firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2025-0510] Stored XSS (bypass html_purify patch) to RCE 취약점 수정

Browse Source
This commit is contained in:
2025-08-27 11:48:36 +09:00
parent 5da91ab73e
commit f69b66dced
5 changed files with 46 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
adm/board_form.php
View File

@ -1447,12 +1447,12 @@ function frm_check_file(){
jQuery(function($){
if( window.self !== window.top ){ // frame 또는 iframe을 사용할 경우 체크
$("#bo_include_head, #bo_include_tail").on("change paste keyup", function(e) {
frm_check_file();
});
use_captcha_check();
}
$("#bo_include_head, #bo_include_tail").on("change paste keyup", function(e) {
frm_check_file();
});
});
function fboardform_submit(f)
@ -1487,10 +1487,14 @@ function fboardform_submit(f)
return false;
}
if (frm_check_file() == false) {
jQuery(window).scrollTop($('#bo_include_tail').offset().top - 30);
}
if( captcha_chk ) {
<?php echo isset($captcha_js) ? $captcha_js : ''; // 캡챠 사용시 자바스크립트에서 입력된 캡챠를 검사함 ?>
}
return true;
}
</script>