firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2019-1581,1585,1586,1590,2020-0012]그누보드XSS취약점 수정

Browse Source
This commit is contained in:
thisgun
2020-02-12 11:33:53 +09:00
parent 30e0b93ecf
commit 992d3d93f4
7 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/boardgroup_form_update.php
View File

@ -16,7 +16,7 @@ if (!preg_match("/^([A-Za-z0-9_]{1,10})$/", $_POST['gr_id']))
if (!$gr_subject) alert('그룹 제목을 입력하세요.'); if (!$gr_subject) alert('그룹 제목을 입력하세요.');
$gr_subject = isset($_POST['gr_subject']) ? strip_tags($_POST['gr_subject']) : ''; $gr_subject = isset($_POST['gr_subject']) ? strip_tags(clean_xss_attributes($_POST['gr_subject'])) : '';
$sql_common = " gr_subject = '{$gr_subject}', $sql_common = " gr_subject = '{$gr_subject}',
gr_device = '{$_POST['gr_device']}', gr_device = '{$_POST['gr_device']}',

2
adm/faqmasterformupdate.php
View File

@ -18,7 +18,7 @@ check_admin_token();
if ($fm_himg_del) @unlink(G5_DATA_PATH."/faq/{$fm_id}_h"); if ($fm_himg_del) @unlink(G5_DATA_PATH."/faq/{$fm_id}_h");
if ($fm_timg_del) @unlink(G5_DATA_PATH."/faq/{$fm_id}_t"); if ($fm_timg_del) @unlink(G5_DATA_PATH."/faq/{$fm_id}_t");
$fm_subject = strip_tags($fm_subject); $fm_subject = strip_tags(clean_xss_attributes($fm_subject));
$sql_common = " set fm_subject = '$fm_subject', $sql_common = " set fm_subject = '$fm_subject',
fm_head_html = '$fm_head_html', fm_head_html = '$fm_head_html',

4
adm/menu_list_update.php
View File

@ -21,11 +21,11 @@ for ($i=0; $i<$count; $i++)
{ {
$_POST = array_map_deep('trim', $_POST); $_POST = array_map_deep('trim', $_POST);
$_POST['me_link'][$i] = is_array($_POST['me_link']) ? clean_xss_tags($_POST['me_link'][$i], 1) : ''; $_POST['me_link'][$i] = is_array($_POST['me_link']) ? clean_xss_tags(clean_xss_attributes($_POST['me_link'][$i], 1)) : '';
$code = is_array($_POST['code']) ? strip_tags($_POST['code'][$i]) : ''; $code = is_array($_POST['code']) ? strip_tags($_POST['code'][$i]) : '';
$me_name = is_array($_POST['me_name']) ? strip_tags($_POST['me_name'][$i]) : ''; $me_name = is_array($_POST['me_name']) ? strip_tags($_POST['me_name'][$i]) : '';
$me_link = (preg_match('/^javascript/i', $_POST['me_link'][$i]) || preg_match('/script:/i', $_POST['me_link'][$i])) ? G5_URL : strip_tags($_POST['me_link'][$i]); $me_link = (preg_match('/^javascript/i', $_POST['me_link'][$i]) || preg_match('/script:/i', $_POST['me_link'][$i])) ? G5_URL : strip_tags(clean_xss_attributes($_POST['me_link'][$i]));
if(!$code || !$me_name || !$me_link) if(!$code || !$me_name || !$me_link)
continue; continue;

4
adm/sms_admin/form_update.php
View File

@ -4,8 +4,8 @@ include_once("./_common.php");
auth_check($auth[$sub_menu], "w"); auth_check($auth[$sub_menu], "w");
$fo_name = isset($fo_name) ? strip_tags($fo_name) : ''; $fo_name = isset($fo_name) ? strip_tags(clean_xss_attributes($fo_name)) : '';
$fo_content = isset($fo_content) ? strip_tags($fo_content) : ''; $fo_content = isset($fo_content) ? strip_tags(clean_xss_attributes($fo_content)) : '';
$g5['title'] = "이모티콘 업데이트"; $g5['title'] = "이모티콘 업데이트";

2
adm/sms_admin/form_write.php
View File

@ -48,7 +48,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
</tr> </tr>
<tr> <tr>
<th scope="row"><label for="fo_name">제목<strong class="sound_only"> 필수</strong></label></th> <th scope="row"><label for="fo_name">제목<strong class="sound_only"> 필수</strong></label></th>
<td><input type="text" name="fo_name" id="fo_name" required value="<?php echo $write['fo_name']?>" class="frm_input required" size="70"></td> <td><input type="text" name="fo_name" id="fo_name" required value="<?php echo get_sanitize_input($write['fo_name']); ?>" class="frm_input required" size="70"></td>
</tr> </tr>
<tr> <tr>
<th scope="row">메세지</th> <th scope="row">메세지</th>

