From 458aecdf7b1f1245add1c47df990c703429d6afd Mon Sep 17 00:00:00 2001 From: chicpro Date: Fri, 5 Jun 2015 11:53:27 +0900 Subject: [PATCH 1/4] =?UTF-8?q?url=20=EB=B3=80=EC=88=98=20=EC=B2=B4?= =?UTF-8?q?=ED=81=AC=20=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/member_confirm.php | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/bbs/member_confirm.php b/bbs/member_confirm.php index d55c6d14a..e3f1e9ab6 100644 --- a/bbs/member_confirm.php +++ b/bbs/member_confirm.php @@ -16,12 +16,8 @@ include_once('./_head.sub.php'); $url = $_GET['url']; -$p = parse_url($url); -if ((isset($p['scheme']) && $p['scheme']) || (isset($p['host']) && $p['host'])) { - //print_r2($p); - if ($p['host'].(isset($p['port']) ? ':'.$p['port'] : '') != $_SERVER['HTTP_HOST']) - alert('url에 타 도메인을 지정할 수 없습니다.'); -} +// url 체크 +check_url_host($url); include_once($member_skin_path.'/member_confirm.skin.php'); From ab30d5981d1e0cec4fe9c823ebfff46c2bf2a16a Mon Sep 17 00:00:00 2001 From: chicpro Date: Fri, 5 Jun 2015 11:53:42 +0900 Subject: [PATCH 2/4] =?UTF-8?q?=EB=AA=A8=EB=B0=94=EC=9D=BC=20=ED=9A=8C?= =?UTF-8?q?=EC=9B=90=ED=83=88=ED=87=B4=20=EB=B9=84=EB=B0=80=EB=B2=88?= =?UTF-8?q?=ED=98=B8=20=ED=99=95=EC=9D=B8=20=EB=AC=B8=EA=B5=AC=20=EB=B3=80?= =?UTF-8?q?=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- mobile/skin/member/basic/member_confirm.skin.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mobile/skin/member/basic/member_confirm.skin.php b/mobile/skin/member/basic/member_confirm.skin.php index 467b801e0..76978b193 100644 --- a/mobile/skin/member/basic/member_confirm.skin.php +++ b/mobile/skin/member/basic/member_confirm.skin.php @@ -10,7 +10,11 @@ add_stylesheet('',

비밀번호를 한번 더 입력해주세요. + + 비밀번호를 입력하시면 회원탈퇴가 완료됩니다. + 회원님의 정보를 안전하게 보호하기 위해 비밀번호를 한번 더 확인합니다. +

From 1a2f4251ed235076d665a73fb4a3bbf743d523cc Mon Sep 17 00:00:00 2001 From: chicpro Date: Wed, 10 Jun 2015 13:54:53 +0900 Subject: [PATCH 3/4] =?UTF-8?q?Reflected=20XSS=20=EC=B7=A8=EC=95=BD?= =?UTF-8?q?=EC=A0=90=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/sms_admin/form_write.php | 2 +- adm/sms_admin/num_book.php | 2 +- adm/sms_admin/num_book_write.php | 2 +- bbs/download.php | 4 +- lib/common.lib.php | 84 +++++++++++++++++++ mobile/skin/board/basic/view_comment.skin.php | 2 +- .../skin/board/gallery/view_comment.skin.php | 2 +- skin/board/basic/view_comment.skin.php | 2 +- skin/board/gallery/view_comment.skin.php | 2 +- 9 files changed, 93 insertions(+), 9 deletions(-) diff --git a/adm/sms_admin/form_write.php b/adm/sms_admin/form_write.php index 603bd2c03..a8a8816cd 100644 --- a/adm/sms_admin/form_write.php +++ b/adm/sms_admin/form_write.php @@ -145,7 +145,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
- 목록 + 목록
diff --git a/adm/sms_admin/num_book.php b/adm/sms_admin/num_book.php index 1e31e18b5..9813ea938 100644 --- a/adm/sms_admin/num_book.php +++ b/adm/sms_admin/num_book.php @@ -142,7 +142,7 @@ function no_hp_click(val) - +
diff --git a/adm/sms_admin/num_book_write.php b/adm/sms_admin/num_book_write.php index 7bfe367c5..68bf45bbd 100644 --- a/adm/sms_admin/num_book_write.php +++ b/adm/sms_admin/num_book_write.php @@ -130,7 +130,7 @@ include_once(G5_ADMIN_PATH."/admin.head.php");
- 목록 + 목록
