firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

그누보드 SQL Injection 취약점 (18-0075) 수정

Browse Source
This commit is contained in:
thisgun
2018-03-16 16:39:07 +09:00
parent 108651c46d
commit 6c867f02b4
5 changed files with 22 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
install/install_db.php
View File

@ -14,7 +14,17 @@ include_once ('../lib/common.lib.php');
if( ! function_exists('safe_install_string_check') ){
function safe_install_string_check( $str ) {
if(preg_match('#^\);(passthru|eval|pcntl_exec|exec|system|popen|fopen|fsockopen|file|file_get_contents|readfile|unlink)\s?\(\$_(get|post|request)\s?\[.*?\]\s?\)#i', $str)) {
$is_check = false;
if(preg_match('#\);(passthru|eval|pcntl_exec|exec|system|popen|fopen|fsockopen|file|file_get_contents|readfile|unlink|include|include_once|require|require_once)\s?#i', $str)) {
$is_check = true;
}
if(preg_match('#\$_(get|post|request)\s?\[.*?\]\s?\)#i', $str)){
$is_check = true;
}
if($is_check){
die("입력한 값에 안전하지 않는 문자가 포함되어 있습니다. 설치를 중단합니다.");
}