firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

영카트 원격 코드 실행 취약점 수정 ( 17-0524,525 )

Browse Source
This commit is contained in:
thisgun
2017-09-06 20:17:53 +09:00
parent 9810fd7475
commit cd7d06e083
2 changed files with 19 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
shop/itemqaformupdate.php
View File

@ -90,14 +90,13 @@ else if ($w == "d")
else else
$data_path = $p['path']; $data_path = $p['path'];
if( end(explode('.', $data_path)) === 'php' ){ if( preg_match('/(gif|jpe?g|bmp|png)$/i', strtolower(end(explode('.', $data_path))) ) ){
continue;
$destfile = ( ! preg_match('/\w+\/\.\.\//', $data_path) ) ? G5_PATH.$data_path : '';
if($destfile && preg_match('/\/data\/editor\/[A-Za-z0-9_]{1,20}\//', $destfile) && is_file($destfile))
@unlink($destfile);
} }
$destfile = G5_PATH.$data_path;
if(preg_match('/\/data\/editor\/[A-Za-z0-9_]{1,20}\//', $destfile) && is_file($destfile))
@unlink($destfile);
} }
$imgs = get_editor_image($row['iq_answer'], $get_editor_img_mode); $imgs = get_editor_image($row['iq_answer'], $get_editor_img_mode);
@ -109,14 +108,13 @@ else if ($w == "d")
else else
$data_path = $p['path']; $data_path = $p['path'];
if( end(explode('.', $data_path)) === 'php' ){ if( preg_match('/(gif|jpe?g|bmp|png)$/i', strtolower(end(explode('.', $data_path))) ) ){
continue;
$destfile = ( ! preg_match('/\w+\/\.\.\//', $data_path) ) ? G5_PATH.$data_path : '';
if($destfile && preg_match('/\/data\/editor\/[A-Za-z0-9_]{1,20}\//', $destfile) && is_file($destfile))
@unlink($destfile);
} }
$destfile = G5_PATH.$data_path;
if(preg_match('/\/data\/editor\/[A-Za-z0-9_]{1,20}\//', $destfile) && is_file($destfile))
@unlink($destfile);
} }
$sql = " delete from {$g5['g5_shop_item_qa_table']} where iq_id = '$iq_id' and md5(concat(iq_id,iq_time,iq_ip)) = '{$hash}' "; $sql = " delete from {$g5['g5_shop_item_qa_table']} where iq_id = '$iq_id' and md5(concat(iq_id,iq_time,iq_ip)) = '{$hash}' ";

14
shop/itemuseformupdate.php
View File

@ -103,14 +103,14 @@ else if ($w == "d")
else else
$data_path = $p['path']; $data_path = $p['path'];
if( end(explode('.', $data_path)) === 'php' ){
continue; if( preg_match('/(gif|jpe?g|bmp|png)$/i', strtolower(end(explode('.', $data_path))) ) ){
$destfile = ( ! preg_match('/\w+\/\.\.\//', $data_path) ) ? G5_PATH.$data_path : '';
if($destfile && preg_match('/\/data\/editor\/[A-Za-z0-9_]{1,20}\//', $destfile) && is_file($destfile))
@unlink($destfile);
} }
$destfile = G5_PATH.$data_path;
if(preg_match('/\/data\/editor\/[A-Za-z0-9_]{1,20}\//', $destfile) && is_file($destfile))
@unlink($destfile);
} }
$sql = " delete from {$g5['g5_shop_item_use_table']} where is_id = '$is_id' and md5(concat(is_id,is_time,is_ip)) = '{$hash}' "; $sql = " delete from {$g5['g5_shop_item_use_table']} where is_id = '$is_id' and md5(concat(is_id,is_time,is_ip)) = '{$hash}' ";