diff --git a/bbs/download.php b/bbs/download.php index e83a21e69..c94923db0 100644 --- a/bbs/download.php +++ b/bbs/download.php @@ -25,8 +25,8 @@ if (!$file['bf_file']) // JavaScript 불가일 때 if($js != 'on' && $board['bo_download_point'] < 0) { $msg = $file['bf_source'].' 파일을 다운로드 하시면 포인트가 차감('.number_format($board['bo_download_point']).'점)됩니다.\\n포인트는 게시물당 한번만 차감되며 다음에 다시 다운로드 하셔도 중복하여 차감하지 않습니다.\\n그래도 다운로드 하시겠습니까?'; - $url1 = G5_BBS_URL.'/download.php?'.$_SERVER['QUERY_STRING'].'&js=on'; - $url2 = $_SERVER['HTTP_REFERER']; + $url1 = G5_BBS_URL.'/download.php?'.clean_query_string($_SERVER['QUERY_STRING']).'&js=on'; + $url2 = clean_xss_tags($_SERVER['HTTP_REFERER']); //$url1 = 확인link, $url2=취소link // 특정주소로 이동시키려면 $url3 이용 diff --git a/lib/common.lib.php b/lib/common.lib.php index cf28863a3..5ee99b547 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -2869,4 +2869,88 @@ function check_url_host($url, $msg='', $return_url=G5_URL) } } } + +// QUERY STRING 에 포함된 XSS 태그 제거 +function clean_query_string($query, $amp=true) +{ + $qstr = trim($query); + + parse_str($qstr, $out); + + if(is_array($out)) { + $q = array(); + + foreach($out as $key=>$val) { + $key = trim($key); + $val = trim($val); + + switch($key) { + case 'wr_id': + $val = (int)preg_replace('/[^0-9]/', '', $val); + $q[$key] = $val; + break; + case 'sca': + $val = clean_xss_tags($val); + $q[$key] = $val; + break; + case 'sfl': + $val = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\s]/", "", $val); + $q[$key] = $val; + break; + case 'stx': + $val = get_search_string($val); + $q[$key] = $val; + break; + case 'sst': + $val = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\s]/", "", $val); + $q[$key] = $val; + break; + case 'sod': + $val = preg_match("/^(asc|desc)$/i", $val) ? $val : ''; + $q[$key] = $val; + break; + case 'sop': + $val = preg_match("/^(or|and)$/i", $val) ? $val : ''; + $q[$key] = $val; + break; + case 'spt': + $val = (int)preg_replace('/[^0-9]/', '', $val); + $q[$key] = $val; + break; + case 'page': + $val = (int)preg_replace('/[^0-9]/', '', $val); + $q[$key] = $val; + break; + case 'w': + $val = substr($val, 0, 2); + $q[$key] = $val; + break; + case 'bo_table': + $val = preg_replace('/[^a-z0-9_]/i', '', $val); + $val = substr($val, 0, 20); + $q[$key] = $val; + break; + case 'gr_id': + $val = preg_replace('/[^a-z0-9_]/i', '', $val); + $q[$key] = $val; + break; + default: + $val = clean_xss_tags($val); + $q[$key] = $val; + break; + } + } + + if($amp) + $sep = '&'; + else + $sep ='&'; + + $str = http_build_query($q, '', $sep); + } else { + $str = clean_xss_tags($qstr); + } + + return $str; +} ?> \ No newline at end of file diff --git a/mobile/skin/board/basic/view_comment.skin.php b/mobile/skin/board/basic/view_comment.skin.php index d3aa7fe05..c6984f652 100644 --- a/mobile/skin/board/basic/view_comment.skin.php +++ b/mobile/skin/board/basic/view_comment.skin.php @@ -50,7 +50,7 @@ var char_max = parseInt(); // 최대 ); // 최대 ); // 최대 ); // 최대 Date: Thu, 11 Jun 2015 09:52:12 +0900 Subject: [PATCH 4/4] =?UTF-8?q?=EB=B2=84=EC=A0=84=EB=B3=80=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.php b/config.php index eb5140099..613073dbb 100644 --- a/config.php +++ b/config.php @@ -5,7 +5,7 @@ ********************/ define('G5_VERSION', '그누보드5'); -define('G5_GNUBOARD_VER', '5.0.35'); +define('G5_GNUBOARD_VER', '5.0.36'); // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음 define('_GNUBOARD_', true);