firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2018-0441,0449,0510 그누보드 영카트 다중 취약점 수정

Browse Source
This commit is contained in:
thisgun
2018-08-17 14:45:04 +09:00
parent a7a8f45301
commit c03fec73b9
7 changed files with 31 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/common.lib.php
View File

@ -3269,7 +3269,7 @@ class str_encrypt
function __construct($salt='')
{
if(!$salt)
$this->salt = md5(preg_replace('/[^0-9A-Za-z]/', substr(G5_MYSQL_USER, -1), G5_MYSQL_PASSWORD));
$this->salt = md5(preg_replace('/[^0-9A-Za-z]/', substr(G5_MYSQL_USER, -1), $_SERVER['SERVER_SOFTWARE'].$_SERVER['DOCUMENT_ROOT']));
else
$this->salt = $salt;
@ -3438,7 +3438,7 @@ function is_include_path_check($path='', $is_input='')
if( $path ){
if ($is_input){
if( stripos($path, 'php://') !== false || stripos($path, 'zlib://') !== false || stripos($path, 'bzip2://') !== false || stripos($path, 'zip://') !== false || stripos($path, 'data:text/') !== false || stripos($path, 'data://') !== false ){
if( stripos($path, 'php:') !== false || stripos($path, 'zlib:') !== false || stripos($path, 'bzip2:') !== false || stripos($path, 'zip:') !== false || stripos($path, 'data:') !== false || stripos($path, 'phar:') !== false ){
return false;
}
@ -3478,7 +3478,7 @@ function is_include_path_check($path='', $is_input='')
return false;
}
if( preg_match('/\/data\/(file|editor|qa|cache|member|member_image|session|tmp)\/[A-Za-z0-9_]{1,20}\//i', $path) ){
if( preg_match('/\/data\/(file|editor|qa|cache|member|member_image|session|tmp)\/[A-Za-z0-9_]{1,20}\//i', str_replace('\\', '/', $path)) ){
return false;
}
}