firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

그누보드 SQL Injection 취약점 (18-0075) 수정

Browse Source
This commit is contained in:
thisgun
2018-03-16 16:39:07 +09:00
parent 108651c46d
commit 6c867f02b4
5 changed files with 22 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bbs/delete.php
View File

@ -80,7 +80,7 @@ while ($row = sql_fetch_array($result))
$sql2 = " select * from {$g5['board_file_table']} where bo_table = '$bo_table' and wr_id = '{$row['wr_id']}' ";
$result2 = sql_query($sql2);
while ($row2 = sql_fetch_array($result2)) {
@unlink(G5_DATA_PATH.'/file/'.$bo_table.'/'.$row2['bf_file']);
@unlink(G5_DATA_PATH.'/file/'.$bo_table.'/'.str_replace('../', '', $row2['bf_file']));
// 썸네일삭제
if(preg_match("/\.({$config['cf_image_extension']})$/i", $row2['bf_file'])) {
delete_board_thumbnail($bo_table, $row2['bf_file']);