firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Open Redirect 취약점 수정 #318

Browse Source
This commit is contained in:
thisgun
2024-06-05 14:56:50 +09:00
parent 940e701fa4
commit e03e01d410
2 changed files with 25 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
bbs/member_confirm.php
View File

@ -31,6 +31,10 @@ if($url){
if( preg_match('#^/{3,}#', $url) ){ if( preg_match('#^/{3,}#', $url) ){
$url = preg_replace('#^/{3,}#', '/', $url); $url = preg_replace('#^/{3,}#', '/', $url);
} }
if (function_exists('safe_filter_url_host')) {
$url = safe_filter_url_host($url);
}
} }
$url = get_text($url); $url = get_text($url);

21
lib/common.lib.php
View File

@ -102,6 +102,10 @@ function goto_url($url)
{ {
run_event('goto_url', $url); run_event('goto_url', $url);
if (function_exists('safe_filter_url_host')) {
$url = safe_filter_url_host($url);
}
$url = str_replace("&", "&", $url); $url = str_replace("&", "&", $url);
//echo "<script> location.replace('$url'); </script>"; //echo "<script> location.replace('$url'); </script>";
@ -182,6 +186,10 @@ function alert($msg='', $url='', $error=true, $post=false)
run_event('alert', $msg, $url, $error, $post); run_event('alert', $msg, $url, $error, $post);
if (function_exists('safe_filter_url_host')) {
$url = safe_filter_url_host($url);
}
$msg = $msg ? strip_tags($msg, '<br>') : '올바른 방법으로 이용해 주십시오.'; $msg = $msg ? strip_tags($msg, '<br>') : '올바른 방법으로 이용해 주십시오.';
$header = ''; $header = '';
@ -220,6 +228,12 @@ function confirm($msg, $url1='', $url2='', $url3='')
alert($msg); alert($msg);
} }
if (function_exists('safe_filter_url_host')) {
$url1 = safe_filter_url_host($url1);
$url2 = safe_filter_url_host($url2);
$url3 = safe_filter_url_host($url3);
}
if(!trim($url1) || !trim($url2)) { if(!trim($url1) || !trim($url2)) {
$msg = '$url1 과 $url2 를 지정해 주세요.'; $msg = '$url1 과 $url2 를 지정해 주세요.';
alert($msg); alert($msg);
@ -3598,6 +3612,13 @@ function login_password_check($mb, $pass, $hash)
return check_password($pass, $hash); return check_password($pass, $hash);
} }
function safe_filter_url_host($url) {
$regex = run_replace('safe_filter_url_regex', '\\', $url);
return $regex ? preg_replace('#'. preg_quote($regex, '#') .'#iu', '', $url) : '';
}
// 동일한 host url 인지 // 동일한 host url 인지
function check_url_host($url, $msg='', $return_url=G5_URL, $is_redirect=false) function check_url_host($url, $msg='', $return_url=G5_URL, $is_redirect=false)
{ {