firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2019-0724 취약점 수정

Browse Source
This commit is contained in:
thisgun
2019-05-28 11:57:58 +09:00
parent 764cb34957
commit 9773c13d5d
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/admin.lib.php
View File

@ -477,7 +477,7 @@ function admin_check_xss_params($params){
if( is_array($value) ){ if( is_array($value) ){
admin_check_xss_params($value); admin_check_xss_params($value);
} else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/onload=.*/ius', $value)) ){ } else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/[onload|onerror]=.*/ius', $value)) ){
alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.'); alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.');
die(); die();
} }

2
extend/sms5.extend.php
View File

@ -23,6 +23,8 @@ $g5['sms5_book_group_table'] = $g5['sms5_prefix'] . 'book_group';
$g5['sms5_form_table'] = $g5['sms5_prefix'] . 'form'; $g5['sms5_form_table'] = $g5['sms5_prefix'] . 'form';
$g5['sms5_form_group_table'] = $g5['sms5_prefix'] . 'form_group'; $g5['sms5_form_group_table'] = $g5['sms5_prefix'] . 'form_group';
$sms5 = array();
if (!empty($config['cf_sms_use'])) { if (!empty($config['cf_sms_use'])) {
$sms5 = sql_fetch("select * from {$g5['sms5_config_table']} ", false); $sms5 = sql_fetch("select * from {$g5['sms5_config_table']} ", false);