firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

XSS 취약점 패치 및 5.0.30버전 수정내역 적용

Browse Source
This commit is contained in:
chicpro
2015-02-09 09:57:32 +09:00
parent 7ef2029a31
commit b477c2e720
11 changed files with 27 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bbs/list.php
View File

@ -46,9 +46,15 @@ if ($sca || $stx) {
$sql_search .= " and (wr_num between {$spt} and ({$spt} + {$config['cf_search_part']})) "; $sql_search .= " and (wr_num between {$spt} and ({$spt} + {$config['cf_search_part']})) ";
// 원글만 얻는다. (코멘트의 내용도 검색하기 위함) // 원글만 얻는다. (코멘트의 내용도 검색하기 위함)
// 라엘님 제안 코드로 대체 http://sir.co.kr/bbs/board.php?bo_table=g5_bug&wr_id=2922
$sql = " SELECT COUNT(DISTINCT `wr_parent`) AS `cnt` FROM {$write_table} WHERE {$sql_search} ";
$row = sql_fetch($sql);
$total_count = $row['cnt'];
/*
$sql = " select distinct wr_parent from {$write_table} where {$sql_search} "; $sql = " select distinct wr_parent from {$write_table} where {$sql_search} ";
$result = sql_query($sql); $result = sql_query($sql);
$total_count = mysql_num_rows($result); $total_count = mysql_num_rows($result);
*/
} else { } else {
$sql_search = ""; $sql_search = "";

2
bbs/move.php
View File

@ -51,6 +51,8 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
<input type="hidden" name="sfl" value="<?php echo $sfl ?>"> <input type="hidden" name="sfl" value="<?php echo $sfl ?>">
<input type="hidden" name="stx" value="<?php echo $stx ?>"> <input type="hidden" name="stx" value="<?php echo $stx ?>">
<input type="hidden" name="spt" value="<?php echo $spt ?>"> <input type="hidden" name="spt" value="<?php echo $spt ?>">
<input type="hidden" name="sst" value="<?php echo $sst ?>">
<input type="hidden" name="sod" value="<?php echo $sod ?>">
<input type="hidden" name="page" value="<?php echo $page ?>"> <input type="hidden" name="page" value="<?php echo $page ?>">
<input type="hidden" name="act" value="<?php echo $act ?>"> <input type="hidden" name="act" value="<?php echo $act ?>">
<input type="hidden" name="url" value="<?php echo $_SERVER['HTTP_REFERER'] ?>"> <input type="hidden" name="url" value="<?php echo $_SERVER['HTTP_REFERER'] ?>">

5
bbs/move_update.php
View File

@ -196,13 +196,14 @@ if ($sw == 'move')
} }
$msg = '해당 게시물을 선택한 게시판으로 '.$act.' 하였습니다.'; $msg = '해당 게시물을 선택한 게시판으로 '.$act.' 하였습니다.';
$opener_href = './board.php?bo_table='.$bo_table.'&amp;page='.$page.'&amp;'.$qstr; $opener_href = './board.php?bo_table='.$bo_table.'&amp;page='.$page.'&amp;'.$qstr;
$opener_href1 = str_replace('&amp;', '&', $opener_href);
echo <<<HEREDOC echo <<<HEREDOC
<meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta http-equiv="content-type" content="text/html; charset=utf-8">
<script> <script>
alert("$msg"); alert("$msg");
opener.document.location.href = "$opener_href"; opener.document.location.href = "$opener_href1";
window.close(); window.close();
</script> </script>
<noscript> <noscript>

2
bbs/visit_insert.inc.php
View File

@ -13,7 +13,7 @@ if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR'])
$remote_addr = escape_trim($_SERVER['REMOTE_ADDR']); $remote_addr = escape_trim($_SERVER['REMOTE_ADDR']);
$referer = ""; $referer = "";
if (isset($_SERVER['HTTP_REFERER'])) if (isset($_SERVER['HTTP_REFERER']))
$referer = escape_trim($_SERVER['HTTP_REFERER']); $referer = escape_trim(clean_xss_tags($_SERVER['HTTP_REFERER']));
$user_agent = escape_trim($_SERVER['HTTP_USER_AGENT']); $user_agent = escape_trim($_SERVER['HTTP_USER_AGENT']);
$sql = " insert {$g5['visit_table']} ( vi_id, vi_ip, vi_date, vi_time, vi_referer, vi_agent ) values ( '{$vi_id}', '{$remote_addr}', '".G5_TIME_YMD."', '".G5_TIME_HIS."', '{$referer}', '{$user_agent}' ) "; $sql = " insert {$g5['visit_table']} ( vi_id, vi_ip, vi_date, vi_time, vi_referer, vi_agent ) values ( '{$vi_id}', '{$remote_addr}', '".G5_TIME_YMD."', '".G5_TIME_HIS."', '{$referer}', '{$user_agent}' ) ";

