firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

XSS 취약점 수정

Browse Source
This commit is contained in:
thisgun
2018-10-30 09:42:48 +09:00
parent c82c937fbb
commit a45241f4bc
9 changed files with 31 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
adm/board_form_update.php
View File

@ -72,6 +72,9 @@ $bo_category_list = str_replace($src_char, $dst_char, $bo_category_list);
//https://github.com/gnuboard/gnuboard5/commit/f5f4925d4eb28ba1af728e1065fc2bdd9ce1da58 에 따른 조치 //https://github.com/gnuboard/gnuboard5/commit/f5f4925d4eb28ba1af728e1065fc2bdd9ce1da58 에 따른 조치
$str_bo_category_list = isset($_POST['bo_category_list']) ? preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", "", $_POST['bo_category_list']) : ''; $str_bo_category_list = isset($_POST['bo_category_list']) ? preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", "", $_POST['bo_category_list']) : '';
$_POST['bo_subject'] = strip_tags($_POST['bo_subject']);
$_POST['bo_mobile_subject'] = strip_tags($_POST['bo_mobile_subject']);
$sql_common = " gr_id = '{$_POST['gr_id']}', $sql_common = " gr_id = '{$_POST['gr_id']}',
bo_subject = '{$_POST['bo_subject']}', bo_subject = '{$_POST['bo_subject']}',
bo_mobile_subject = '{$_POST['bo_mobile_subject']}', bo_mobile_subject = '{$_POST['bo_mobile_subject']}',

2
adm/boardgroup_form.php
View File

@ -117,7 +117,7 @@ include_once('./admin.head.php');
<label for="gr_<?php echo $i ?>_subj">여분필드 <?php echo $i ?> 제목</label> <label for="gr_<?php echo $i ?>_subj">여분필드 <?php echo $i ?> 제목</label>
<input type="text" name="gr_<?php echo $i ?>_subj" value="<?php echo get_text($group['gr_'.$i.'_subj']) ?>" id="gr_<?php echo $i ?>_subj" class="frm_input"> <input type="text" name="gr_<?php echo $i ?>_subj" value="<?php echo get_text($group['gr_'.$i.'_subj']) ?>" id="gr_<?php echo $i ?>_subj" class="frm_input">
<label for="gr_<?php echo $i ?>">여분필드 <?php echo $i ?> 내용</label> <label for="gr_<?php echo $i ?>">여분필드 <?php echo $i ?> 내용</label>
<input type="text" name="gr_<?php echo $i ?>" value="<?php echo $gr['gr_'.$i] ?>" id="gr_<?php echo $i ?>" class="frm_input"> <input type="text" name="gr_<?php echo $i ?>" value="<?php echo get_sanitize_input($gr['gr_'.$i]); ?>" id="gr_<?php echo $i ?>" class="frm_input">
</td> </td>
</tr> </tr>
<?php } ?> <?php } ?>

2
adm/config_form.php
View File

@ -1317,7 +1317,7 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
<label for="cf_<?php echo $i ?>_subj">여분필드<?php echo $i ?> 제목</label> <label for="cf_<?php echo $i ?>_subj">여분필드<?php echo $i ?> 제목</label>
<input type="text" name="cf_<?php echo $i ?>_subj" value="<?php echo get_text($config['cf_'.$i.'_subj']) ?>" id="cf_<?php echo $i ?>_subj" class="frm_input" size="30"> <input type="text" name="cf_<?php echo $i ?>_subj" value="<?php echo get_text($config['cf_'.$i.'_subj']) ?>" id="cf_<?php echo $i ?>_subj" class="frm_input" size="30">
<label for="cf_<?php echo $i ?>">여분필드<?php echo $i ?> 값</label> <label for="cf_<?php echo $i ?>">여분필드<?php echo $i ?> 값</label>
<input type="text" name="cf_<?php echo $i ?>" value="<?php echo $config['cf_'.$i] ?>" id="cf_<?php echo $i ?>" class="frm_input" size="30"> <input type="text" name="cf_<?php echo $i ?>" value="<?php echo get_sanitize_input($config['cf_'.$i]); ?>" id="cf_<?php echo $i ?>" class="frm_input" size="30">
</td> </td>
</tr> </tr>
<?php } ?> <?php } ?>

2
adm/config_form_update.php
View File

@ -26,6 +26,8 @@ if(!$_POST['cf_cert_use']) {
$cf_social_servicelist = !empty($_POST['cf_social_servicelist']) ? implode(',', $_POST['cf_social_servicelist']) : ''; $cf_social_servicelist = !empty($_POST['cf_social_servicelist']) ? implode(',', $_POST['cf_social_servicelist']) : '';
$_POST['cf_title'] = strip_tags($_POST['cf_title']);
$sql = " update {$g5['config_table']} $sql = " update {$g5['config_table']}
set cf_title = '{$_POST['cf_title']}', set cf_title = '{$_POST['cf_title']}',
cf_admin = '{$_POST['cf_admin']}', cf_admin = '{$_POST['cf_admin']}',

