firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

세션고정취약점(버그게시판 글번호12095) 수정

Browse Source
This commit is contained in:
thisgun
2022-05-24 15:29:27 +09:00
parent 0a9f580c5b
commit da2b6dafb3
6 changed files with 28 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
lib/common.lib.php
View File

@ -3924,6 +3924,23 @@ function is_include_path_check($path='', $is_input='')
return true;
}
function check_auth_session_token($str=''){
if (get_session('ss_mb_token_key') === get_token_encryption_key($str)) {
return true;
}
return false;
}
function update_auth_session_token($str=''){
set_session('ss_mb_token_key', get_token_encryption_key($str));
}
function get_token_encryption_key($str=''){
$token = G5_GNUBOARD_VER.(defined('G5_YOUNGCART_VER') ? G5_YOUNGCART_VER : '').G5_TABLE_PREFIX.(defined('G5_SHOP_TABLE_PREFIX') ? G5_SHOP_TABLE_PREFIX : '').(defined('G5_TOKEN_ENCRYPTION_KEY') ? G5_TOKEN_ENCRYPTION_KEY : '').$str;
return md5($token);
}
function filter_input_include_path($path){
return str_replace('//', '/', $path);
}