common.php 에서 install 폴더 체크 주석처리
This commit is contained in:
chicpro
2
.gitignore
vendored
2
.gitignore
vendored
@ -0,0 +1,2 @@
|
||||
data
|
||||
dbconfig.php
|
||||
|
||||
126
common.php
126
common.php
@ -102,48 +102,48 @@ if ($_GET['g4_path'] || $_POST['g4_path'] || $_COOKIE['g4_path']) {
|
||||
//==========================================================================================================================
|
||||
// XSS(Cross Site Scripting) 공격에 의한 데이터 검증 및 차단
|
||||
//--------------------------------------------------------------------------------------------------------------------------
|
||||
function xss_clean($data)
|
||||
{
|
||||
// If its empty there is no point cleaning it :\
|
||||
if(empty($data))
|
||||
return $data;
|
||||
|
||||
// Recursive loop for arrays
|
||||
if(is_array($data))
|
||||
{
|
||||
foreach($data as $key => $value)
|
||||
{
|
||||
$data[$key] = xss_clean($value);
|
||||
}
|
||||
|
||||
return $data;
|
||||
}
|
||||
|
||||
// http://svn.bitflux.ch/repos/public/popoon/trunk/classes/externalinput.php
|
||||
// +----------------------------------------------------------------------+
|
||||
// | Copyright (c) 2001-2006 Bitflux GmbH |
|
||||
// +----------------------------------------------------------------------+
|
||||
// | Licensed under the Apache License, Version 2.0 (the "License"); |
|
||||
// | you may not use this file except in compliance with the License. |
|
||||
// | You may obtain a copy of the License at |
|
||||
// | http://www.apache.org/licenses/LICENSE-2.0 |
|
||||
// | Unless required by applicable law or agreed to in writing, software |
|
||||
// | distributed under the License is distributed on an "AS IS" BASIS, |
|
||||
// | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or |
|
||||
// | implied. See the License for the specific language governing |
|
||||
// | permissions and limitations under the License. |
|
||||
// +----------------------------------------------------------------------+
|
||||
// | Author: Christian Stocker <chregu@bitflux.ch> |
|
||||
// +----------------------------------------------------------------------+
|
||||
|
||||
// Fix &entity\n;
|
||||
$data = str_replace(array('&','<','>'), array('&amp;','&lt;','&gt;'), $data);
|
||||
$data = preg_replace('/(&#*\w+)[\x00-\x20]+;/', '$1;', $data);
|
||||
$data = preg_replace('/(&#x*[0-9A-F]+);*/i', '$1;', $data);
|
||||
function xss_clean($data)
|
||||
{
|
||||
// If its empty there is no point cleaning it :\
|
||||
if(empty($data))
|
||||
return $data;
|
||||
|
||||
// Recursive loop for arrays
|
||||
if(is_array($data))
|
||||
{
|
||||
foreach($data as $key => $value)
|
||||
{
|
||||
$data[$key] = xss_clean($value);
|
||||
}
|
||||
|
||||
return $data;
|
||||
}
|
||||
|
||||
// http://svn.bitflux.ch/repos/public/popoon/trunk/classes/externalinput.php
|
||||
// +----------------------------------------------------------------------+
|
||||
// | Copyright (c) 2001-2006 Bitflux GmbH |
|
||||
// +----------------------------------------------------------------------+
|
||||
// | Licensed under the Apache License, Version 2.0 (the "License"); |
|
||||
// | you may not use this file except in compliance with the License. |
|
||||
// | You may obtain a copy of the License at |
|
||||
// | http://www.apache.org/licenses/LICENSE-2.0 |
|
||||
// | Unless required by applicable law or agreed to in writing, software |
|
||||
// | distributed under the License is distributed on an "AS IS" BASIS, |
|
||||
// | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or |
|
||||
// | implied. See the License for the specific language governing |
|
||||
// | permissions and limitations under the License. |
|
||||
// +----------------------------------------------------------------------+
|
||||
// | Author: Christian Stocker <chregu@bitflux.ch> |
|
||||
// +----------------------------------------------------------------------+
|
||||
|
||||
// Fix &entity\n;
|
||||
$data = str_replace(array('&','<','>'), array('&amp;','&lt;','&gt;'), $data);
|
||||
$data = preg_replace('/(&#*\w+)[\x00-\x20]+;/', '$1;', $data);
|
||||
$data = preg_replace('/(&#x*[0-9A-F]+);*/i', '$1;', $data);
|
||||
|
||||
if (function_exists("html_entity_decode"))
|
||||
{
|
||||
$data = html_entity_decode($data);
|
||||