14
adm/menu_list.php
View File

@ -196,6 +196,20 @@ function base_convert(number, frombase, tobase) {
function fmenulist_submit(f) function fmenulist_submit(f)
{ {
var me_links = document.getElementsByName('me_link[]');
var reg = /^javascript/;
for (i=0; i<me_links.length; i++){
if( reg.test(me_links[i].value) ){
alert('링크에 자바스크립트문을 입력할수 없습니다.');
me_links[i].focus();
return false;
}
}
return true; return true;
} }
</script> </script>

4
adm/menu_list_update.php
View File

@ -23,8 +23,8 @@ for ($i=0; $i<$count; $i++)
$code = $_POST['code'][$i]; $code = $_POST['code'][$i];
$me_name = $_POST['me_name'][$i]; $me_name = $_POST['me_name'][$i];
$me_link = $_POST['me_link'][$i]; $me_link = preg_match('/^javascript/', $_POST['me_link'][$i]) ? G5_URL : strip_tags($_POST['me_link'][$i]);
if(!$code || !$me_name || !$me_link) if(!$code || !$me_name || !$me_link)
continue; continue;

4
bbs/board_head.php
View File

@ -5,13 +5,13 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
if (G5_IS_MOBILE) { if (G5_IS_MOBILE) {
// 모바일의 경우 설정을 따르지 않는다. // 모바일의 경우 설정을 따르지 않는다.
include_once(G5_BBS_PATH.'/_head.php'); include_once(G5_BBS_PATH.'/_head.php');
echo stripslashes($board['bo_mobile_content_head']); echo html_purifier(stripslashes($board['bo_mobile_content_head']));
} else { } else {
if(is_include_path_check($board['bo_include_head'])) { //파일경로 체크 if(is_include_path_check($board['bo_include_head'])) { //파일경로 체크
@include ($board['bo_include_head']); @include ($board['bo_include_head']);
} else { //파일경로가 올바르지 않으면 기본파일을 가져옴 } else { //파일경로가 올바르지 않으면 기본파일을 가져옴
include_once(G5_BBS_PATH.'/_head.php'); include_once(G5_BBS_PATH.'/_head.php');
} }
echo stripslashes($board['bo_content_head']); echo html_purifier(stripslashes($board['bo_content_head']));
} }
?> ?>

4
bbs/board_tail.php
View File

@ -3,11 +3,11 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
// 게시판 관리의 하단 파일 경로 // 게시판 관리의 하단 파일 경로
if (G5_IS_MOBILE) { if (G5_IS_MOBILE) {
echo stripslashes($board['bo_mobile_content_tail']); echo html_purifier(stripslashes($board['bo_mobile_content_tail']));
// 모바일의 경우 설정을 따르지 않는다. // 모바일의 경우 설정을 따르지 않는다.
include_once(G5_BBS_PATH.'/_tail.php'); include_once(G5_BBS_PATH.'/_tail.php');
} else { } else {
echo stripslashes($board['bo_content_tail']); echo html_purifier(stripslashes($board['bo_content_tail']));
if(is_include_path_check($board['bo_include_tail'])) { //파일경로 체크 if(is_include_path_check($board['bo_include_tail'])) { //파일경로 체크
@include ($board['bo_include_tail']); @include ($board['bo_include_tail']);
} else { //파일경로가 올바르지 않으면 기본파일을 가져옴 } else { //파일경로가 올바르지 않으면 기본파일을 가져옴

8
bbs/password.php
View File

@ -43,8 +43,8 @@ switch ($w) {
include_once(G5_PATH.'/head.sub.php'); include_once(G5_PATH.'/head.sub.php');
//if ($board['bo_include_head']) { @include ($board['bo_include_head']); } //if ($board['bo_include_head'] && is_include_path_check($board['bo_content_head'])) { @include ($board['bo_include_head']); }
//if ($board['bo_content_head']) { echo stripslashes($board['bo_content_head']); } //if ($board['bo_content_head']) { echo html_purifier(stripslashes($board['bo_content_head'])); }
/* 비밀글의 제목을 가져옴 지운아빠 2013-01-29 */ /* 비밀글의 제목을 가져옴 지운아빠 2013-01-29 */
$sql = " select wr_subject from {$write_table} $sql = " select wr_subject from {$write_table}
@ -57,8 +57,8 @@ $g5['title'] = get_text($row['wr_subject']);
include_once($member_skin_path.'/password.skin.php'); include_once($member_skin_path.'/password.skin.php');
//if ($board['bo_content_tail']) { echo stripslashes($board['bo_content_tail']); } //if ($board['bo_content_tail']) { echo html_purifier(stripslashes($board['bo_content_tail'])); }
//if ($board['bo_include_tail']) { @include ($board['bo_include_tail']); } //if ($board['bo_include_tail'] && is_include_path_check($board['bo_content_tail'])) { @include ($board['bo_include_tail']); }
include_once(G5_PATH.'/tail.sub.php'); include_once(G5_PATH.'/tail.sub.php');
?> ?>