From 468bc6eb1c40b12425322f65a97c5320ec772497 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Mon, 27 Apr 2020 15:45:21 +0900
Subject: [PATCH 1/3] =?UTF-8?q?[KVE-2020-0273]Cross=20Site=20Scripting(XSS?=
 =?UTF-8?q?)=20=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/admin.lib.php    | 4 ++--
 adm/theme_detail.php | 2 +-
 adm/visit_search.php | 5 +++++
 3 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/adm/admin.lib.php b/adm/admin.lib.php
index daf6383c7..7f0d6f63e 100644
--- a/adm/admin.lib.php
+++ b/adm/admin.lib.php
@@ -477,8 +477,8 @@ function admin_check_xss_params($params){
 
         if( is_array($value) ){
             admin_check_xss_params($value);
-        } else if ( (preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/[onload|onerror]=.*/ius', $value))) || preg_match('/^(?=.*get_ajax_token\()(?=.*xmlhttprequest\()(?=.*send\().*$/im', $value) ){
-            alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.');
+        } else if ( (preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/[onload|onerror]=.*/ius', $value))) || preg_match('/^(?=.*token\()(?=.*xmlhttprequest\()(?=.*send\().*$/im', $value) || (preg_match('/[onload|onerror]=.*/ius', $value) && preg_match('/(eval|expression|exec|prompt)(\s*)\((.*)\)/ius', $value)) ){
+            alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.', G5_URL);
             die();
         }
     }
diff --git a/adm/theme_detail.php b/adm/theme_detail.php
index a0018f707..616e72749 100644
--- a/adm/theme_detail.php
+++ b/adm/theme_detail.php
@@ -12,13 +12,13 @@ if(!in_array($theme, $theme_dir))
     die('선택하신 테마가 설치되어 있지 않습니다.');
 
 $info = get_theme_info($theme);
+$name = get_text($info['theme_name']);
 
 if($info['screenshot'])
     $screenshot = '<img src="'.$info['screenshot'].'" alt="'.$name.'">';
 else
     $screenshot = '<img src="'.G5_ADMIN_URL.'/img/theme_img.jpg" alt="">';
 
-$name = get_text($info['theme_name']);
 if($info['theme_uri']) {
     $name = '<a href="'.set_http($info['theme_uri']).'" target="_blank" class="thdt_home">'.$name.'</a>';
 }
diff --git a/adm/visit_search.php b/adm/visit_search.php
index e29a0e382..524f2026f 100644
--- a/adm/visit_search.php
+++ b/adm/visit_search.php
@@ -11,6 +11,11 @@ include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php');
 
 $colspan = 6;
 $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'">처음</a>'; //페이지 처음으로 (초기화용도)
+$sql_search = '';
+
+if(isset($sfl) && $sfl && !in_array($sfl, array('vi_ip','vi_date','vi_time','vi_referer','vi_agent','vi_browser','vi_os','vi_device')) ) {
+    $sfl = '';
+}
 ?>
 
 <div class="local_sch local_sch01">

From 812dbc78e08b0e56df022cee30f8e51305e12c9b Mon Sep 17 00:00:00 2001
From: minsupkr <minsupkr@naver.com>
Date: Wed, 6 May 2020 11:58:54 +0900
Subject: [PATCH 2/3] =?UTF-8?q?=ED=9A=8C=EC=9B=90=EA=B0=80=EC=9E=85=20?=
 =?UTF-8?q?=EC=99=84=EB=A3=8C=EC=97=90=EC=84=9C=20html=20syntax=20?=
 =?UTF-8?q?=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95=2010396?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 mobile/skin/member/basic/register_result.skin.php             | 2 +-
 theme/basic/mobile/skin/member/basic/register_result.skin.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/mobile/skin/member/basic/register_result.skin.php b/mobile/skin/member/basic/register_result.skin.php
index fb677f0c1..710ee55cd 100644
--- a/mobile/skin/member/basic/register_result.skin.php
+++ b/mobile/skin/member/basic/register_result.skin.php
@@ -39,7 +39,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
     </div>
 
     <div class="btn_confirm">
-        <a href="<?php echo G5_URL ?>/"">메인으로</a>
+        <a href="<?php echo G5_URL ?>/">메인으로</a>
     </div>
 
 </div>
diff --git a/theme/basic/mobile/skin/member/basic/register_result.skin.php b/theme/basic/mobile/skin/member/basic/register_result.skin.php
index fb677f0c1..710ee55cd 100644
--- a/theme/basic/mobile/skin/member/basic/register_result.skin.php
+++ b/theme/basic/mobile/skin/member/basic/register_result.skin.php
@@ -39,7 +39,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
     </div>
 
     <div class="btn_confirm">
-        <a href="<?php echo G5_URL ?>/"">메인으로</a>
+        <a href="<?php echo G5_URL ?>/">메인으로</a>
     </div>
 
 </div>

From c7f1466751e8ba103efd00385c1ee20e645f826e Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Fri, 8 May 2020 15:12:53 +0900
Subject: [PATCH 3/3] =?UTF-8?q?=EB=B2=84=EC=A0=84=205.4.2.5=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 config.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config.php b/config.php
index 556a2cd5e..4c397323d 100644
--- a/config.php
+++ b/config.php
@@ -5,7 +5,7 @@
 ********************/
 
 define('G5_VERSION', '그누보드5');
-define('G5_GNUBOARD_VER', '5.4.2.4');
+define('G5_GNUBOARD_VER', '5.4.2.5');
 
 // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
 define('_GNUBOARD_', true);
