firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Open Redirect 취약점 수정

Browse Source
This commit is contained in:
thisgun
2017-12-11 14:34:01 +09:00
parent 66358414f2
commit 8755c8ece7
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
bbs/logout.php
View File

@ -11,7 +11,10 @@ set_cookie('ck_auto', '', 0);
// 자동로그인 해제 end --------------------------------
if ($url) {
$p = @parse_url($url);
if ( substr($url, 0, 2) == '//' )
$url = 'http:' . $url;
$p = @parse_url(urldecode($url));
if ($p['scheme'] || $p['host']) {
alert('url에 도메인을 지정할 수 없습니다.');
}