From 08357532991ae00d746123e1f4da01cf3bacf2d6 Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@sir.co.kr>
Date: Mon, 18 May 2015 17:29:01 +0900
Subject: [PATCH 1/2] =?UTF-8?q?=EC=95=88=EC=A0=84=ED=95=98=EC=A7=80=20?=
 =?UTF-8?q?=EC=95=8A=EB=8A=94=20=EC=82=AC=EC=9D=B4=ED=8A=B8=20=EB=A6=AC?=
 =?UTF-8?q?=EB=8B=A4=EC=9D=B4=EB=A0=89=EC=85=98=20=EC=B7=A8=EC=95=BD?=
 =?UTF-8?q?=EC=A0=90=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/alert.php       |  3 +++
 bbs/confirm.php     |  5 +++++
 bbs/login.php       |  8 ++------
 bbs/login_check.php |  3 +++
 lib/common.lib.php  | 21 +++++++++++++++++++++
 5 files changed, 34 insertions(+), 6 deletions(-)

diff --git a/bbs/alert.php b/bbs/alert.php
index c56f8d735..d64b6f2fd 100644
--- a/bbs/alert.php
+++ b/bbs/alert.php
@@ -32,6 +32,9 @@ $msg2 = str_replace("\\n", "<br>", $msg);
 
 if (!$url) $url = $_SERVER['HTTP_REFERER'];
 
+// url 체크
+check_url_host($url);
+
 if($error) {
     $header2 = "다음 항목에 오류가 있습니다.";
 } else {
diff --git a/bbs/confirm.php b/bbs/confirm.php
index cba013226..76e9c7652 100644
--- a/bbs/confirm.php
+++ b/bbs/confirm.php
@@ -1,6 +1,11 @@
 <?php
 include_once('./_common.php');
 include_once(G5_PATH.'/head.sub.php');
+
+// url 체크
+check_url_host($url1);
+check_url_host($url2);
+check_url_host($url3);
 ?>
 
 <script>
diff --git a/bbs/login.php b/bbs/login.php
index 738ee1156..a9e343239 100644
--- a/bbs/login.php
+++ b/bbs/login.php
@@ -6,12 +6,8 @@ include_once('./_head.sub.php');
 
 $url = $_GET['url'];
 
-$p = parse_url($url);
-if ((isset($p['scheme']) && $p['scheme']) || (isset($p['host']) && $p['host'])) {
-    //print_r2($p);
-    if ($p['host'].(isset($p['port']) ? ':'.$p['port'] : '') != $_SERVER['HTTP_HOST'])
-        alert('url에 타 도메인을 지정할 수 없습니다.');
-}
+// url 체크
+check_url_host($url);
 
 // 이미 로그인 중이라면
 if ($is_member) {
diff --git a/bbs/login_check.php b/bbs/login_check.php
index 54e4f1247..fd83a67bb 100644
--- a/bbs/login_check.php
+++ b/bbs/login_check.php
@@ -65,6 +65,9 @@ if ($auto_login) {
 }
 
 if ($url) {
+    // url 체크
+    check_url_host($url);
+
     $link = urldecode($url);
     // 2003-06-14 추가 (다른 변수들을 넘겨주기 위함)
     if (preg_match("/\?/", $link))
diff --git a/lib/common.lib.php b/lib/common.lib.php
index 483b50ba5..9e1a10b21 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -2844,4 +2844,25 @@ function check_password($pass, $hash)
 
     return ($password === $hash);
 }
+
+// 동일한 host url 인지
+function check_url_host($url, $msg='', $return_url=G5_URL)
+{
+    if(!$msg)
+        $msg = 'url에 타 도메인을 지정할 수 없습니다.';
+
+    $p = parse_url($url);
+    if ((isset($p['scheme']) && $p['scheme']) || (isset($p['host']) && $p['host'])) {
+        if ($p['host'].(isset($p['port']) ? ':'.$p['port'] : '') != $_SERVER['HTTP_HOST']) {
+            echo '<script>'.PHP_EOL;
+            echo 'alert("url에 타 도메인을 지정할 수 없습니다.");'.PHP_EOL;
+            echo 'document.location.href = "'.$return_url.'";'.PHP_EOL;
+            echo '</script>'.PHP_EOL;
+            echo '<noscript>'.PHP_EOL;
+            echo '<p>'.$msg.'</p>'.PHP_EOL;
+            echo '</noscript>'.PHP_EOL;
+            exit;
+        }
+    }
+}
 ?>
\ No newline at end of file

From 53e921dc7f09830a15d4e7f82aa0e009b5dab248 Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@sir.co.kr>
Date: Mon, 18 May 2015 17:31:22 +0900
Subject: [PATCH 2/2] =?UTF-8?q?check=5Furl=5Fhost=20=ED=95=A8=EC=88=98=20?=
 =?UTF-8?q?=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/common.lib.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/common.lib.php b/lib/common.lib.php
index 9e1a10b21..e652637cb 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -2860,6 +2860,7 @@ function check_url_host($url, $msg='', $return_url=G5_URL)
             echo '</script>'.PHP_EOL;
             echo '<noscript>'.PHP_EOL;
             echo '<p>'.$msg.'</p>'.PHP_EOL;
+            echo '<p><a href="'.$return_url.'">돌아가기</a></p>'.PHP_EOL;
             echo '</noscript>'.PHP_EOL;
             exit;
         }