firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2021-1116 그누보드 XSS 취약점 수정

Browse Source
This commit is contained in:
thisgun
2022-07-26 13:38:20 +09:00
parent a6e302ff84
commit 71f58f3108
4 changed files with 13 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
adm/board_form.php
View File

@ -914,7 +914,7 @@ $pg_anchor = '<ul class="anchor">
<tr> <tr>
<th scope="row"><label for="bo_include_head">상단 파일 경로</label></th> <th scope="row"><label for="bo_include_head">상단 파일 경로</label></th>
<td> <td>
<input type="text" name="bo_include_head" value="<?php echo $board['bo_include_head'] ?>" id="bo_include_head" class="frm_input" size="50"> <input type="text" name="bo_include_head" value="<?php echo get_sanitize_input($board['bo_include_head']); ?>" id="bo_include_head" class="frm_input" size="50">
</td> </td>
<td class="td_grpset"> <td class="td_grpset">
<input type="checkbox" name="chk_grp_include_head" value="1" id="chk_grp_include_head"> <input type="checkbox" name="chk_grp_include_head" value="1" id="chk_grp_include_head">
@ -926,7 +926,7 @@ $pg_anchor = '<ul class="anchor">
<tr> <tr>
<th scope="row"><label for="bo_include_tail">하단 파일 경로</label></th> <th scope="row"><label for="bo_include_tail">하단 파일 경로</label></th>
<td> <td>
<input type="text" name="bo_include_tail" value="<?php echo $board['bo_include_tail'] ?>" id="bo_include_tail" class="frm_input" size="50"> <input type="text" name="bo_include_tail" value="<?php echo get_sanitize_input($board['bo_include_tail']); ?>" id="bo_include_tail" class="frm_input" size="50">
</td> </td>
<td class="td_grpset"> <td class="td_grpset">
<input type="checkbox" name="chk_grp_include_tail" value="1" id="chk_grp_include_tail"> <input type="checkbox" name="chk_grp_include_tail" value="1" id="chk_grp_include_tail">
@ -1423,9 +1423,10 @@ function use_captcha_check(){
}); });
} }
var bo_include_head = jQuery.trim(jQuery("#bo_include_head").val()),
bo_include_tail = jQuery.trim(jQuery("#bo_include_tail").val());
function frm_check_file(){ function frm_check_file(){
var bo_include_head = "<?php echo $board['bo_include_head']; ?>";
var bo_include_tail = "<?php echo $board['bo_include_tail']; ?>";
var head = jQuery.trim(jQuery("#bo_include_head").val()); var head = jQuery.trim(jQuery("#bo_include_head").val());
var tail = jQuery.trim(jQuery("#bo_include_tail").val()); var tail = jQuery.trim(jQuery("#bo_include_tail").val());

4
adm/contentform.php
View File

@ -137,14 +137,14 @@ require_once G5_ADMIN_PATH . '/admin.head.php';
<th scope="row"><label for="co_include_head">상단 파일 경로</label></th> <th scope="row"><label for="co_include_head">상단 파일 경로</label></th>
<td> <td>
<?php echo help("설정값이 없으면 기본 상단 파일을 사용합니다."); ?> <?php echo help("설정값이 없으면 기본 상단 파일을 사용합니다."); ?>
<input type="text" name="co_include_head" value="<?php echo $co['co_include_head']; ?>" id="co_include_head" class="frm_input" size="60"> <input type="text" name="co_include_head" value="<?php echo get_sanitize_input($co['co_include_head']); ?>" id="co_include_head" class="frm_input" size="60">
</td> </td>
</tr> </tr>
<tr> <tr>
<th scope="row"><label for="co_include_tail">하단 파일 경로</label></th> <th scope="row"><label for="co_include_tail">하단 파일 경로</label></th>
<td> <td>
<?php echo help("설정값이 없으면 기본 하단 파일을 사용합니다."); ?> <?php echo help("설정값이 없으면 기본 하단 파일을 사용합니다."); ?>
<input type="text" name="co_include_tail" value="<?php echo $co['co_include_tail']; ?>" id="co_include_tail" class="frm_input" size="60"> <input type="text" name="co_include_tail" value="<?php echo get_sanitize_input($co['co_include_tail']); ?>" id="co_include_tail" class="frm_input" size="60">
</td> </td>
</tr> </tr>
<tr id="admin_captcha_box" style="display:none;"> <tr id="admin_captcha_box" style="display:none;">

10
adm/qa_config.php
View File

@ -266,13 +266,13 @@ if (!isset($qaconfig['qa_include_head'])) {
<tr> <tr>
<th scope="row"><label for="qa_include_head">상단 파일 경로</label></th> <th scope="row"><label for="qa_include_head">상단 파일 경로</label></th>
<td> <td>
<input type="text" name="qa_include_head" value="<?php echo $qaconfig['qa_include_head'] ?>" id="qa_include_head" class="frm_input" size="50"> <input type="text" name="qa_include_head" value="<?php echo get_sanitize_input($qaconfig['qa_include_head']); ?>" id="qa_include_head" class="frm_input" size="50">
</td> </td>
</tr> </tr>
<tr> <tr>
<th scope="row"><label for="qa_include_tail">하단 파일 경로</label></th> <th scope="row"><label for="qa_include_tail">하단 파일 경로</label></th>
<td> <td>
<input type="text" name="qa_include_tail" value="<?php echo $qaconfig['qa_include_tail'] ?>" id="qa_include_tail" class="frm_input" size="50"> <input type="text" name="qa_include_tail" value="<?php echo get_sanitize_input($qaconfig['qa_include_tail']); ?>" id="qa_include_tail" class="frm_input" size="50">
</td> </td>
</tr> </tr>
<tr id="admin_captcha_box" style="display:none;"> <tr id="admin_captcha_box" style="display:none;">
@ -344,7 +344,9 @@ if (!isset($qaconfig['qa_include_head'])) {
</form> </form>
<script> <script>
var captcha_chk = false; var captcha_chk = false,
qa_include_head = jQuery.trim(jQuery("#qa_include_head").val()),
qa_include_tail = jQuery.trim(jQuery("#qa_include_tail").val());
function use_captcha_check() { function use_captcha_check() {
$.ajax({ $.ajax({
@ -361,8 +363,6 @@ if (!isset($qaconfig['qa_include_head'])) {
} }
function frm_check_file() { function frm_check_file() {
var qa_include_head = "<?php echo $qaconfig['qa_include_head']; ?>";
var qa_include_tail = "<?php echo $qaconfig['qa_include_tail']; ?>";
var head = jQuery.trim(jQuery("#qa_include_head").val()); var head = jQuery.trim(jQuery("#qa_include_head").val());
var tail = jQuery.trim(jQuery("#qa_include_tail").val()); var tail = jQuery.trim(jQuery("#qa_include_tail").val());

2
lib/common.lib.php
View File

@ -3965,7 +3965,7 @@ function get_random_token_string($length=6)
} }
function filter_input_include_path($path){ function filter_input_include_path($path){
return str_replace('//', '/', $path); return str_replace('//', '/', strip_tags($path));
} }
function option_array_checked($option, $arr=array()){ function option_array_checked($option, $arr=array()){