firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2018-1316 그누보드,영카트 취약점 수정

Browse Source
This commit is contained in:
thisgun
2018-11-16 17:54:57 +09:00
parent ccba200fbd
commit bc5779fafb
3 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bbs/confirm.php
View File

@ -2,9 +2,9 @@
include_once('./_common.php');
include_once(G5_PATH.'/head.sub.php');
$url1 = clean_xss_tags($url1);
$url2 = clean_xss_tags($url2);
$url3 = clean_xss_tags($url3);
$url1 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url1));
$url2 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url2));
$url3 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url3));
// url 체크
check_url_host($url1);

9
bbs/member_confirm.php
View File

@ -24,10 +24,15 @@ include_once('./_head.sub.php');
// url 체크
check_url_host($url, '', G5_URL, true);
if( preg_match('#^/{3,}#', $url) ){
$url = preg_replace('#^/{3,}#', '/', $url);
if($url){
$url = preg_replace('#^/\\\{1,}#', '/', $url);
if( preg_match('#^/{3,}#', $url) ){
$url = preg_replace('#^/{3,}#', '/', $url);
}
}
$url = get_text($url);
include_once($member_skin_path.'/member_confirm.skin.php');