취약점 수정 Some security vulnerabilities #43

2019-05-29 09:58:04 +09:00
parent 166727879a
commit b1ac49a738
3 changed files with 4 additions and 2 deletions
--- a/install/ajax.install.check.php
+++ b/install/ajax.install.check.php
@ -16,7 +16,7 @@ $mysql_host  = safe_install_string_check($_POST['mysql_host'], 'json');
 $mysql_user  = safe_install_string_check($_POST['mysql_user'], 'json');
 $mysql_pass  = safe_install_string_check($_POST['mysql_pass'], 'json');
 $mysql_db    = safe_install_string_check($_POST['mysql_db'], 'json');
-$table_prefix= safe_install_string_check($_POST['table_prefix']);
+$table_prefix= safe_install_string_check(preg_replace('/[^a-zA-Z0-9_]/', '_', $_POST['table_prefix']));

 $tmp_str = isset($_SERVER['SERVER_SOFTWARE']) ? $_SERVER['SERVER_SOFTWARE'] : '';
 $ajax_token = md5($tmp_str.$_SERVER['REMOTE_ADDR'].$_SERVER['DOCUMENT_ROOT']);