From 97ee35e985997a9b9daddf8fb3dde753ef8b47c4 Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 7 Dec 2018 10:59:59 +0900 Subject: [PATCH 1/3] =?UTF-8?q?KVE-2018-1316=20=EC=B7=A8=EC=95=BD=EC=A0=90?= =?UTF-8?q?=20=EB=8B=A4=EC=8B=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/common.lib.php | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/lib/common.lib.php b/lib/common.lib.php index c07a23194..2ee0ad6c3 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -2883,9 +2883,15 @@ function get_search_string($stx) // XSS 관련 태그 제거 function clean_xss_tags($str) { - $str = preg_replace('#]*+>#i', '', $str); - - $str = str_replace(array('',''), '', $str); + $str_len = strlen($str); + + while($i <= $str_len){ + $result = preg_replace('#]*+>#i', '', $str); + if((string)$result === (string)$str) + break; + $str = $result; + $i++; + } return $str; } From 14f55f75191216d6d41fff754733c1c0f167b1b2 Mon Sep 17 00:00:00 2001 From: thisgun Date: Tue, 11 Dec 2018 16:52:46 +0900 Subject: [PATCH 2/3] =?UTF-8?q?=EC=98=A4=ED=83=80=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- plugin/kcpcert/kcpcert_result.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugin/kcpcert/kcpcert_result.php b/plugin/kcpcert/kcpcert_result.php index 031942fa9..5468267ae 100644 --- a/plugin/kcpcert/kcpcert_result.php +++ b/plugin/kcpcert/kcpcert_result.php @@ -143,7 +143,7 @@ if( $cert_enc_use == "Y" ) $sql = " select mb_id from {$g5['member_table']} where mb_id <> '{$member['mb_id']}' and mb_dupinfo = '{$mb_dupinfo}' "; $row = sql_fetch($sql); if ($row['mb_id']) { - alert_close("입력하신 본인학인 정보로 가입된 내역이 존재합니다.\\n회원아이디 : ".$row['mb_id']); + alert_close("입력하신 본인확인 정보로 가입된 내역이 존재합니다.\\n회원아이디 : ".$row['mb_id']); } // hash 데이터 From 82078fc781fbcc5ed75fff7b0e451f5fd95ae357 Mon Sep 17 00:00:00 2001 From: thisgun Date: Tue, 11 Dec 2018 17:20:55 +0900 Subject: [PATCH 3/3] =?UTF-8?q?=ED=8C=8C=EC=9D=BC=EB=8B=A4=EC=9A=B4?= =?UTF-8?q?=EB=A1=9C=EB=93=9C=EC=8B=9C=20=ED=95=9C=EA=B8=80=ED=8C=8C?= =?UTF-8?q?=EC=9D=BC=EB=AA=85=20=EC=9D=B4=EC=8A=88=20=EB=8B=A4=EC=8B=9C=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/download.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/bbs/download.php b/bbs/download.php index a69f52b6c..575f8571f 100644 --- a/bbs/download.php +++ b/bbs/download.php @@ -84,11 +84,16 @@ if (!get_session($ss_name)) $g5['title'] = '다운로드 > '.conv_subject($write['wr_subject'], 255); //파일명에 한글이 있는 경우 +/* if(preg_match("/[\xA1-\xFE][\xA1-\xFE]/", $file['bf_source'])){ + // 2015.09.02 날짜의 파이어폭스에서 인코딩된 문자 그대로 출력되는 문제가 발생됨, 2018.12.11 날짜의 파이어폭스에서는 해당 현상이 없으므로 해당 코드를 사용 안합니다. $original = iconv('utf-8', 'euc-kr', $file['bf_source']); // SIR 잉끼님 제안코드 } else { $original = urlencode($file['bf_source']); } +*/ + +$original = urlencode($file['bf_source']); @include_once($board_skin_path.'/download.tail.skin.php');