firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2019-1144 XSS 취약점 수정

Browse Source
This commit is contained in:
thisgun
2019-07-09 10:55:30 +09:00
parent ff580f7225
commit 828b362f67
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
yc4_import_run.php
View File

@ -1,6 +1,12 @@
<?php <?php
include_once('./_common.php'); include_once('./_common.php');
$g4 = array();
if( isset($_REQUEST['g4']) || isset($_GET['g4']) || isset($_POST['g4']) ){
die('잘못된 요청입니다');
}
ob_end_clean(); ob_end_clean();
include_once(G5_LIB_PATH.'/connect.lib.php'); include_once(G5_LIB_PATH.'/connect.lib.php');
@ -178,6 +184,14 @@ document.onkeydown = noRefresh ;
require($g4_config_file); require($g4_config_file);
require($shop_config_file); require($shop_config_file);
if( $g4 && is_array($g4) ){
foreach($g4 as $k=>$v){
if( preg_match('/_table$/i', $k) ){
$g4[$k] = preg_replace('/[^0-9A-Za-z_]/', '', $v);
}
}
}
if(preg_replace('/[^a-z]/', '', strtolower($g4['charset'])) == 'euckr') if(preg_replace('/[^a-z]/', '', strtolower($g4['charset'])) == 'euckr')
$is_euckr = true; $is_euckr = true;