KVE-2018-2451, 2452, 2453, 2019-0208 그누보드 다중 취약점 수정

2019-01-28 11:11:49 +09:00
parent 31bf6e94ad
commit 40508b05d0
5 changed files with 15 additions and 6 deletions
--- a/adm/menu_list_update.php
+++ b/adm/menu_list_update.php
@ -23,7 +23,7 @@ for ($i=0; $i<$count; $i++)

    $code    = $_POST['code'][$i];
    $me_name = $_POST['me_name'][$i];
-    $me_link = preg_match('/^javascript/i', $_POST['me_link'][$i]) ? G5_URL : strip_tags($_POST['me_link'][$i]);
+    $me_link = (preg_match('/^javascript/i', $_POST['me_link'][$i]) || preg_match('/script:/i', $_POST['me_link'][$i])) ? G5_URL : strip_tags($_POST['me_link'][$i]);
    
    if(!$code || !$me_name || !$me_link)
        continue;