firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2019-1045 그누보드 XSS, RCE 취약점 수정

Browse Source
This commit is contained in:
thisgun
2019-06-13 14:55:25 +09:00
parent a1dbe22063
commit a6d851e174
2 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/common.lib.php
View File

@ -3501,6 +3501,11 @@ function get_call_func_cache($func, $args=array()){
function is_include_path_check($path='', $is_input='')
{
if( $path ){
if( strlen($path) > 255 ){
return false;
}
if ($is_input){
// 장태진 @jtjisgod <jtjisgod@gmail.com> 추가
// 보안 목적 : rar wrapper 차단
@ -3559,11 +3564,14 @@ function is_include_path_check($path='', $is_input='')
if( (preg_match('/\.\.\//i', $replace_path) || preg_match('/^\/.*/i', $replace_path)) && preg_match('/plugin\//i', $replace_path) && preg_match('/okname\//i', $replace_path) ){
return false;
}
if( substr_count($replace_path, './') > 5 ){
return false;
}
}
$extension = pathinfo($path, PATHINFO_EXTENSION);
if($extension && preg_match('/(jpg|jpeg|png|gif|bmp|conf)$/i', $extension)) {
if($extension && preg_match('/(jpg|jpeg|png|gif|bmp|conf|php\-x)$/i', $extension)) {
return false;
}
}