firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2020-0115,0120]그누보드RCE및XSS취약점수정

Browse Source
This commit is contained in:
thisgun
2020-03-03 18:41:45 +09:00
parent 1395a8f338
commit b28796dd28
2 changed files with 19 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
adm/faqlist.php
View File

@ -68,15 +68,17 @@ $result = sql_query($sql);
$num = $i + 1;
$bg = 'bg'.($i%2);
$fa_subject = conv_content($row['fa_subject'], 1);
?>
<tr class="<?php echo $bg; ?>">
<td class="td_num"><?php echo $num; ?></td>
<td class="td_left"><?php echo stripslashes($row['fa_subject']); ?></td>
<td class="td_left"><?php echo $fa_subject; ?></td>
<td class="td_num"><?php echo $row['fa_order']; ?></td>
<td class="td_mng td_mng_m">
<a href="./faqform.php?w=u&amp;fm_id=<?php echo $row['fm_id']; ?>&amp;fa_id=<?php echo $row['fa_id']; ?>" class="btn btn_03"><span class="sound_only"><?php echo stripslashes($row['fa_subject']); ?> </span>수정</a>
<a href="./faqformupdate.php?w=d&amp;fm_id=<?php echo $row['fm_id']; ?>&amp;fa_id=<?php echo $row['fa_id']; ?>" onclick="return delete_confirm(this);" class="btn btn_02"><span class="sound_only"><?php echo stripslashes($row['fa_subject']); ?> </span>삭제</a>
<a href="./faqform.php?w=u&amp;fm_id=<?php echo $row['fm_id']; ?>&amp;fa_id=<?php echo $row['fa_id']; ?>" class="btn btn_03"><span class="sound_only"><?php echo $fa_subject; ?> </span>수정</a>
<a href="./faqformupdate.php?w=d&amp;fm_id=<?php echo $row['fm_id']; ?>&amp;fa_id=<?php echo $row['fa_id']; ?>" onclick="return delete_confirm(this);" class="btn btn_02"><span class="sound_only"><?php echo $fa_subject; ?> </span>삭제</a>
</td>
</tr>

19
lib/Cache/FileCache.class.php
View File

@ -67,8 +67,14 @@ class FileCache
{
return FALSE;
}
$data = unserialize(file_get_contents( $cache_file_path ));
try{
$file_contents = file_get_contents($cache_file_path);
$file_ex = explode("\n\n", $file_contents);
$data = unserialize(base64_decode($file_ex[1]));
} catch(Exception $e){
$data = array('ttl'=>1, 'time'=>time() - 1000);
}
if ($data['ttl'] > 0 && time() > $data['time'] + $data['ttl'])
{
@ -135,7 +141,10 @@ class FileCache
'data' => $data
);
if ($this->write_file($cache_file_path, serialize($contents)))
$cache_content = "<?php if (!defined('_GNUBOARD_')) exit; ?>\n\n";
$cache_content .= base64_encode(serialize($contents));
if ($this->write_file($cache_file_path, $cache_content))
{
chmod($cache_file_path, G5_FILE_PERMISSION);
return TRUE;
@ -167,7 +176,7 @@ class FileCache
if ($ttl !== null) {
$expire = time() + $ttl;
}
return serialize(array($data, $expire));
return base64_encode(serialize(array($data, $expire)));
}
/**
@ -181,7 +190,7 @@ class FileCache
*/
public function decode($data)
{
return unserialize($data);
return unserialize(base64_decode($data));
}
}
?>