firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2020-0097,0113,0114,0056]그누보드 다중 취약점 수정

Browse Source
This commit is contained in:
thisgun
2020-03-02 22:08:54 +09:00
parent 6fe20b0a13
commit 87bb2f1d8a
5 changed files with 29 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
adm/board_form_update.php
View File

@ -60,6 +60,11 @@ if(!is_include_path_check($bo_include_tail, 1)) {
alert('하단 파일 경로에 포함시킬수 없는 문자열이 있습니다.');
}
if( function_exists('filter_input_include_path') ){
$bo_include_head = filter_input_include_path($bo_include_head);
$bo_include_tail = filter_input_include_path($bo_include_tail);
}
$board_path = G5_DATA_PATH.'/file/'.$bo_table;
// 게시판 디렉토리 생성

5
adm/contentformupdate.php
View File

@ -71,6 +71,11 @@ if( $co_include_tail && ! is_include_path_check($co_include_tail, 1) ){
$error_msg = '/data/file/ 또는 /data/editor/ 포함된 문자를 하단 파일 경로에 포함시킬수 없습니다.';
}
if( function_exists('filter_input_include_path') ){
$co_include_head = filter_input_include_path($co_include_head);
$co_include_tail = filter_input_include_path($co_include_tail);
}
$co_seo_title = exist_seo_title_recursive('content', generate_seo_title($co_subject), $g5['content_table'], $co_id);
$sql_common = " co_include_head = '$co_include_head',

5
adm/qa_config_update.php
View File

@ -56,6 +56,11 @@ if( $qa_include_tail && ! is_include_path_check($qa_include_tail, 1) ){
$error_msg = '/data/file/ 또는 /data/editor/ 포함된 문자를 하단 파일 경로에 포함시킬수 없습니다.';
}
if( function_exists('filter_input_include_path') ){
$qa_include_head = filter_input_include_path($qa_include_head);
$qa_include_tail = filter_input_include_path($qa_include_tail);
}
$sql = " update {$g5['qa_config_table']}
set qa_title = '{$_POST['qa_title']}',
qa_category = '{$_POST['qa_category']}',