2
head.php
View File

@ -11,7 +11,7 @@ include_once(G5_LIB_PATH.'/popular.lib.php');
// 상단 파일 경로 지정 : 이 코드는 가능한 삭제하지 마십시오. // 상단 파일 경로 지정 : 이 코드는 가능한 삭제하지 마십시오.
if ($config['cf_include_head'] && is_file(G5_PATH.'/'.$config['cf_include_head'])) { if ($config['cf_include_head'] && is_file(G5_PATH.'/'.$config['cf_include_head'])) {
include_once($config['cf_include_head']); include_once(G5_PATH.'/'.$config['cf_include_head']);
return; // 이 코드의 아래는 실행을 하지 않습니다. return; // 이 코드의 아래는 실행을 하지 않습니다.
} }

2
index.php
View File

@ -4,7 +4,7 @@ include_once('./_common.php');
// 초기화면 파일 경로 지정 : 이 코드는 가능한 삭제하지 마십시오. // 초기화면 파일 경로 지정 : 이 코드는 가능한 삭제하지 마십시오.
if ($config['cf_include_index'] && is_file(G5_PATH.'/'.$config['cf_include_index'])) { if ($config['cf_include_index'] && is_file(G5_PATH.'/'.$config['cf_include_index'])) {
include_once($config['cf_include_index']); include_once(G5_PATH.'/'.$config['cf_include_index']);
return; // 이 코드의 아래는 실행을 하지 않습니다. return; // 이 코드의 아래는 실행을 하지 않습니다.
} }

4
mobile/skin/board/basic/list.skin.php
View File

@ -44,6 +44,8 @@ add_stylesheet('<link rel="stylesheet" href="'.$board_skin_url.'/style.css">', 0
<input type="hidden" name="sfl" value="<?php echo $sfl ?>"> <input type="hidden" name="sfl" value="<?php echo $sfl ?>">
<input type="hidden" name="stx" value="<?php echo $stx ?>"> <input type="hidden" name="stx" value="<?php echo $stx ?>">
<input type="hidden" name="spt" value="<?php echo $spt ?>"> <input type="hidden" name="spt" value="<?php echo $spt ?>">
<input type="hidden" name="sst" value="<?php echo $sst ?>">
<input type="hidden" name="sod" value="<?php echo $sod ?>">
<input type="hidden" name="page" value="<?php echo $page ?>"> <input type="hidden" name="page" value="<?php echo $page ?>">
<input type="hidden" name="sw" value=""> <input type="hidden" name="sw" value="">
@ -151,7 +153,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$board_skin_url.'/style.css">', 0
<option value="wr_name,1"<?php echo get_selected($sfl, 'wr_name,1'); ?>>글쓴이</option> <option value="wr_name,1"<?php echo get_selected($sfl, 'wr_name,1'); ?>>글쓴이</option>
<option value="wr_name,0"<?php echo get_selected($sfl, 'wr_name,0'); ?>>글쓴이(코)</option> <option value="wr_name,0"<?php echo get_selected($sfl, 'wr_name,0'); ?>>글쓴이(코)</option>
</select> </select>
<input name="stx" value="<?php echo stripslashes($stx) ?>" placeholder="검색어(필수)" required id="stx" class="required frm_input" size="15" maxlength="15"> <input name="stx" value="<?php echo stripslashes($stx) ?>" placeholder="검색어(필수)" required id="stx" class="required frm_input" size="15" maxlength="20">
<input type="submit" value="검색" class="btn_submit"> <input type="submit" value="검색" class="btn_submit">
</form> </form>
</fieldset> </fieldset>

4
mobile/skin/board/gallery/list.skin.php
View File

@ -42,6 +42,8 @@ add_stylesheet('<link rel="stylesheet" href="'.$board_skin_url.'/style.css">', 0
<input type="hidden" name="sfl" value="<?php echo $sfl ?>"> <input type="hidden" name="sfl" value="<?php echo $sfl ?>">
<input type="hidden" name="stx" value="<?php echo $stx ?>"> <input type="hidden" name="stx" value="<?php echo $stx ?>">
<input type="hidden" name="spt" value="<?php echo $spt ?>"> <input type="hidden" name="spt" value="<?php echo $spt ?>">
<input type="hidden" name="sst" value="<?php echo $sst ?>">
<input type="hidden" name="sod" value="<?php echo $sod ?>">
<input type="hidden" name="page" value="<?php echo $page ?>"> <input type="hidden" name="page" value="<?php echo $page ?>">
<input type="hidden" name="sw" value=""> <input type="hidden" name="sw" value="">
@ -178,7 +180,7 @@ $(window).on("load", function() {
<option value="wr_name,1"<?php echo get_selected($sfl, "wr_name,1"); ?>>글쓴이</option> <option value="wr_name,1"<?php echo get_selected($sfl, "wr_name,1"); ?>>글쓴이</option>
<option value="wr_name,0"<?php echo get_selected($sfl, "wr_name,0"); ?>>글쓴이(코)</option> <option value="wr_name,0"<?php echo get_selected($sfl, "wr_name,0"); ?>>글쓴이(코)</option>
</select> </select>
<input name="stx" value="<?php echo stripslashes($stx) ?>" placeholder="검색어(필수)" required id="stx" class="required" size="15" maxlength="15"> <input name="stx" value="<?php echo stripslashes($stx) ?>" placeholder="검색어(필수)" required id="stx" class="required" size="15" maxlength="20">
<input type="submit" value="검색"> <input type="submit" value="검색">
</form> </form>
</fieldset> </fieldset>

