관리자 페이지 원격 명령 실행 취약점 수정

2024-02-14 19:09:20 +09:00
parent 8d912e3511
commit 248cb2b173
7 changed files with 14 additions and 10 deletions
--- a/adm/shop_admin/itemeventformupdate.php
+++ b/adm/shop_admin/itemeventformupdate.php
@ -41,8 +41,8 @@ if ($ev_mimg_del)  @unlink(G5_DATA_PATH."/event/{$ev_id}_m");
 if ($ev_himg_del)  @unlink(G5_DATA_PATH."/event/{$ev_id}_h");
 if ($ev_timg_del)  @unlink(G5_DATA_PATH."/event/{$ev_id}_t");

-$ev_skin = preg_replace('#\.+(\/|\\\)#', '', $ev_skin);
-$ev_mobile_skin = preg_replace('#\.+(\/|\\\)#', '', $ev_mobile_skin);
+$ev_skin = preg_replace(array('#\.+(\/|\\\)#', '#[\'\"]#'), array('', ''), $ev_skin);
+$ev_mobile_skin = preg_replace(array('#\.+(\/|\\\)#', '#[\'\"]#'), array('', ''), $ev_mobile_skin);

 $skin_regex_patten = "^list.[0-9]+\.skin\.php";