From 5ab91fa0abe52b2b09b352d8e393f1188d4e6b79 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 27 Dec 2017 09:45:22 +0900
Subject: [PATCH] =?UTF-8?q?Open=20Redirect=20=EC=B7=A8=EC=95=BD=EC=A0=90?=
 =?UTF-8?q?=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/logout.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/bbs/logout.php b/bbs/logout.php
index 4d071e428..d2083b11f 100644
--- a/bbs/logout.php
+++ b/bbs/logout.php
@@ -15,8 +15,12 @@ if ($url) {
         $url = 'http:' . $url;
 
     $p = @parse_url(urldecode($url));
-    if ($p['scheme'] || $p['host']) {
-        alert('url에 도메인을 지정할 수 없습니다.');
+    /*
+        // OpenRediect 취약점관련, PHP 5.3 이하버전에서는 parse_url 버그가 있음 ( Safflower 님 제보 ) 아래 url 예제
+        // http://localhost/bbs/logout.php?url=http://sir.kr%23@/
+    */
+    if (preg_match('/^https?:\/\//i', $url) || $p['scheme'] || $p['host']) {
+        alert('url에 도메인을 지정할 수 없습니다.', G5_URL);
     }
 
     $link = $url;