KVE-2018-0441,0449,0510 그누보드 영카트 다중 취약점 수정

2018-08-17 14:45:04 +09:00
parent a7a8f45301
commit c03fec73b9
7 changed files with 31 additions and 24 deletions
--- a/bbs/member_confirm.php
+++ b/bbs/member_confirm.php
@ -24,6 +24,10 @@ $url = clean_xss_tags($_GET['url']);
 // url 체크
 check_url_host($url, '', G5_URL, true);

+if( preg_match('#^/{3,}#', $url) ){
+    $url = preg_replace('#^/{3,}#', '/', $url);
+}
+
 $url = get_text($url);

 include_once($member_skin_path.'/member_confirm.skin.php');