[KVE-2020-0097,0113,0114,0056]그누보드 다중 취약점 수정

2020-03-02 22:08:54 +09:00
parent 6fe20b0a13
commit 87bb2f1d8a
5 changed files with 29 additions and 2 deletions
--- a/adm/qa_config_update.php
+++ b/adm/qa_config_update.php
@ -56,6 +56,11 @@ if( $qa_include_tail && ! is_include_path_check($qa_include_tail, 1) ){
    $error_msg = '/data/file/ 또는 /data/editor/ 포함된 문자를 하단 파일 경로에 포함시킬수 없습니다.';
 }

+if( function_exists('filter_input_include_path') ){
+    $qa_include_head = filter_input_include_path($qa_include_head);
+    $qa_include_tail = filter_input_include_path($qa_include_tail);
+}
+
 $sql = " update {$g5['qa_config_table']}
            set qa_title                = '{$_POST['qa_title']}',
                qa_category             = '{$_POST['qa_category']}',