[KVE-2020-0200,0202]그누보드,영카트 다중취약점 수정

2020-04-23 17:33:23 +09:00
parent 1dc7e5640d
commit 4c41828e73
6 changed files with 31 additions and 6 deletions
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@ -3070,6 +3070,22 @@ function clean_xss_attributes($str)
    return $str;
 }

+function clean_relative_paths($path){
+    $path_len = strlen($path);
+    
+    $i = 0;
+    while($i <= $path_len){
+        $result = str_replace('../', '', str_replace('\\', '/', $path));
+
+        if((string)$result === (string)$path) break;
+
+        $path = $result;
+        $i++;
+    }
+
+    return $path;
+}
+
 // unescape nl 얻기
 function conv_unescape_nl($str)
 {