firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2018-2451, 2452, 2453, 2019-0208 그누보드 다중 취약점 수정

Browse Source
This commit is contained in:
thisgun
2019-01-28 11:11:49 +09:00
parent 31bf6e94ad
commit 40508b05d0
5 changed files with 15 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
adm/config_form_update.php
View File

@ -28,6 +28,14 @@ $cf_social_servicelist = !empty($_POST['cf_social_servicelist']) ? implode(',',
$_POST['cf_title'] = strip_tags($_POST['cf_title']);
$check_keys = array('cf_lg_mid', 'cf_lg_mert_key', 'cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key');
foreach( $check_keys as $key ){
if ( isset($_POST[$key]) && $_POST[$key] ){
$_POST[$key] = preg_replace('/[^a-z0-9_\-]/i', '', $_POST[$key]);
}
}
$sql = " update {$g5['config_table']}
set cf_title = '{$_POST['cf_title']}',
cf_admin = '{$_POST['cf_admin']}',

2
adm/menu_list_update.php
View File

@ -23,7 +23,7 @@ for ($i=0; $i<$count; $i++)
$code = $_POST['code'][$i];
$me_name = $_POST['me_name'][$i];
$me_link = preg_match('/^javascript/i', $_POST['me_link'][$i]) ? G5_URL : strip_tags($_POST['me_link'][$i]);
$me_link = (preg_match('/^javascript/i', $_POST['me_link'][$i]) || preg_match('/script:/i', $_POST['me_link'][$i])) ? G5_URL : strip_tags($_POST['me_link'][$i]);
if(!$code || !$me_name || !$me_link)
continue;

2
adm/sms_admin/emoticon_move.php
View File

@ -12,7 +12,7 @@ $g5['title'] = '이모티콘그룹 이동';
include_once(G5_PATH.'/head.sub.php');
$list = array(); //배열 변수 초기화
$fo_no_list = isset($_POST['fo_no']) ? implode(',', $_POST['fo_no']) : '';
$fo_no_list = isset($_POST['fo_no']) ? clean_xss_tags(strip_tags(implode(',', $_POST['fo_no']))) : '';
$sql = " select * from {$g5['sms5_form_group_table']} order by fg_no ";
$result = sql_query($sql);

5
lib/common.lib.php
View File

@ -288,6 +288,7 @@ function get_file($bo_table, $wr_id)
while ($row = sql_fetch_array($result))
{
$no = $row['bf_no'];
$bf_content = $row['bf_content'] ? html_purifier($row['bf_content']) : '';
$file[$no]['href'] = G5_BBS_URL."/download.php?bo_table=$bo_table&amp;wr_id=$wr_id&amp;no=$no" . $qstr;
$file[$no]['download'] = $row['bf_download'];
// 4.00.11 - 파일 path 추가
@ -295,8 +296,8 @@ function get_file($bo_table, $wr_id)
$file[$no]['size'] = get_filesize($row['bf_filesize']);
$file[$no]['datetime'] = $row['bf_datetime'];
$file[$no]['source'] = addslashes($row['bf_source']);
$file[$no]['bf_content'] = $row['bf_content'];
$file[$no]['content'] = get_text($row['bf_content']);
$file[$no]['bf_content'] = $bf_content;
$file[$no]['content'] = get_text($bf_content);
//$file[$no]['view'] = view_file_link($row['bf_file'], $file[$no]['content']);
$file[$no]['view'] = view_file_link($row['bf_file'], $row['bf_width'], $row['bf_height'], $file[$no]['content']);
$file[$no]['file'] = $row['bf_file'];

4
plugin/lgxpay/AuthOnlyReq.php
View File

@ -165,8 +165,8 @@ $_SESSION['lgd_certify'] = $payReqMap;
<input type="hidden" name="LGD_ENCODING" value="UTF-8"/>
<?php
foreach ($payReqMap as $key => $value) {
$key = htmlspecialchars(strip_tags($key));
$value = htmlspecialchars(strip_tags($value));
$key = htmlspecialchars(strip_tags($key), ENT_QUOTES);
$value = htmlspecialchars(strip_tags($value), ENT_QUOTES);
echo "<input type='hidden' name='$key' id='$key' value='$value'/>".PHP_EOL;
}
?>