그누보드 원격 취약점 17-259 수정
This commit is contained in:
thisgun
@ -3284,6 +3284,44 @@ function get_call_func_cache($func, $args=array()){
|
||||
// include 하는 경로에 data file 경로가 포함되어 있는지 체크합니다.
|
||||
function is_include_path_check($path='')
|
||||
{
|
||||
if( $path ){
|
||||
try {
|
||||
// whether $path is unix or not
|
||||
$unipath = strlen($path)==0 || $path{0}!='/';
|
||||
$unc = substr($path,0,2)=='\\\\'?true:false;
|
||||
// attempts to detect if path is relative in which case, add cwd
|
||||
if(strpos($path,':') === false && $unipath && !$unc){
|
||||
$path=getcwd().DIRECTORY_SEPARATOR.$path;
|
||||
if($path{0}=='/'){
|
||||
$unipath = false;
|
||||
}
|
||||
}
|
||||
|
||||
// resolve path parts (single dot, double dot and double delimiters)
|
||||
$path = str_replace(array('/', '\\'), DIRECTORY_SEPARATOR, $path);
|
||||
$parts = array_filter(explode(DIRECTORY_SEPARATOR, $path), 'strlen');
|
||||
$absolutes = array();
|
||||
foreach ($parts as $part) {
|
||||
if ('.' == $part){
|
||||
continue;
|
||||
}
|
||||
if ('..' == $part) {
|
||||
array_pop($absolutes);
|
||||
} else {
|
||||
$absolutes[] = $part;
|
||||
}
|
||||
}
|
||||
$path = implode(DIRECTORY_SEPARATOR, $absolutes);
|
||||
// resolve any symlinks
|
||||
// put initial separator that could have been lost
|
||||
$path = !$unipath ? '/'.$path : $path;
|
||||
$path = $unc ? '\\\\'.$path : $path;
|
||||
} catch (Exception $e) {
|
||||
//echo 'Caught exception: ', $e->getMessage(), "\n";
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
if( !$path || preg_match('/\/data\/(file|editor)\/[A-Za-z0-9_]{1,20}\//', $path) ){
|
||||
return false;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user