보안을 위해 RAR Wrapper 차단

2019-01-07 12:09:29 +09:00
parent 953e301096
commit 1ba5bb09fc
1 changed files with 3 additions and 1 deletions
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@ -3489,8 +3489,10 @@ function is_include_path_check($path='', $is_input='')
 {
    if( $path ){
        if ($is_input){
+            // 장태진 @jtjisgod <jtjisgod@gmail.com> 추가
+            // 보안 목적 : rar wrapper 차단

-            if( stripos($path, 'php:') !== false || stripos($path, 'zlib:') !== false || stripos($path, 'bzip2:') !== false || stripos($path, 'zip:') !== false || stripos($path, 'data:') !== false || stripos($path, 'phar:') !== false ){
+            if( stripos($path, 'rar:') !== false || stripos($path, 'php:') !== false || stripos($path, 'zlib:') !== false || stripos($path, 'bzip2:') !== false || stripos($path, 'zip:') !== false || stripos($path, 'data:') !== false || stripos($path, 'phar:') !== false ){
                return false;
            }