4
adm/sms_admin/num_group.php
View File

@ -129,7 +129,7 @@ function num_group_submit(f)
<select name="select_bg_no_999" id="select_bg_no_999" onchange="move(<?php echo $no_group['bg_no']?>, '<?php echo $no_group['bg_name']?>', this);" > <select name="select_bg_no_999" id="select_bg_no_999" onchange="move(<?php echo $no_group['bg_no']?>, '<?php echo $no_group['bg_name']?>', this);" >
<option value=""></option> <option value=""></option>
<?php for ($i=0; $i<count($group); $i++) { ?> <?php for ($i=0; $i<count($group); $i++) { ?>
<option value="<?php echo $group[$i]['bg_no']?>"> <?php echo $group[$i]['bg_name']?> </option> <option value="<?php echo $group[$i]['bg_no']?>"> <?php echo get_sanitize_input($group[$i]['bg_name']); ?> </option>
<?php } ?> <?php } ?>
</select> </select>
</td> </td>
@ -150,7 +150,7 @@ function num_group_submit(f)
</td> </td>
<td> <td>
<label for="bg_name_<?php echo $i; ?>" class="sound_only">그룹명</label> <label for="bg_name_<?php echo $i; ?>" class="sound_only">그룹명</label>
<input type="text" name="bg_name[<?php echo $i; ?>]" value="<?php echo $group[$i]['bg_name']?>" id="bg_name_<?php echo $i; ?>" class="frm_input"> <input type="text" name="bg_name[<?php echo $i; ?>]" value="<?php echo get_sanitize_input($group[$i]['bg_name']); ?>" id="bg_name_<?php echo $i; ?>" class="frm_input">
</td> </td>
<td class="td_num"><?php echo number_format($group[$i]['bg_count'])?></td> <td class="td_num"><?php echo number_format($group[$i]['bg_count'])?></td>
<td class="td_num"><?php echo number_format($group[$i]['bg_member'])?></td> <td class="td_num"><?php echo number_format($group[$i]['bg_member'])?></td>

10
adm/sms_admin/num_group_update.php
View File

@ -11,7 +11,7 @@ if ($w == 'u') // 업데이트
// 실제 번호를 넘김 // 실제 번호를 넘김
$k = $_POST['chk'][$i]; $k = $_POST['chk'][$i];
$bg_no = (int) $_POST['bg_no'][$k]; $bg_no = (int) $_POST['bg_no'][$k];
$bg_name = strip_tags($_POST['bg_name'][$k]); $bg_name = strip_tags(clean_xss_attributes($_POST['bg_name'][$k]));
if (!is_numeric($bg_no)) if (!is_numeric($bg_no))
alert('그룹 고유번호가 없습니다.'); alert('그룹 고유번호가 없습니다.');
@ -23,11 +23,11 @@ if ($w == 'u') // 업데이트
if (!strlen(trim($bg_name))) if (!strlen(trim($bg_name)))
alert('그룹명을 입력해주세요'); alert('그룹명을 입력해주세요');
$res = sql_fetch("select bg_name from {$g5['sms5_book_group_table']} where bg_no<>'$bg_no' and bg_name='$bg_name'"); $res = sql_fetch("select bg_name from {$g5['sms5_book_group_table']} where bg_no<>'$bg_no' and bg_name='".sql_real_escape_string($bg_name)."'");
if ($res) if ($res)
alert('같은 그룹명이 존재합니다.'); alert('같은 그룹명이 존재합니다.');
sql_query("update {$g5['sms5_book_group_table']} set bg_name='".addslashes($bg_name)."' where bg_no='$bg_no'"); sql_query("update {$g5['sms5_book_group_table']} set bg_name='".sql_real_escape_string($bg_name)."' where bg_no='$bg_no'");
} }
} }
else if ($w == 'de') // 그룹삭제 else if ($w == 'de') // 그룹삭제
@ -63,7 +63,7 @@ else if ($w == 'em') // 비우기
} }
else // 등록 else // 등록
{ {
$bg_name = strip_tags($bg_name); $bg_name = strip_tags(clean_xss_attributes($bg_name));
if (!strlen(trim($bg_name))) if (!strlen(trim($bg_name)))
alert('그룹명을 입력해주세요'); alert('그룹명을 입력해주세요');
@ -72,7 +72,7 @@ else // 등록
if ($res) if ($res)
alert('같은 그룹명이 존재합니다.'); alert('같은 그룹명이 존재합니다.');
sql_query("insert into {$g5['sms5_book_group_table']} set bg_name='".addslashes($bg_name)."'"); sql_query("insert into {$g5['sms5_book_group_table']} set bg_name='$bg_name'");
} }
goto_url('./num_group.php'); goto_url('./num_group.php');