$data = html_entity_decode($data);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -152,32 +152,32 @@ function xss_clean($data)
|
||||
$data = strtr($data, $trans_tbl);
|
||||
}
|
||||
|
||||
// Remove any attribute starting with "on" or xmlns
|
||||
$data = preg_replace('#(<[^>]+?[\x00-\x20"\'])(?:on|xmlns)[^>]*+>#i', '$1>', $data);
|
||||
// Remove any attribute starting with "on" or xmlns
|
||||
$data = preg_replace('#(<[^>]+?[\x00-\x20"\'])(?:on|xmlns)[^>]*+>#i', '$1>', $data);
|
||||
|
||||
// Remove javascript: and vbscript: protocols
|
||||
$data = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([`\'"]*)[\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#i', '$1=$2nojavascript...', $data);
|
||||
$data = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#i', '$1=$2novbscript...', $data);
|
||||
$data = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*-moz-binding[\x00-\x20]*:#', '$1=$2nomozbinding...', $data);
|
||||
// Remove javascript: and vbscript: protocols
|
||||
$data = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([`\'"]*)[\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#i', '$1=$2nojavascript...', $data);
|
||||
$data = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#i', '$1=$2novbscript...', $data);
|
||||
$data = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*-moz-binding[\x00-\x20]*:#', '$1=$2nomozbinding...', $data);
|
||||
|
||||
// Only works in IE: <span style="width: expression(alert('Ping!'));"></span>
|
||||
$data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?expression[\x00-\x20]*\([^>]*+>#i', '$1>', $data);
|
||||
$data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?behaviour[\x00-\x20]*\([^>]*+>#i', '$1>', $data);
|
||||
$data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*+>#i', '$1>', $data);
|
||||
// Only works in IE: <span style="width: expression(alert('Ping!'));"></span>
|
||||
$data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?expression[\x00-\x20]*\([^>]*+>#i', '$1>', $data);
|
||||
$data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?behaviour[\x00-\x20]*\([^>]*+>#i', '$1>', $data);
|
||||
$data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*+>#i', '$1>', $data);
|
||||
|
||||
// Remove namespaced elements (we do not need them)
|
||||
$data = preg_replace('#</*\w+:\w[^>]*+>#i', '', $data);
|
||||
// Remove namespaced elements (we do not need them)
|
||||
$data = preg_replace('#</*\w+:\w[^>]*+>#i', '', $data);
|
||||
|
||||
do
|
||||
{
|
||||
// Remove really unwanted tags
|
||||
$old_data = $data;
|
||||
$data = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $data);
|
||||
}
|
||||
while ($old_data !== $data);
|
||||
|
||||
return $data;
|
||||
}
|
||||
do
|
||||
{
|
||||
// Remove really unwanted tags
|
||||
$old_data = $data;
|
||||
$data = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $data);
|
||||
}
|
||||
while ($old_data !== $data);
|
||||
|
||||
return $data;
|
||||
}
|
||||
|
||||
$_GET = xss_clean($_GET);
|
||||
//==========================================================================================================================
|
||||
@ -226,7 +226,7 @@ include_once("$g4[path]/lib/constant.php"); // 상수 정의
|
||||
include_once("$g4[path]/config.php"); // 설정 파일
|
||||
include_once("$g4[path]/lib/common.lib.php"); // 공통 라이브러리
|
||||
|
||||
//header("Content-Type: text/html; charset={$g4['charset']}");
|
||||
//header("Content-Type: text/html; charset={$g4['charset']}");
|
||||
|
||||
// config.php 가 있는곳의 웹경로
|
||||
if (!$g4['url'])
|
||||
@ -252,7 +252,7 @@ $dirname = dirname(__FILE__).'/';
|
||||
$dbconfig_file = "dbconfig.php";
|
||||
if (file_exists("$g4[path]/$dbconfig_file"))
|
||||
{
|
||||
if (is_dir("$g4[path]/install")) die("<meta http-equiv='content-type' content='text/html; charset=$g4[charset]'><script type='text/javascript'> alert('install 디렉토리를 삭제하여야 정상 실행됩니다.'); </script>");
|
||||
//if (is_dir("$g4[path]/install")) die("<meta http-equiv='content-type' content='text/html; charset=$g4[charset]'><script type='text/javascript'> alert('install 디렉토리를 삭제하여야 정상 실행됩니다.'); </script>");
|
||||
|
||||
include_once("$g4[path]/$dbconfig_file");
|
||||
$connect_db = sql_connect($mysql_host, $mysql_user, $mysql_password);
|
||||
|
||||
BIN
provision_h
BIN
provision_h
Binary file not shown.
|
Before Width: | Height: | Size: 37 KiB |
Reference in New Issue
Block a user