firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2020-0785, 0788] 타 아이디가 에디터 업로드 된 이미지 삭제 가능 취약점 수정

Browse Source
This commit is contained in:
thisgun
2020-11-20 16:51:02 +09:00
parent 02b085b4be
commit afc8adf737
2 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
plugin/editor/cheditor5/imageUpload/config.php
View File

@ -30,8 +30,14 @@ define("SAVE_DIR", $data_dir);
define("SAVE_URL", $data_url); define("SAVE_URL", $data_url);
function che_get_user_id() { function che_get_user_id() {
@session_start(); global $member;
return session_id();
if(session_id() == '') {
@session_start();
}
$add_str = (isset($member['mb_id']) && $member['mb_id']) ? $member['mb_id'] : '';
return session_id().$add_str;
} }
function che_get_file_passname(){ function che_get_file_passname(){

14
plugin/editor/smarteditor2/photo_uploader/popup/php/UploadHandler.php
View File

@ -215,14 +215,20 @@ class UploadHandler
substr($_SERVER['SCRIPT_NAME'],0, strrpos($_SERVER['SCRIPT_NAME'], '/')); substr($_SERVER['SCRIPT_NAME'],0, strrpos($_SERVER['SCRIPT_NAME'], '/'));
} }
protected function get_user_id() { protected function get_user_id($is_add=true) {
@session_start(); global $member;
return session_id();
if(session_id() == '') {
@session_start();
}
$add_str = ($is_add && isset($member['mb_id']) && $member['mb_id']) ? $member['mb_id'] : '';
return session_id().$add_str;
} }
protected function get_user_path() { protected function get_user_path() {
if ($this->options['user_dirs']) { if ($this->options['user_dirs']) {
return $this->get_user_id().'/'; return $this->get_user_id(false).'/';
} }
return ''; return '';
} }