firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-0994,0995,1014 취약점 수정

Browse Source
This commit is contained in:
thisgun
2019-06-12 17:14:23 +09:00
parent e6a3270936
commit a1dbe22063
7 changed files with 17 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/common.lib.php
View File

@ -2887,13 +2887,17 @@ function get_search_string($stx)
}
// XSS 관련 태그 제거
function clean_xss_tags($str)
function clean_xss_tags($str, $check_entities=0)
{
$str_len = strlen($str);
$i = 0;
while($i <= $str_len){
$result = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $str);
if( $check_entities ){
$result = str_replace(array('&colon;', '&lpar;', '&rpar;', '&NewLine;', '&Tab;'), '', $result);
}
if((string)$result === (string)$str) break;