firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2025-0510] Stored XSS (bypass html_purify patch) to RCE 취약점 수정

Browse Source
This commit is contained in:
2025-08-27 11:48:36 +09:00
parent 5da91ab73e
commit f69b66dced
5 changed files with 46 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
adm/board_form.php
View File

@ -1447,12 +1447,12 @@ function frm_check_file(){
jQuery(function($){
if( window.self !== window.top ){ // frame 또는 iframe을 사용할 경우 체크
$("#bo_include_head, #bo_include_tail").on("change paste keyup", function(e) {
frm_check_file();
});
use_captcha_check();
}
$("#bo_include_head, #bo_include_tail").on("change paste keyup", function(e) {
frm_check_file();
});
});
function fboardform_submit(f)
@ -1487,10 +1487,14 @@ function fboardform_submit(f)
return false;
}
if (frm_check_file() == false) {
jQuery(window).scrollTop($('#bo_include_tail').offset().top - 30);
}
if( captcha_chk ) {
<?php echo isset($captcha_js) ? $captcha_js : ''; // 캡챠 사용시 자바스크립트에서 입력된 캡챠를 검사함 ?>
}
return true;
}
</script>

2
adm/board_form_update.php
View File

@ -37,7 +37,7 @@ $bo_include_head = isset($_POST['bo_include_head']) ? preg_replace(array("#[\\\]
$bo_include_tail = isset($_POST['bo_include_tail']) ? preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($_POST['bo_include_tail'], 0, 255)) : '';
// 관리자가 자동등록방지를 사용해야 할 경우
if ($board && (isset($board['bo_include_head']) && $board['bo_include_head'] !== $bo_include_head || $board['bo_include_tail'] !== $bo_include_tail) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()) {
if ($board && (isset($board['bo_include_head']) && $board['bo_include_head'] !== $bo_include_head || $board['bo_include_tail'] !== $bo_include_tail)) {
include_once(G5_CAPTCHA_PATH . '/captcha.lib.php');
if (!chk_captcha()) {