firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

오픈 리다이렉트 취약점(16-603) 수정

Browse Source
This commit is contained in:
chicpro
2016-09-06 10:06:41 +09:00
parent 9655c53a3b
commit 2457b96f7d
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/common.lib.php
View File

@ -2981,6 +2981,11 @@ function check_url_host($url, $msg='', $return_url=G5_URL)
$p = @parse_url($url);
$host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
if(stripos($url, 'http:') !== false) {
if(!isset($p['scheme']) || !$p['scheme'] || !isset($p['host']) || !$p['host'])
alert('url 정보가 올바르지 않습니다.', $return_url);
}
if ((isset($p['scheme']) && $p['scheme']) || (isset($p['host']) && $p['host'])) {
//if ($p['host'].(isset($p['port']) ? ':'.$p['port'] : '') != $_SERVER['HTTP_HOST']) {
if ($p['host'] != $host) {