From d8b6297579c721ba16f9243d96522c379e83ab30 Mon Sep 17 00:00:00 2001 From: thisgun Date: Wed, 15 Jun 2022 13:40:18 +0900 Subject: [PATCH] =?UTF-8?q?check=5Furl=5Fhost=20=ED=95=A8=EC=88=98?= =?UTF-8?q?=EC=97=90=20hook=20=EC=A0=81=EC=9A=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/common.lib.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/common.lib.php b/lib/common.lib.php index ff97d03e3..e65abf71f 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -3343,6 +3343,10 @@ function check_url_host($url, $msg='', $return_url=G5_URL, $is_redirect=false) if(!$msg) $msg = 'url에 타 도메인을 지정할 수 없습니다.'; + if(run_replace('check_url_host_before', '', $url, $msg, $return_url, $is_redirect) === 'is_checked'){ + return; + } + // KVE-2021-1277 Open Redirect 취약점 해결 if (preg_match('#\\\0#', $url)) { alert('url 에 올바르지 않은 값이 포함되어 있습니다.'); @@ -3393,7 +3397,7 @@ function check_url_host($url, $msg='', $return_url=G5_URL, $is_redirect=false) if ((isset($p['scheme']) && $p['scheme']) || (isset($p['host']) && $p['host']) || $is_host_check) { //if ($p['host'].(isset($p['port']) ? ':'.$p['port'] : '') != $_SERVER['HTTP_HOST']) { - if ( ($p['host'] != $host) || $is_host_check ) { + if (run_replace('check_same_url_host', (($p['host'] != $host) || $is_host_check), $p, $host, $is_host_check, $return_url, $is_redirect)) { echo '