firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2018-1316 취약점 다시 수정

Browse Source
This commit is contained in:
thisgun
2018-12-07 10:59:59 +09:00
parent 70d48e4d5a
commit 97ee35e985
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/common.lib.php
View File

@ -2883,9 +2883,15 @@ function get_search_string($stx)
// XSS 관련 태그 제거 // XSS 관련 태그 제거
function clean_xss_tags($str) function clean_xss_tags($str)
{ {
$str = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $str); $str_len = strlen($str);
$str = str_replace(array('<script>','</script>','<noscript>','</noscript>'), '', $str); while($i <= $str_len){
$result = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $str);
if((string)$result === (string)$str)
break;
$str = $result;
$i++;
}
return $str; return $str;
} }