From 5abc41cdb93fdd18bcab934a6a88dca883d9324e Mon Sep 17 00:00:00 2001 From: thisgun Date: Wed, 27 Dec 2017 09:14:48 +0900 Subject: [PATCH 1/3] =?UTF-8?q?=EA=B2=8C=EC=8B=9C=ED=8C=90=20=EA=B8=80?= =?UTF-8?q?=EC=93=B0=EA=B8=B0=20iframe=20=ED=97=88=EC=9A=A9=20=EC=BD=94?= =?UTF-8?q?=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- plugin/htmlpurifier/extend.video.php | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/plugin/htmlpurifier/extend.video.php b/plugin/htmlpurifier/extend.video.php index df9f2367e..8ba346a47 100644 --- a/plugin/htmlpurifier/extend.video.php +++ b/plugin/htmlpurifier/extend.video.php @@ -21,11 +21,24 @@ if( !class_exists('HTMLPurifier_Filter_Iframevideo') ){ */ public function preFilter($html, $config, $context) { - $html = preg_replace('##i', '', $html); + if (strstr($html, ']*>(.*?)?\/iframe>/si', array($this, 'trust_url_match'), $html); + $html = preg_replace_callback('/]*>(.*?)?\/iframe>/si', array($this, 'trust_url_match'), $html); + //$html = preg_replace('##i', '', $html); + } return $html; } + public function trust_url_match($matches) + { + $str = $matches[0]; + if( $matches[1] ){ + $str = preg_replace('##i', '', $str); + } + return $str; + } /** * * @param string $html @@ -48,7 +61,7 @@ if( !class_exists('HTMLPurifier_Filter_Iframevideo') ){ { // Domain Whitelist $youTubeMatch = preg_match('#src="https?://www.youtube(-nocookie)?.com/#i', $matches[1]); - $vimeoMatch = preg_match('#src="http://player.vimeo.com/#i', $matches[1]); + $vimeoMatch = preg_match('#src="https?://player.vimeo.com/#i', $matches[1]); if ($youTubeMatch || $vimeoMatch) { $extra = ' frameborder="0"'; if ($youTubeMatch) { From 5ab91fa0abe52b2b09b352d8e393f1188d4e6b79 Mon Sep 17 00:00:00 2001 From: thisgun Date: Wed, 27 Dec 2017 09:45:22 +0900 Subject: [PATCH 2/3] =?UTF-8?q?Open=20Redirect=20=EC=B7=A8=EC=95=BD?= =?UTF-8?q?=EC=A0=90=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/logout.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/bbs/logout.php b/bbs/logout.php index 4d071e428..d2083b11f 100644 --- a/bbs/logout.php +++ b/bbs/logout.php @@ -15,8 +15,12 @@ if ($url) { $url = 'http:' . $url; $p = @parse_url(urldecode($url)); - if ($p['scheme'] || $p['host']) { - alert('url에 도메인을 지정할 수 없습니다.'); + /* + // OpenRediect 취약점관련, PHP 5.3 이하버전에서는 parse_url 버그가 있음 ( Safflower 님 제보 ) 아래 url 예제 + // http://localhost/bbs/logout.php?url=http://sir.kr%23@/ + */ + if (preg_match('/^https?:\/\//i', $url) || $p['scheme'] || $p['host']) { + alert('url에 도메인을 지정할 수 없습니다.', G5_URL); } $link = $url; From c1e1f64580c0a695dc5a8f5b9a6d75ecc3d77132 Mon Sep 17 00:00:00 2001 From: thisgun Date: Wed, 27 Dec 2017 09:56:10 +0900 Subject: [PATCH 3/3] =?UTF-8?q?5.2.9.8.1=20=EB=B2=84=EC=A0=84=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.php b/config.php index f97136fb9..9e8782482 100644 --- a/config.php +++ b/config.php @@ -5,7 +5,7 @@ ********************/ define('G5_VERSION', '그누보드5'); -define('G5_GNUBOARD_VER', '5.2.9.8'); +define('G5_GNUBOARD_VER', '5.2.9.8.1'); // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음 define('_GNUBOARD_', true);