firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

그누보드 원격 취약점 17-259 수정

Browse Source
This commit is contained in:
thisgun
2017-06-13 15:20:28 +09:00
parent e4c9bf5ba4
commit 617dfbf0e2
3 changed files with 46 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
adm/_common.php
View File

@ -2,4 +2,8 @@
define('G5_IS_ADMIN', true); define('G5_IS_ADMIN', true);
include_once ('../common.php'); include_once ('../common.php');
include_once(G5_ADMIN_PATH.'/admin.lib.php'); include_once(G5_ADMIN_PATH.'/admin.lib.php');
if( isset($token) ){
$token = @htmlspecialchars(strip_tags($token), ENT_QUOTES);
}
?> ?>

4
adm/sms_admin/_common.php
View File

@ -14,5 +14,9 @@ if (!strstr($_SERVER['SCRIPT_NAME'], 'install.php')) {
$sv = isset($_REQUEST['sv']) ? get_search_string($_REQUEST['sv']) : ''; $sv = isset($_REQUEST['sv']) ? get_search_string($_REQUEST['sv']) : '';
if( isset($token) ){
$token = @htmlspecialchars(strip_tags($token), ENT_QUOTES);
}
add_stylesheet('<link rel="stylesheet" href="'.G5_SMS5_ADMIN_URL.'/css/sms5.css">', 0); add_stylesheet('<link rel="stylesheet" href="'.G5_SMS5_ADMIN_URL.'/css/sms5.css">', 0);
?> ?>

38
lib/common.lib.php
View File

@ -3284,6 +3284,44 @@ function get_call_func_cache($func, $args=array()){
// include 하는 경로에 data file 경로가 포함되어 있는지 체크합니다. // include 하는 경로에 data file 경로가 포함되어 있는지 체크합니다.
function is_include_path_check($path='') function is_include_path_check($path='')
{ {
if( $path ){
try {
// whether $path is unix or not
$unipath = strlen($path)==0 || $path{0}!='/';
$unc = substr($path,0,2)=='\\\\'?true:false;
// attempts to detect if path is relative in which case, add cwd
if(strpos($path,':') === false && $unipath && !$unc){
$path=getcwd().DIRECTORY_SEPARATOR.$path;
if($path{0}=='/'){
$unipath = false;
}
}
// resolve path parts (single dot, double dot and double delimiters)
$path = str_replace(array('/', '\\'), DIRECTORY_SEPARATOR, $path);
$parts = array_filter(explode(DIRECTORY_SEPARATOR, $path), 'strlen');
$absolutes = array();
foreach ($parts as $part) {
if ('.' == $part){
continue;
}
if ('..' == $part) {
array_pop($absolutes);
} else {
$absolutes[] = $part;
}
}
$path = implode(DIRECTORY_SEPARATOR, $absolutes);
// resolve any symlinks
// put initial separator that could have been lost
$path = !$unipath ? '/'.$path : $path;
$path = $unc ? '\\\\'.$path : $path;
} catch (Exception $e) {
//echo 'Caught exception: ', $e->getMessage(), "\n";
return false;
}
}
if( !$path || preg_match('/\/data\/(file|editor)\/[A-Za-z0-9_]{1,20}\//', $path) ){ if( !$path || preg_match('/\/data\/(file|editor)\/[A-Za-z0-9_]{1,20}\//', $path) ){
return false; return false;
} }