From 6dc462d7843bc09ccef08f1128cb4b445da1d6c9 Mon Sep 17 00:00:00 2001 From: kagla Date: Fri, 15 Oct 2021 16:04:17 +0900 Subject: [PATCH] =?UTF-8?q?(KVE-2021-0849)=20=ED=99=95=EC=9E=A5=EC=9E=90?= =?UTF-8?q?=20.phar=20=ED=8C=8C=EC=9D=BC=20=EC=97=85=EB=A1=9C=EB=93=9C=20?= =?UTF-8?q?=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/qawrite_update.php | 2 +- bbs/write_update.php | 2 +- install/install_db.php | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/bbs/qawrite_update.php b/bbs/qawrite_update.php index 08c614e07..bf74ef3c7 100644 --- a/bbs/qawrite_update.php +++ b/bbs/qawrite_update.php @@ -217,7 +217,7 @@ for ($i=1; $i<=$upload_count; $i++) { $upload[$i]['filesize'] = $filesize; // 아래의 문자열이 들어간 파일은 -x 를 붙여서 웹경로를 알더라도 실행을 하지 못하도록 함 - $filename = preg_replace("/\.(php|pht|phtm|htm|cgi|pl|exe|jsp|asp|inc)/i", "$0-x", $filename); + $filename = preg_replace("/\.(php|pht|phtm|htm|cgi|pl|exe|jsp|asp|inc|phar)/i", "$0-x", $filename); shuffle($chars_array); $shuffle = implode('', $chars_array); diff --git a/bbs/write_update.php b/bbs/write_update.php index dbda388ef..f36c60add 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -561,7 +561,7 @@ if(isset($_FILES['bf_file']['name']) && is_array($_FILES['bf_file']['name'])) { $upload[$i]['filesize'] = $filesize; // 아래의 문자열이 들어간 파일은 -x 를 붙여서 웹경로를 알더라도 실행을 하지 못하도록 함 - $filename = preg_replace("/\.(php|pht|phtm|htm|cgi|pl|exe|jsp|asp|inc)/i", "$0-x", $filename); + $filename = preg_replace("/\.(php|pht|phtm|htm|cgi|pl|exe|jsp|asp|inc|phar)/i", "$0-x", $filename); shuffle($chars_array); $shuffle = implode('', $chars_array); diff --git a/install/install_db.php b/install/install_db.php index 60bdaccf0..09c6b96b6 100644 --- a/install/install_db.php +++ b/install/install_db.php @@ -632,10 +632,10 @@ fclose($f);
  • DB설정 파일 생성 완료 ()
    • + Order allow,deny Deny from all