KVE-2018-1316 그누보드,영카트 취약점 수정

bbs/member_confirm.php

@@ -24,10 +24,15 @@ include_once('./_head.sub.php');
 // url 체크
 check_url_host($url, '', G5_URL, true);
 
-if( preg_match('#^/{3,}#', $url) ){
-    $url = preg_replace('#^/{3,}#', '/', $url);
+if($url){
+    $url = preg_replace('#^/\\\{1,}#', '/', $url);
+
+    if( preg_match('#^/{3,}#', $url) ){
+        $url = preg_replace('#^/{3,}#', '/', $url);
+    }
 }
 
+
 $url = get_text($url);
 
 include_once($member_skin_path.'/member_confirm.skin.php');