firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2019-1142 LFI & Command Injection 취약점 수정

Browse Source
This commit is contained in:
thisgun
2019-07-09 14:11:48 +09:00
parent 846285549a
commit 73478d5961
7 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/common.lib.php
View File

@ -3510,7 +3510,7 @@ function is_include_path_check($path='', $is_input='')
// 장태진 @jtjisgod <jtjisgod@gmail.com> 추가
// 보안 목적 : rar wrapper 차단
if( stripos($path, 'rar:') !== false || stripos($path, 'php:') !== false || stripos($path, 'zlib:') !== false || stripos($path, 'bzip2:') !== false || stripos($path, 'zip:') !== false || stripos($path, 'data:') !== false || stripos($path, 'phar:') !== false ){
if( stripos($path, 'rar:') !== false || stripos($path, 'php:') !== false || stripos($path, 'zlib:') !== false || stripos($path, 'bzip2:') !== false || stripos($path, 'zip:') !== false || stripos($path, 'data:') !== false || stripos($path, 'phar:') !== false || stripos($path, 'file:') !== false ){
return false;
}