From 3ee5fa6d86b32694e47ecd26ab9fe503d7dfbb61 Mon Sep 17 00:00:00 2001 From: chicpro Date: Mon, 23 Mar 2015 09:00:46 +0900 Subject: [PATCH] =?UTF-8?q?union=EC=9D=B4=20=ED=8F=AC=ED=95=A8=EB=90=9C=20?= =?UTF-8?q?=EC=BF=BC=EB=A6=AC=20=EC=82=AC=EC=9A=A9=ED=95=A0=20=EC=88=98=20?= =?UTF-8?q?=EC=9E=88=EB=8F=84=EB=A1=9D=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/common.lib.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/common.lib.php b/lib/common.lib.php index 8b8b0a7a1..0a1e14889 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -1448,7 +1448,8 @@ function sql_query($sql, $error=G5_DISPLAY_SQL_ERROR) // Blind SQL Injection 취약점 해결 $sql = trim($sql); // union의 사용을 허락하지 않습니다. - $sql = preg_replace("#^select.*from.*union.*#i", "select 1", $sql); + //$sql = preg_replace("#^select.*from.*union.*#i", "select 1", $sql); + $sql = preg_replace("#^select.*from.*[\s\(]+union[\s\)]+.*#i ", "select 1", $sql); // `information_schema` DB로의 접근을 허락하지 않습니다. $sql = preg_replace("#^select.*from.*where.*`?information_schema`?.*#i", "select 1", $sql);