firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2019-0789, 0821, 0860 취약점 수정

Browse Source
This commit is contained in:
thisgun
2019-05-29 12:01:25 +09:00
parent b1ac49a738
commit 630e39de16
4 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/config_form_update.php
View File

@ -28,7 +28,7 @@ $cf_social_servicelist = !empty($_POST['cf_social_servicelist']) ? implode(',',
$_POST['cf_title'] = strip_tags($_POST['cf_title']);
$check_keys = array('cf_lg_mid', 'cf_lg_mert_key', 'cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key');
$check_keys = array('cf_lg_mid', 'cf_lg_mert_key', 'cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key', 'cf_naver_clientid', 'cf_naver_secret', 'cf_facebook_appid', 'cf_facebook_secret', 'cf_twitter_key', 'cf_twitter_secret', 'cf_google_clientid', 'cf_google_secret', 'cf_googl_shorturl_apikey', 'cf_kakao_rest_key', 'cf_kakao_client_secret', 'cf_kakao_js_apikey', 'cf_payco_clientid', 'cf_payco_secret');
foreach( $check_keys as $key ){
if ( isset($_POST[$key]) && $_POST[$key] ){

2
adm/menu_list.php
View File

@ -76,7 +76,7 @@ $colspan = 7;
<td class="td_category<?php echo $sub_menu_class; ?>">
<input type="hidden" name="code[]" value="<?php echo substr($row['me_code'], 0, 2) ?>">
<label for="me_name_<?php echo $i; ?>" class="sound_only"><?php echo $sub_menu_info; ?> 메뉴<strong class="sound_only"> 필수</strong></label>
<input type="text" name="me_name[]" value="<?php echo $me_name; ?>" id="me_name_<?php echo $i; ?>" required class="required tbl_input full_input">
<input type="text" name="me_name[]" value="<?php echo get_sanitize_input($me_name); ?>" id="me_name_<?php echo $i; ?>" required class="required tbl_input full_input">
</td>
<td>
<label for="me_link_<?php echo $i; ?>" class="sound_only">링크<strong class="sound_only"> 필수</strong></label>

12
adm/menu_list_update.php
View File

@ -21,8 +21,8 @@ for ($i=0; $i<$count; $i++)
{
$_POST = array_map_deep('trim', $_POST);
$code = $_POST['code'][$i];
$me_name = $_POST['me_name'][$i];
$code = strip_tags($_POST['code'][$i]);
$me_name = strip_tags($_POST['me_name'][$i]);
$me_link = (preg_match('/^javascript/i', $_POST['me_link'][$i]) || preg_match('/script:/i', $_POST['me_link'][$i])) ? G5_URL : strip_tags($_POST['me_link'][$i]);
if(!$code || !$me_name || !$me_link)
@ -59,10 +59,10 @@ for ($i=0; $i<$count; $i++)
set me_code = '$me_code',
me_name = '$me_name',
me_link = '$me_link',
me_target = '{$_POST['me_target'][$i]}',
me_order = '{$_POST['me_order'][$i]}',
me_use = '{$_POST['me_use'][$i]}',
me_mobile_use = '{$_POST['me_mobile_use'][$i]}' ";
me_target = '".sql_real_escape_string(strip_tags($_POST['me_target'][$i]))."',
me_order = '".sql_real_escape_string(strip_tags($_POST['me_order'][$i]))."',
me_use = '".sql_real_escape_string(strip_tags($_POST['me_use'][$i]))."',
me_mobile_use = '".sql_real_escape_string(strip_tags($_POST['me_mobile_use'][$i]))."' ";
sql_query($sql);
}

2
plugin/syndi/ping.php
View File

@ -29,7 +29,7 @@ $feed_updated = date('Y-m-d\TH:i:s\+09:00', G5_SERVER_TIME);
$find = array('&amp;', '&nbsp;'); # 찾아서
$replace = array('&', ' '); # 바꾼다
$content = str_replace( $find, $replace, $write['wr_content'] );
$content = str_replace( $find, $replace, html_purifier($write['wr_content']) );
$summary = str_replace( $find, $replace, strip_tags($write['wr_content']) );
Header("Content-type: text/xml");