KVE-2018-0300,0331,0356,0358,0370 취약점 수정

2018-05-21 20:32:09 +09:00
parent c0fcd3a1ed
commit 980e65361c
4 changed files with 9 additions and 4 deletions
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@ -3438,7 +3438,7 @@ function is_include_path_check($path='', $is_input='')
    if( $path ){
        if ($is_input){

-            if( strpos($path, 'php://') !== false || strpos($path, 'zlib://') !== false || strpos($path, 'bzip2://') !== false || strpos($path, 'zip://') !== false ){
+            if( stripos($path, 'php://') !== false || stripos($path, 'zlib://') !== false || stripos($path, 'bzip2://') !== false || stripos($path, 'zip://') !== false || stripos($path, 'data:text/') !== false || stripos($path, 'data://') !== false ){
                return false;
            }

@ -3485,7 +3485,7 @@ function is_include_path_check($path='', $is_input='')

        $extension = pathinfo($path, PATHINFO_EXTENSION);
        
-        if($extension && preg_match('/(jpg|jpeg|png|gif|bmp|conf)$/', $extension)) {
+        if($extension && preg_match('/(jpg|jpeg|png|gif|bmp|conf)$/i', $extension)) {
            return false;
        }
    }