KVE-2018-1316 그누보드,영카트 취약점 수정

bbs/confirm.php

@@ -2,9 +2,9 @@
 include_once('./_common.php');
 include_once(G5_PATH.'/head.sub.php');
 
-$url1 = clean_xss_tags($url1);
-$url2 = clean_xss_tags($url2);
-$url3 = clean_xss_tags($url3);
+$url1 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url1));
+$url2 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url2));
+$url3 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url3));
 
 // url 체크
 check_url_host($url1);

bbs/member_confirm.php

@@ -24,10 +24,15 @@ include_once('./_head.sub.php');
 // url 체크
 check_url_host($url, '', G5_URL, true);
 
-if( preg_match('#^/{3,}#', $url) ){
-    $url = preg_replace('#^/{3,}#', '/', $url);
+if($url){
+    $url = preg_replace('#^/\\\{1,}#', '/', $url);
+
+    if( preg_match('#^/{3,}#', $url) ){
+        $url = preg_replace('#^/{3,}#', '/', $url);
+    }
 }
 
+
 $url = get_text($url);
 
 include_once($member_skin_path.'/member_confirm.skin.php');

lib/common.lib.php

@@ -2885,6 +2885,8 @@ function clean_xss_tags($str)
 {
     $str = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $str);
 
+    $str = str_replace(array('<script>','</script>','<noscript>','</noscript>'), '', $str);
+
     return $str;
 }