From 1ba5bb09fc7f3c0971ed371eda168e8b52c1152e Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Mon, 7 Jan 2019 12:09:29 +0900
Subject: [PATCH] =?UTF-8?q?=EB=B3=B4=EC=95=88=EC=9D=84=20=EC=9C=84?=
 =?UTF-8?q?=ED=95=B4=20RAR=20Wrapper=20=EC=B0=A8=EB=8B=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/common.lib.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/common.lib.php b/lib/common.lib.php
index 3ecde78c9..4b2423f2c 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -3489,8 +3489,10 @@ function is_include_path_check($path='', $is_input='')
 {
     if( $path ){
         if ($is_input){
+            // 장태진 @jtjisgod <jtjisgod@gmail.com> 추가
+            // 보안 목적 : rar wrapper 차단
 
-            if( stripos($path, 'php:') !== false || stripos($path, 'zlib:') !== false || stripos($path, 'bzip2:') !== false || stripos($path, 'zip:') !== false || stripos($path, 'data:') !== false || stripos($path, 'phar:') !== false ){
+            if( stripos($path, 'rar:') !== false || stripos($path, 'php:') !== false || stripos($path, 'zlib:') !== false || stripos($path, 'bzip2:') !== false || stripos($path, 'zip:') !== false || stripos($path, 'data:') !== false || stripos($path, 'phar:') !== false ){
                 return false;
             }