firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2019-0335, 0344 다중 취약점] 수정

Browse Source
This commit is contained in:
thisgun
2019-03-06 18:00:32 +09:00
parent 2c61975b49
commit 4227356108
9 changed files with 48 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
lib/common.lib.php
View File

@ -3488,7 +3488,7 @@ function get_call_func_cache($func, $args=array()){
return $result;
}
// include 하는 경로에 data file 경로가 포함되어 있는지 체크합니다.
// include 하는 경로에 data file 경로나 안전하지 않은 경로가 있는지 체크합니다.
function is_include_path_check($path='', $is_input='')
{
if( $path ){
@ -3499,6 +3499,14 @@ function is_include_path_check($path='', $is_input='')
if( stripos($path, 'rar:') !== false || stripos($path, 'php:') !== false || stripos($path, 'zlib:') !== false || stripos($path, 'bzip2:') !== false || stripos($path, 'zip:') !== false || stripos($path, 'data:') !== false || stripos($path, 'phar:') !== false ){
return false;
}
$replace_path = str_replace('\\', '/', $path);
$slash_count = substr_count(str_replace('\\', '/', $_SERVER['SCRIPT_NAME']), '/');
$peer_count = substr_count($replace_path, '../');
if ( $peer_count && $peer_count > $slash_count ){
return false;
}
try {
// whether $path is unix or not
@ -3536,7 +3544,10 @@ function is_include_path_check($path='', $is_input='')
return false;
}
if( preg_match('/\/data\/(file|editor|qa|cache|member|member_image|session|tmp)\/[A-Za-z0-9_]{1,20}\//i', str_replace('\\', '/', $path)) ){
if( preg_match('/\/data\/(file|editor|qa|cache|member|member_image|session|tmp)\/[A-Za-z0-9_]{1,20}\//i', $replace_path) ){
return false;
}
if( preg_match('/\.\.\//i', $replace_path) && preg_match('/plugin\//i', $replace_path) && preg_match('/okname\//i', $replace_path) ){
return false;
}
}