Source
This commit is contained in:
chicpro
2014-07-30 18:05:52 +09:00
parent d5e6a07dda
commit 0742c5f81b
6 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
common.php
View File

@ -35,7 +35,10 @@ function g5_path()
$port = $_SERVER['SERVER_PORT'] != 80 ? ':'.$_SERVER['SERVER_PORT'] : '';
$http = 'http' . ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') ? 's' : '') . '://';
$user = str_replace(str_replace($document_root, '', $_SERVER['SCRIPT_FILENAME']), '', $_SERVER['SCRIPT_NAME']);
$result['url'] = $http.(isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME']).$port.$user.$root;
$host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME'];
if(isset($_SERVER['HTTP_HOST']) && preg_match('/:[0-9]+$/', $host))
$host = preg_replace('/:[0-9]+$/', '', $host);
$result['url'] = $http.$host.$port.$user.$root;
return $result;
}