$url 파라미터에 HTML Entity Number 형식으로 값이 넘어오는 경우의 XSS 취약점 해결 (woonge님,220415)

2022-04-15 10:00:13 +09:00
parent 258f94e597
commit 2457055514
1 changed files with 6 additions and 7 deletions
--- a/bbs/member_confirm.php
+++ b/bbs/member_confirm.php
@ -4,15 +4,14 @@ include_once('./_common.php');
 if ($is_guest)
    alert('로그인 한 회원만 접근하실 수 있습니다.', G5_BBS_URL.'/login.php');

-/*
-if ($url)
-    $urlencode = urlencode($url);
-else
-    $urlencode = urlencode($_SERVER[REQUEST_URI]);
-*/
-
 $url = isset($_GET['url']) ? clean_xss_tags($_GET['url']) : '';

+while (1) {
+    $tmp = preg_replace('/&#[^;]+;/', '', $url);
+    if ($tmp == $url) break;
+    $url = $tmp;
+}
+
 //소셜 로그인 한 경우
 if( function_exists('social_member_comfirm_redirect') && (! $url || $url === 'register_form.php' || (function_exists('social_is_edit_page') && social_is_edit_page($url) ) ) ){    
    social_member_comfirm_redirect();