firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

그누보드, 영카트 다중 취약점 (18-062, 092, 101, 102) 수정

Browse Source
This commit is contained in:
thisgun
2018-03-12 18:14:19 +09:00
parent 81b39b59c3
commit d7b5c9a4bd
4 changed files with 32 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
adm/qa_config_update.php
View File

@ -11,17 +11,17 @@ check_admin_token();
$error_msg = '';
if( $qa_include_head ){
$purl = parse_url($qa_include_head);
$file = $purl['path'];
if (!preg_match("/\.(php|htm['l']?)$/i", $file)) {
$file_ext = pathinfo($qa_include_head, PATHINFO_EXTENSION);
if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) ) {
alert('상단 파일 경로의 확장자는 php, html 만 허용합니다.');
}
}
if( $qa_include_tail ){
$purl = parse_url($qa_include_tail);
$file = $purl['path'];
if (!preg_match("/\.(php|htm['l']?)$/i", $file)) {
$file_ext = pathinfo($qa_include_tail, PATHINFO_EXTENSION);
if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) ) {
alert('하단 파일 경로의 확장자는 php, html 만 허용합니다.');
}
}