그누보드 원격 취약점 17-259 수정

2017-06-13 15:20:28 +09:00
parent 674a7f3f57
commit d755a42530
3 changed files with 46 additions and 0 deletions
--- a/adm/_common.php
+++ b/adm/_common.php
@ -2,4 +2,8 @@
 define('G5_IS_ADMIN', true);
 include_once ('../common.php');
 include_once(G5_ADMIN_PATH.'/admin.lib.php');
+
+if( isset($token) ){
+    $token = @htmlspecialchars(strip_tags($token), ENT_QUOTES);
+}
 ?>
--- a/adm/sms_admin/_common.php
+++ b/adm/sms_admin/_common.php
@ -14,5 +14,9 @@ if (!strstr($_SERVER['SCRIPT_NAME'], 'install.php')) {

 $sv = isset($_REQUEST['sv']) ? get_search_string($_REQUEST['sv']) : '';

+if( isset($token) ){
+    $token = @htmlspecialchars(strip_tags($token), ENT_QUOTES);
+}
+
 add_stylesheet('<link rel="stylesheet" href="'.G5_SMS5_ADMIN_URL.'/css/sms5.css">', 0);
 ?>
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@ -3284,6 +3284,44 @@ function get_call_func_cache($func, $args=array()){
 // include 하는 경로에 data file 경로가 포함되어 있는지 체크합니다.
 function is_include_path_check($path='')
 {
+    if( $path ){
+        try {
+            // whether $path is unix or not
+            $unipath = strlen($path)==0 || $path{0}!='/';
+            $unc = substr($path,0,2)=='\\\\'?true:false;
+            // attempts to detect if path is relative in which case, add cwd
+            if(strpos($path,':') === false && $unipath && !$unc){
+                $path=getcwd().DIRECTORY_SEPARATOR.$path;
+                if($path{0}=='/'){
+                    $unipath = false;
+                }
+            }
+
+            // resolve path parts (single dot, double dot and double delimiters)
+            $path = str_replace(array('/', '\\'), DIRECTORY_SEPARATOR, $path);
+            $parts = array_filter(explode(DIRECTORY_SEPARATOR, $path), 'strlen');
+            $absolutes = array();
+            foreach ($parts as $part) {
+                if ('.'  == $part){
+                    continue;
+                }
+                if ('..' == $part) {
+                    array_pop($absolutes);
+                } else {
+                    $absolutes[] = $part;
+                }
+            }
+            $path = implode(DIRECTORY_SEPARATOR, $absolutes);
+            // resolve any symlinks
+            // put initial separator that could have been lost
+            $path = !$unipath ? '/'.$path : $path;
+            $path = $unc ? '\\\\'.$path : $path;
+        } catch (Exception $e) {
+            //echo 'Caught exception: ',  $e->getMessage(), "\n";
+            return false;
+        }
+    }
+
    if( !$path || preg_match('/\/data\/(file|editor)\/[A-Za-z0-9_]{1,20}\//', $path) ){
        return false;
    }