KVE-2019-0001, 0002, 0042, 0050 그누보드 다중 취약점 수정

2019-01-28 10:07:29 +09:00
parent f1a69ff7a4
commit 31bf6e94ad
5 changed files with 13 additions and 11 deletions
--- a/adm/sms_admin/_common.php
+++ b/adm/sms_admin/_common.php
@ -13,6 +13,7 @@ if (!strstr($_SERVER['SCRIPT_NAME'], 'install.php')) {
 }

 $sv = isset($_REQUEST['sv']) ? get_search_string($_REQUEST['sv']) : '';
+$st = (isset($_REQUEST['st']) && $st) ? substr(get_search_string($_REQUEST['st']), 0, 12) : '';

 if( isset($token) ){
    $token = @htmlspecialchars(strip_tags($token), ENT_QUOTES);
--- a/adm/sms_admin/form_group_update.php
+++ b/adm/sms_admin/form_group_update.php
@ -11,8 +11,8 @@ if ($w == 'u') // 업데이트
        // 실제 번호를 넘김
        $k = $_POST['chk'][$i];
        $fg_no = (int) $_POST['fg_no'][$k];
-        $fg_name = strip_tags($_POST['fg_name'][$k]);
-        $fg_member = strip_tags($_POST['fg_member'][$k]);
+        $fg_name = isset($_POST['fg_name'][$k]) ? addslashes(strip_tags($_POST['fg_name'][$k])) : '';
+        $fg_member = isset($_POST['fg_member'][$k]) ? addslashes(strip_tags($_POST['fg_member'][$k])) : '';

        if (!is_numeric($fg_no))
            alert('그룹 고유번호가 없습니다.');
@ -83,7 +83,7 @@ else // 등록
    if (!strlen(trim($fg_name)))
        alert('그룹명을 입력해주세요');

-    $fg_name = strip_tags($fg_name);
+    $fg_name = addslashes(strip_tags($fg_name));

    $res = sql_fetch("select fg_name from {$g5['sms5_form_group_table']} where fg_name = '$fg_name'");
    if ($res)
--- a/adm/sms_admin/history_num.php
+++ b/adm/sms_admin/history_num.php
@ -11,15 +11,15 @@ $g5['title'] = "문자전송 내역 (번호별)";

 if ($page < 1) $page = 1;

+if( isset($st) && !in_array($st, array('hs_name', 'hs_hp', 'bk_no')) ){
+    $st = '';
+}
+
 if ($st && trim($sv))
    $sql_search = " and $st like '%$sv%' ";
 else
    $sql_search = "";

-if( isset($st) && !in_array($st, array('hs_name', 'hs_hp', 'bk_no')) ){
-    $st = '';
-}
-
 $total_res = sql_fetch("select count(*) as cnt from {$g5['sms5_history_table']} where 1 $sql_search");
 $total_count = $total_res['cnt'];

--- a/adm/sms_admin/num_book_update.php
+++ b/adm/sms_admin/num_book_update.php
@ -12,6 +12,9 @@ $is_hp_exist = false;

 $bk_hp = get_hp($bk_hp);

+$bk_memo = strip_tags($bk_memo);
+$bk_name = strip_tags($bk_name);
+
 if ($w=='u') // 업데이트
 {
    if (!$bg_no) $bg_no = 0;
@ -21,8 +24,6 @@ if ($w=='u') // 업데이트
    if (!strlen(trim($bk_name)))
        alert('이름을 입력해주세요');

-    $bk_name = strip_tags($bk_name);
-
    if ($bk_hp == '')
        alert('휴대폰번호만 입력 가능합니다.');
 /*
@ -48,7 +49,7 @@ if ($w=='u') // 업데이트
            sql_query("update {$g5['sms5_book_group_table']} set bg_receipt = bg_receipt - 1, bg_reject = bg_reject + 1 where bg_no='$bg_no'");
    }

-    sql_query("update {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='$bk_name', bk_hp='$bk_hp', bk_receipt='$bk_receipt', bk_datetime='".G5_TIME_YMDHIS."', bk_memo='".addslashes($bk_memo)."' where bk_no='$bk_no'");
+    sql_query("update {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='".addslashes($bk_name)."', bk_hp='$bk_hp', bk_receipt='$bk_receipt', bk_datetime='".G5_TIME_YMDHIS."', bk_memo='".addslashes($bk_memo)."' where bk_no='$bk_no'");
    if ($res['mb_id']){ //만약에 mb_id가 있다면...
        // 휴대폰번호 중복체크
        $sql = " select mb_id from {$g5['member_table']} where mb_id <> '{$res['mb_id']}' and mb_hp = '{$bk_hp}' ";
--- a/adm/sms_admin/num_book_write.php
+++ b/adm/sms_admin/num_book_write.php
@ -121,7 +121,7 @@ include_once(G5_ADMIN_PATH."/admin.head.php");
    <tr>
        <th scope="row"><label for="bk_memo">메모</label></th>
        <td>
-            <textarea name="bk_memo" id="bk_memo"><?php echo $write['bk_memo']?></textarea>
+            <textarea name="bk_memo" id="bk_memo"><?php echo html_purifier($write['bk_memo']); ?></textarea>
        </td>
    </tr>
    </tbody>