From 038affe79835047f096e7c3c68e39bcea31e2064 Mon Sep 17 00:00:00 2001 From: thisgun Date: Wed, 12 Dec 2018 17:28:55 +0900 Subject: [PATCH 1/4] =?UTF-8?q?KVE-2018-1808=20=EC=B7=A8=EC=95=BD=EC=A0=90?= =?UTF-8?q?=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/admin.lib.php | 2 +- bbs/alert.php | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/adm/admin.lib.php b/adm/admin.lib.php index b62164b26..d454f00d4 100644 --- a/adm/admin.lib.php +++ b/adm/admin.lib.php @@ -436,7 +436,7 @@ function admin_check_xss_params($params){ if( is_array($value) ){ admin_check_xss_params($params); - } else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && preg_match('/script.*?\/script/ius', $value) ){ + } else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/onload=.*/ius', $value)) ){ alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.'); die(); } diff --git a/bbs/alert.php b/bbs/alert.php index 9d4475203..b1117d347 100644 --- a/bbs/alert.php +++ b/bbs/alert.php @@ -67,13 +67,17 @@ history.back();
$value) { + + $key = clean_xss_tags($url); + $value = clean_xss_tags($value); + if(strlen($value) < 1) continue; if(preg_match("/pass|pwd|capt|url/", $key)) continue; ?> - + From 39c8182a2fd2aef621d589a6bd4ee4c17b9814b5 Mon Sep 17 00:00:00 2001 From: thisgun Date: Thu, 13 Dec 2018 10:13:05 +0900 Subject: [PATCH 2/4] =?UTF-8?q?=EC=86=8C=EC=85=9C=EB=A1=9C=EA=B7=B8?= =?UTF-8?q?=EC=9D=B8=EC=8B=9C=20=EC=A0=95=EB=B3=B4=EC=88=98=EC=A0=95?= =?UTF-8?q?=EC=97=90=20=EA=B4=80=ED=95=9C=20=EC=BD=94=EB=93=9C=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/member_confirm.php | 2 +- plugin/social/includes/functions.php | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/bbs/member_confirm.php b/bbs/member_confirm.php index e3fc28498..dcfbfec7a 100644 --- a/bbs/member_confirm.php +++ b/bbs/member_confirm.php @@ -14,7 +14,7 @@ else $url = clean_xss_tags($_GET['url']); //소셜 로그인 한 경우 -if( function_exists('social_member_comfirm_redirect') && (! $url || $url === 'register_form.php') ){ +if( function_exists('social_member_comfirm_redirect') && (! $url || $url === 'register_form.php' || (function_exists('social_is_edit_page') && social_is_edit_page($url) ) ) ){ social_member_comfirm_redirect(); } diff --git a/plugin/social/includes/functions.php b/plugin/social/includes/functions.php index 4b847f54d..c6ec4d512 100644 --- a/plugin/social/includes/functions.php +++ b/plugin/social/includes/functions.php @@ -764,6 +764,23 @@ function social_member_comfirm_redirect(){ } } +function social_is_edit_page($url=''){ + global $is_member; + + if( !$is_member ) return false; + + if($url){ + $p = @parse_url($url); + $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']); + + if ( isset($p['host']) && ($p['host'] === $host) && preg_match('/register_form\.php$/i', $url) ){ + return true; + } + } + + return false; +} + function social_is_login_password_check($mb_id){ global $g5; From 53457e3b2f9597d8870995d40e6d1ec08484ee2e Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 17 Dec 2018 18:44:14 +0900 Subject: [PATCH 3/4] =?UTF-8?q?=EC=86=8C=EC=85=9C=EB=A1=9C=EA=B7=B8?= =?UTF-8?q?=EC=9D=B8=20=ED=8A=B8=EC=9C=84=ED=84=B0=20callback=5Furl=20?= =?UTF-8?q?=ED=91=9C=EA=B8=B0=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- plugin/social/includes/functions.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/plugin/social/includes/functions.php b/plugin/social/includes/functions.php index c6ec4d512..fab949a88 100644 --- a/plugin/social/includes/functions.php +++ b/plugin/social/includes/functions.php @@ -52,6 +52,10 @@ function get_social_callbackurl($provider, $no_domain=false){ $base_url = '/'.ltrim(parse_url($base_url, PHP_URL_PATH), '/'); } + if ( $provider === 'twitter' ){ + return $base_url; + } + $base_url = $base_url . ( strpos($base_url, '?') ? '&' : '?' ).G5_SOCIAL_LOGIN_DONE_PARAM.'='.$provider; return $base_url; From c028d34f787b58ef54d1d965e4d61ab10eb5e62f Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 17 Dec 2018 18:47:40 +0900 Subject: [PATCH 4/4] =?UTF-8?q?5.3.2.2=20=EB=B2=84=EC=A0=84=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.php b/config.php index 802cde66d..e417624fd 100644 --- a/config.php +++ b/config.php @@ -5,7 +5,7 @@ ********************/ define('G5_VERSION', '그누보드5'); -define('G5_GNUBOARD_VER', '5.3.2.1'); +define('G5_GNUBOARD_VER', '5.3.2.2'); // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음 define('_GNUBOARD_', true);