firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

영카트 임의 코드 실행 취약점 수정 ( 17-0268 )

Browse Source
This commit is contained in:
thisgun
2017-10-10 15:11:18 +09:00
parent 8b71bfb172
commit e245687775
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/shop.lib.php
View File

@ -152,9 +152,9 @@ class item_list
function set_list_skin($list_skin) { function set_list_skin($list_skin) {
global $default; global $default;
if ($this->is_mobile) { if ($this->is_mobile) {
$this->list_skin = $list_skin ? $list_skin : G5_MSHOP_SKIN_PATH.'/'.$default['de_mobile_type'.$this->type.'_list_skin']; $this->list_skin = $list_skin ? $list_skin : G5_MSHOP_SKIN_PATH.'/'.preg_replace('/[^A-Za-z0-9 _ .-]/', '', $default['de_mobile_type'.$this->type.'_list_skin']);
} else { } else {
$this->list_skin = $list_skin ? $list_skin : G5_SHOP_SKIN_PATH.'/'.$default['de_type'.$this->type.'_list_skin']; $this->list_skin = $list_skin ? $list_skin : G5_SHOP_SKIN_PATH.'/'.preg_replace('/[^A-Za-z0-9 _ .-]/', '', $default['de_type'.$this->type.'_list_skin']);
} }
} }

2
shop/listtype.php
View File

@ -36,7 +36,7 @@ else
if (!$skin) if (!$skin)
$skin = $default['de_listtype_list_skin']; $skin = $default['de_listtype_list_skin'];
else else
$skin = preg_replace('#\.+/#', '', $skin); $skin = preg_replace('#\.+[\\\/]#', '', $skin);
define('G5_SHOP_CSS_URL', G5_SHOP_SKIN_URL); define('G5_SHOP_CSS_URL', G5_SHOP_SKIN_URL);