From 468bc6eb1c40b12425322f65a97c5320ec772497 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Mon, 27 Apr 2020 15:45:21 +0900
Subject: [PATCH] =?UTF-8?q?[KVE-2020-0273]Cross=20Site=20Scripting(XSS)=20?=
 =?UTF-8?q?=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/admin.lib.php    | 4 ++--
 adm/theme_detail.php | 2 +-
 adm/visit_search.php | 5 +++++
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/adm/admin.lib.php b/adm/admin.lib.php
index daf6383c7..7f0d6f63e 100644
--- a/adm/admin.lib.php
+++ b/adm/admin.lib.php
@@ -477,8 +477,8 @@ function admin_check_xss_params($params){
 
         if( is_array($value) ){
             admin_check_xss_params($value);
-        } else if ( (preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/[onload|onerror]=.*/ius', $value))) || preg_match('/^(?=.*get_ajax_token\()(?=.*xmlhttprequest\()(?=.*send\().*$/im', $value) ){
-            alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.');
+        } else if ( (preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/[onload|onerror]=.*/ius', $value))) || preg_match('/^(?=.*token\()(?=.*xmlhttprequest\()(?=.*send\().*$/im', $value) || (preg_match('/[onload|onerror]=.*/ius', $value) && preg_match('/(eval|expression|exec|prompt)(\s*)\((.*)\)/ius', $value)) ){
+            alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.', G5_URL);
             die();
         }
     }
diff --git a/adm/theme_detail.php b/adm/theme_detail.php
index a0018f707..616e72749 100644
--- a/adm/theme_detail.php
+++ b/adm/theme_detail.php
@@ -12,13 +12,13 @@ if(!in_array($theme, $theme_dir))
     die('선택하신 테마가 설치되어 있지 않습니다.');
 
 $info = get_theme_info($theme);
+$name = get_text($info['theme_name']);
 
 if($info['screenshot'])
     $screenshot = '<img src="'.$info['screenshot'].'" alt="'.$name.'">';
 else
     $screenshot = '<img src="'.G5_ADMIN_URL.'/img/theme_img.jpg" alt="">';
 
-$name = get_text($info['theme_name']);
 if($info['theme_uri']) {
     $name = '<a href="'.set_http($info['theme_uri']).'" target="_blank" class="thdt_home">'.$name.'</a>';
 }
diff --git a/adm/visit_search.php b/adm/visit_search.php
index e29a0e382..524f2026f 100644
--- a/adm/visit_search.php
+++ b/adm/visit_search.php
@@ -11,6 +11,11 @@ include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php');
 
 $colspan = 6;
 $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'">처음</a>'; //페이지 처음으로 (초기화용도)
+$sql_search = '';
+
+if(isset($sfl) && $sfl && !in_array($sfl, array('vi_ip','vi_date','vi_time','vi_referer','vi_agent','vi_browser','vi_os','vi_device')) ) {
+    $sfl = '';
+}
 ?>
 
 <div class="local_sch local_sch01">