firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2019-0556, 0566 취약점 수정

Browse Source
This commit is contained in:
thisgun
2019-03-12 12:06:45 +09:00
parent a870fe3777
commit a844347c4c
3 changed files with 18 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/board_form.php
View File

@ -918,7 +918,7 @@ $pg_anchor = '<ul class="anchor">
<tr>
<th scope="row"><label for="bo_insert_content">글쓰기 기본 내용</label></th>
<td>
<textarea id="bo_insert_content" name="bo_insert_content" rows="5"><?php echo $board['bo_insert_content'] ?></textarea>
<textarea id="bo_insert_content" name="bo_insert_content" rows="5"><?php echo html_purifier($board['bo_insert_content']); ?></textarea>
</td>
<td class="td_grpset">
<input type="checkbox" name="chk_grp_insert_content" value="1" id="chk_grp_insert_content">

2
bbs/write.php
View File

@ -362,7 +362,7 @@ if (isset($write['wr_subject'])) {
$content = '';
if ($w == '') {
$content = $board['bo_insert_content'];
$content = html_purifier($board['bo_insert_content']);
} else if ($w == 'r') {
if (!strstr($write['wr_option'], 'html')) {
$content = "\n\n\n &gt; "

30
common.php
View File

@ -29,20 +29,22 @@ for ($i=0; $i<$ext_cnt; $i++) {
function g5_path()
{
$chroot = substr($_SERVER['SCRIPT_FILENAME'], 0, strpos($_SERVER['SCRIPT_FILENAME'], dirname(__FILE__)));
$result['path'] = str_replace('\\', '/', $chroot.dirname(__FILE__));
$tilde_remove = preg_replace('/^\/\~[^\/]+(.*)$/', '$1', $_SERVER['SCRIPT_NAME']);
$document_root = str_replace($tilde_remove, '', $_SERVER['SCRIPT_FILENAME']);
$pattern = '/' . preg_quote($document_root, '/') . '/i';
$root = preg_replace($pattern, '', $result['path']);
$port = ($_SERVER['SERVER_PORT'] == 80 || $_SERVER['SERVER_PORT'] == 443) ? '' : ':'.$_SERVER['SERVER_PORT'];
$http = 'http' . ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') ? 's' : '') . '://';
$user = str_replace(preg_replace($pattern, '', $_SERVER['SCRIPT_FILENAME']), '', $_SERVER['SCRIPT_NAME']);
$host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME'];
if(isset($_SERVER['HTTP_HOST']) && preg_match('/:[0-9]+$/', $host))
$host = preg_replace('/:[0-9]+$/', '', $host);
$host = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", '', $host);
$result['url'] = $http.$host.$port.$user.$root;
$chroot = substr($_SERVER['SCRIPT_FILENAME'], 0, strpos($_SERVER['SCRIPT_FILENAME'], dirname(__FILE__)));
$result['path'] = str_replace('\\', '/', $chroot.dirname(__FILE__));
$server_script_name = preg_replace('/\/+/', '/', str_replace('\\', '/', $_SERVER['SCRIPT_NAME']));
$server_script_filename = preg_replace('/\/+/', '/', str_replace('\\', '/', $_SERVER['SCRIPT_FILENAME']));
$tilde_remove = preg_replace('/^\/\~[^\/]+(.*)$/', '$1', $server_script_name);
$document_root = str_replace($tilde_remove, '', $server_script_filename);
$pattern = '/' . preg_quote($document_root, '/') . '/i';
$root = preg_replace($pattern, '', $result['path']);
$port = ($_SERVER['SERVER_PORT'] == 80 || $_SERVER['SERVER_PORT'] == 443) ? '' : ':'.$_SERVER['SERVER_PORT'];
$http = 'http' . ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') ? 's' : '') . '://';
$user = str_replace(preg_replace($pattern, '', $server_script_filename), '', $server_script_name);
$host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME'];
if(isset($_SERVER['HTTP_HOST']) && preg_match('/:[0-9]+$/', $host))
$host = preg_replace('/:[0-9]+$/', '', $host);
$host = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", '', $host);
$result['url'] = $http.$host.$port.$user.$root;
return $result;
}