firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2018-1316 그누보드,영카트 취약점 수정

Browse Source
This commit is contained in:
thisgun
2018-11-16 17:54:57 +09:00
parent ccba200fbd
commit bc5779fafb
3 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bbs/confirm.php
View File

@ -2,9 +2,9 @@
include_once('./_common.php'); include_once('./_common.php');
include_once(G5_PATH.'/head.sub.php'); include_once(G5_PATH.'/head.sub.php');
$url1 = clean_xss_tags($url1); $url1 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url1));
$url2 = clean_xss_tags($url2); $url2 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url2));
$url3 = clean_xss_tags($url3); $url3 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url3));
// url 체크 // url 체크
check_url_host($url1); check_url_host($url1);

9
bbs/member_confirm.php
View File

@ -24,10 +24,15 @@ include_once('./_head.sub.php');
// url 체크 // url 체크
check_url_host($url, '', G5_URL, true); check_url_host($url, '', G5_URL, true);
if( preg_match('#^/{3,}#', $url) ){ if($url){
$url = preg_replace('#^/{3,}#', '/', $url); $url = preg_replace('#^/\\\{1,}#', '/', $url);
if( preg_match('#^/{3,}#', $url) ){
$url = preg_replace('#^/{3,}#', '/', $url);
}
} }
$url = get_text($url); $url = get_text($url);
include_once($member_skin_path.'/member_confirm.skin.php'); include_once($member_skin_path.'/member_confirm.skin.php');

2
lib/common.lib.php
View File

@ -2885,6 +2885,8 @@ function clean_xss_tags($str)
{ {
$str = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $str); $str = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $str);
$str = str_replace(array('<script>','</script>','<noscript>','</noscript>'), '', $str);
return $str; return $str;
} }