From f1da95f055d6ce22b839eb5272aa02778faee371 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 30 Jul 2025 15:03:01 +0900
Subject: [PATCH] =?UTF-8?q?Open=20redirect=20=EC=B7=A8=EC=95=BD=EC=A0=90?=
 =?UTF-8?q?=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/common.lib.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/common.lib.php b/lib/common.lib.php
index dfd161a1d..5fad9574d 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -3685,6 +3685,10 @@ function check_url_host($url, $msg='', $return_url=G5_URL, $is_redirect=false)
         alert('url 에 올바르지 않은 값이 포함되어 있습니다.');
     }
 
+    if (preg_match('#//[^/@]+@#', $url)) {
+        alert('url에 사용자 정보가 포함되어 있어 접근할 수 없습니다.');
+    }
+
     while ( ( $replace_url = preg_replace(array('/\/{2,}/', '/\\@/'), array('//', ''), urldecode($url)) ) != $url ) {
         $url = $replace_url;
     }