firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

그누보드 SQL Injection 취약점 (18-0075) 수정

Browse Source
This commit is contained in:
thisgun
2018-03-16 16:39:07 +09:00
parent 108651c46d
commit 6c867f02b4
5 changed files with 22 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bbs/delete_all.php
View File

@ -98,7 +98,7 @@ for ($i=$chk_count-1; $i>=0; $i--)
$result2 = sql_query($sql2);
while ($row2 = sql_fetch_array($result2)) {
// 파일삭제
@unlink(G5_DATA_PATH.'/file/'.$bo_table.'/'.$row2['bf_file']);
@unlink(G5_DATA_PATH.'/file/'.$bo_table.'/'.str_replace('../', '',$row2['bf_file']));
// 썸네일삭제
if(preg_match("/\.({$config['cf_image_extension']})$/i", $row2['bf_file'])) {