firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2020-0115,0120]그누보드RCE및XSS취약점수정

Browse Source
This commit is contained in:
thisgun
2020-03-03 18:41:45 +09:00
parent 1395a8f338
commit b28796dd28
2 changed files with 19 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
adm/faqlist.php
View File

@ -68,15 +68,17 @@ $result = sql_query($sql);
$num = $i + 1; $num = $i + 1;
$bg = 'bg'.($i%2); $bg = 'bg'.($i%2);
$fa_subject = conv_content($row['fa_subject'], 1);
?> ?>
<tr class="<?php echo $bg; ?>"> <tr class="<?php echo $bg; ?>">
<td class="td_num"><?php echo $num; ?></td> <td class="td_num"><?php echo $num; ?></td>
<td class="td_left"><?php echo stripslashes($row['fa_subject']); ?></td> <td class="td_left"><?php echo $fa_subject; ?></td>
<td class="td_num"><?php echo $row['fa_order']; ?></td> <td class="td_num"><?php echo $row['fa_order']; ?></td>
<td class="td_mng td_mng_m"> <td class="td_mng td_mng_m">
<a href="./faqform.php?w=u&amp;fm_id=<?php echo $row['fm_id']; ?>&amp;fa_id=<?php echo $row['fa_id']; ?>" class="btn btn_03"><span class="sound_only"><?php echo stripslashes($row['fa_subject']); ?> </span>수정</a> <a href="./faqform.php?w=u&amp;fm_id=<?php echo $row['fm_id']; ?>&amp;fa_id=<?php echo $row['fa_id']; ?>" class="btn btn_03"><span class="sound_only"><?php echo $fa_subject; ?> </span>수정</a>
<a href="./faqformupdate.php?w=d&amp;fm_id=<?php echo $row['fm_id']; ?>&amp;fa_id=<?php echo $row['fa_id']; ?>" onclick="return delete_confirm(this);" class="btn btn_02"><span class="sound_only"><?php echo stripslashes($row['fa_subject']); ?> </span>삭제</a> <a href="./faqformupdate.php?w=d&amp;fm_id=<?php echo $row['fm_id']; ?>&amp;fa_id=<?php echo $row['fa_id']; ?>" onclick="return delete_confirm(this);" class="btn btn_02"><span class="sound_only"><?php echo $fa_subject; ?> </span>삭제</a>
</td> </td>
</tr> </tr>

17
lib/Cache/FileCache.class.php
View File

@ -68,7 +68,13 @@ class FileCache
return FALSE; return FALSE;
} }
$data = unserialize(file_get_contents( $cache_file_path )); try{
$file_contents = file_get_contents($cache_file_path);
$file_ex = explode("\n\n", $file_contents);
$data = unserialize(base64_decode($file_ex[1]));
} catch(Exception $e){
$data = array('ttl'=>1, 'time'=>time() - 1000);
}
if ($data['ttl'] > 0 && time() > $data['time'] + $data['ttl']) if ($data['ttl'] > 0 && time() > $data['time'] + $data['ttl'])
{ {
@ -135,7 +141,10 @@ class FileCache
'data' => $data 'data' => $data
); );
if ($this->write_file($cache_file_path, serialize($contents))) $cache_content = "<?php if (!defined('_GNUBOARD_')) exit; ?>\n\n";
$cache_content .= base64_encode(serialize($contents));
if ($this->write_file($cache_file_path, $cache_content))
{ {
chmod($cache_file_path, G5_FILE_PERMISSION); chmod($cache_file_path, G5_FILE_PERMISSION);
return TRUE; return TRUE;
@ -167,7 +176,7 @@ class FileCache
if ($ttl !== null) { if ($ttl !== null) {
$expire = time() + $ttl; $expire = time() + $ttl;
} }
return serialize(array($data, $expire)); return base64_encode(serialize(array($data, $expire)));
} }
/** /**
@ -181,7 +190,7 @@ class FileCache
*/ */
public function decode($data) public function decode($data)
{ {
return unserialize($data); return unserialize(base64_decode($data));
} }
} }
?> ?>