firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

메일보내기 발신자 위장 방지 및 암호화 키의 안전성 취약점 수정

Browse Source
This commit is contained in:
thisgun
2026-01-30 05:00:43 +00:00
parent d775d2255f
commit 7c490448ec
3 changed files with 16 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/common.lib.php
View File

@ -3959,10 +3959,16 @@ class str_encrypt
function __construct($salt='')
{
if(!$salt)
$this->salt = md5(preg_replace('/[^0-9A-Za-z]/', substr(G5_MYSQL_USER, -1), $_SERVER['SERVER_SOFTWARE'].$_SERVER['DOCUMENT_ROOT']));
else
global $config;
if (!$salt) {
$config_hash = md5(serialize(array($config['cf_title'], $config['cf_theme'], $config['cf_admin_email_name'], $config['cf_login_point'], $config['cf_memo_send_point'])));
//$this->salt = md5(preg_replace('/[^0-9A-Za-z]/', substr($config_hash, -1), $_SERVER['SERVER_SOFTWARE'].$config_hash.$_SERVER['DOCUMENT_ROOT']));
$this->salt = hash('sha256', preg_replace('/[^0-9A-Za-z]/', substr($config_hash, -1), $_SERVER['SERVER_SOFTWARE'].$config_hash.$_SERVER['DOCUMENT_ROOT']));
} else {
$this->salt = $salt;
}
$this->length = strlen($this->salt);
}