4
skin/board/basic/list.skin.php
View File

@ -51,6 +51,8 @@ add_stylesheet('<link rel="stylesheet" href="'.$board_skin_url.'/style.css">', 0
<input type="hidden" name="stx" value="<?php echo $stx ?>"> <input type="hidden" name="stx" value="<?php echo $stx ?>">
<input type="hidden" name="spt" value="<?php echo $spt ?>"> <input type="hidden" name="spt" value="<?php echo $spt ?>">
<input type="hidden" name="sca" value="<?php echo $sca ?>"> <input type="hidden" name="sca" value="<?php echo $sca ?>">
<input type="hidden" name="sst" value="<?php echo $sst ?>">
<input type="hidden" name="sod" value="<?php echo $sod ?>">
<input type="hidden" name="page" value="<?php echo $page ?>"> <input type="hidden" name="page" value="<?php echo $page ?>">
<input type="hidden" name="sw" value=""> <input type="hidden" name="sw" value="">
@ -181,7 +183,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$board_skin_url.'/style.css">', 0
<option value="wr_name,0"<?php echo get_selected($sfl, 'wr_name,0'); ?>>글쓴이(코)</option> <option value="wr_name,0"<?php echo get_selected($sfl, 'wr_name,0'); ?>>글쓴이(코)</option>
</select> </select>
<label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label> <label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
<input type="text" name="stx" value="<?php echo stripslashes($stx) ?>" required id="stx" class="frm_input required" size="15" maxlength="15"> <input type="text" name="stx" value="<?php echo stripslashes($stx) ?>" required id="stx" class="frm_input required" size="15" maxlength="20">
<input type="submit" value="검색" class="btn_submit"> <input type="submit" value="검색" class="btn_submit">
</form> </form>
</fieldset> </fieldset>

4
skin/board/gallery/list.skin.php
View File

@ -40,6 +40,8 @@ add_stylesheet('<link rel="stylesheet" href="'.$board_skin_url.'/style.css">', 0
<input type="hidden" name="sfl" value="<?php echo $sfl ?>"> <input type="hidden" name="sfl" value="<?php echo $sfl ?>">
<input type="hidden" name="stx" value="<?php echo $stx ?>"> <input type="hidden" name="stx" value="<?php echo $stx ?>">
<input type="hidden" name="spt" value="<?php echo $spt ?>"> <input type="hidden" name="spt" value="<?php echo $spt ?>">
<input type="hidden" name="sst" value="<?php echo $sst ?>">
<input type="hidden" name="sod" value="<?php echo $sod ?>">
<input type="hidden" name="page" value="<?php echo $page ?>"> <input type="hidden" name="page" value="<?php echo $page ?>">
<input type="hidden" name="sw" value=""> <input type="hidden" name="sw" value="">
@ -175,7 +177,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$board_skin_url.'/style.css">', 0
<option value="wr_name,0"<?php echo get_selected($sfl, 'wr_name,0'); ?>>글쓴이(코)</option> <option value="wr_name,0"<?php echo get_selected($sfl, 'wr_name,0'); ?>>글쓴이(코)</option>
</select> </select>
<label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label> <label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
<input type="text" name="stx" value="<?php echo stripslashes($stx) ?>" required id="stx" class="frm_input required" size="15" maxlength="15"> <input type="text" name="stx" value="<?php echo stripslashes($stx) ?>" required id="stx" class="frm_input required" size="15" maxlength="20">
<input type="submit" value="검색" class="btn_submit"> <input type="submit" value="검색" class="btn_submit">
</form> </form>
</fieldset> </fieldset>

2
tail.php
View File

@ -3,7 +3,7 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
// 하단 파일 경로 지정 : 이 코드는 가능한 삭제하지 마십시오. // 하단 파일 경로 지정 : 이 코드는 가능한 삭제하지 마십시오.
if ($config['cf_include_tail'] && is_file(G5_PATH.'/'.$config['cf_include_tail'])) { if ($config['cf_include_tail'] && is_file(G5_PATH.'/'.$config['cf_include_tail'])) {
include_once($config['cf_include_tail']); include_once(G5_PATH.'/'.$config['cf_include_tail']);
return; // 이 코드의 아래는 실행을 하지 않습니다. return; // 이 코드의 아래는 실행을 하지 않습니다.
} }