From 38e732e71e008924ffc6235435fc456c58a9dd45 Mon Sep 17 00:00:00 2001
From: kagla <kagla@naver.com>
Date: Wed, 6 Apr 2022 14:08:20 +0900
Subject: [PATCH] =?UTF-8?q?KVE-2021-1277=20Open=20Redirect=20=EC=B7=A8?=
 =?UTF-8?q?=EC=95=BD=EC=A0=90=20=ED=95=B4=EA=B2=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/common.lib.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/common.lib.php b/lib/common.lib.php
index b8315e2ca..6a6a6980f 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -3337,6 +3337,11 @@ function check_url_host($url, $msg='', $return_url=G5_URL, $is_redirect=false)
     if(!$msg)
         $msg = 'url에 타 도메인을 지정할 수 없습니다.';
 
+    // KVE-2021-1277 Open Redirect 취약점 해결
+    if (preg_match('#\\\0#', $url)) {
+        alert('url 에 올바르지 않은 값이 포함되어 있습니다.');
+    }
+
     $url = urldecode($url);
     $p = @parse_url(trim($url));
     $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);