firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

XSS 취약점 수정

Browse Source
This commit is contained in:
chicpro
2015-07-14 12:01:21 +09:00
parent aa140eb846
commit f74e8f7250
9 changed files with 20 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
bbs/alert.php
View File

@ -30,7 +30,8 @@ include_once(G5_PATH.'/head.sub.php');
$msg2 = str_replace("\\n", "<br>", $msg); $msg2 = str_replace("\\n", "<br>", $msg);
if (!$url) $url = $_SERVER['HTTP_REFERER']; $url = clean_xss_tags($url);
if (!$url) $url = clean_xss_tags($_SERVER['HTTP_REFERER']);
// url 체크 // url 체크
check_url_host($url); check_url_host($url);

4
bbs/confirm.php
View File

@ -2,6 +2,10 @@
include_once('./_common.php'); include_once('./_common.php');
include_once(G5_PATH.'/head.sub.php'); include_once(G5_PATH.'/head.sub.php');
$url1 = clean_xss_tags($url1);
$url2 = clean_xss_tags($url2);
$url3 = clean_xss_tags($url3);
// url 체크 // url 체크
check_url_host($url1); check_url_host($url1);
check_url_host($url2); check_url_host($url2);

2
bbs/move.php
View File

@ -55,7 +55,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
<input type="hidden" name="sod" value="<?php echo $sod ?>"> <input type="hidden" name="sod" value="<?php echo $sod ?>">
<input type="hidden" name="page" value="<?php echo $page ?>"> <input type="hidden" name="page" value="<?php echo $page ?>">
<input type="hidden" name="act" value="<?php echo $act ?>"> <input type="hidden" name="act" value="<?php echo $act ?>">
<input type="hidden" name="url" value="<?php echo $_SERVER['HTTP_REFERER'] ?>"> <input type="hidden" name="url" value="<?php echo clean_xss_tags($_SERVER['HTTP_REFERER']); ?>">
<div class="tbl_head01 tbl_wrap"> <div class="tbl_head01 tbl_wrap">
<table> <table>

1
bbs/move_update.php
View File

@ -1,5 +1,6 @@
<?php <?php
include_once('./_common.php'); include_once('./_common.php');
print_r2($_POST);exit;
// 게시판 관리자 이상 복사, 이동 가능 // 게시판 관리자 이상 복사, 이동 가능
if ($is_admin != 'board' && $is_admin != 'group' && $is_admin != 'super') if ($is_admin != 'board' && $is_admin != 'group' && $is_admin != 'super')

2
bbs/new.php
View File

@ -17,6 +17,8 @@ if ($view == "w")
$sql_common .= " and a.wr_id = a.wr_parent "; $sql_common .= " and a.wr_id = a.wr_parent ";
else if ($view == "c") else if ($view == "c")
$sql_common .= " and a.wr_id <> a.wr_parent "; $sql_common .= " and a.wr_id <> a.wr_parent ";
else
$view = '';
$mb_id = isset($_GET['mb_id']) ? ($_GET['mb_id']) : ''; $mb_id = isset($_GET['mb_id']) ? ($_GET['mb_id']) : '';
$mb_id = substr(preg_replace('#[^a-z0-9_]#i', '', $mb_id), 0, 20); $mb_id = substr(preg_replace('#[^a-z0-9_]#i', '', $mb_id), 0, 20);

3
bbs/register_form.php
View File

@ -30,6 +30,9 @@ if ($w == "") {
alert('개인정보처리방침안내의 내용에 동의하셔야 회원가입 하실 수 있습니다.', G5_BBS_URL.'/register.php'); alert('개인정보처리방침안내의 내용에 동의하셔야 회원가입 하실 수 있습니다.', G5_BBS_URL.'/register.php');
} }
$agree = preg_replace('#[^0-9]#', '', $_POST['agree']);
$agree2 = preg_replace('#[^0-9]#', '', $_POST['agree2']);
$member['mb_birth'] = ''; $member['mb_birth'] = '';
$member['mb_sex'] = ''; $member['mb_sex'] = '';
$member['mb_name'] = ''; $member['mb_name'] = '';

2
bbs/search.php
View File

@ -17,7 +17,7 @@ if ($stx) {
$stx = preg_replace('/\//', '\/', trim($stx)); $stx = preg_replace('/\//', '\/', trim($stx));
$sop = strtolower($sop); $sop = strtolower($sop);
if (!$sop || !($sop == 'and' || $sop == 'or')) $sop = 'and'; // 연산자 and , or if (!$sop || !($sop == 'and' || $sop == 'or')) $sop = 'and'; // 연산자 and , or
$srows = isset($_GET['srows']) ? preg_replace('#[^0-9]#', '', $_GET['srows']) : 10; $srows = isset($_GET['srows']) ? (int)preg_replace('#[^0-9]#', '', $_GET['srows']) : 10;
if (!$srows) $srows = 10; // 한페이지에 출력하는 검색 행수 if (!$srows) $srows = 10; // 한페이지에 출력하는 검색 행수
$g5_search['tables'] = Array(); $g5_search['tables'] = Array();

7
lib/common.lib.php
View File

@ -192,7 +192,7 @@ function confirm($msg, $url1='', $url2='', $url3='')
alert($msg); alert($msg);
} }
if (!$url3) $url3 = $_SERVER['HTTP_REFERER']; if (!$url3) $url3 = clean_xss_tags($_SERVER['HTTP_REFERER']);
$msg = str_replace("\\n", "<br>", $msg); $msg = str_replace("\\n", "<br>", $msg);
@ -2723,6 +2723,11 @@ function clean_xss_tags($str)
{ {
$str = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $str); $str = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $str);
$search = array('"', "'");
$replace = array('&#34;', '&#39;');
$str = str_replace($search, $replace, $str);
return $str; return $str;
} }

1
skin/new/basic/new.skin.php
View File

@ -45,7 +45,6 @@ add_stylesheet('<link rel="stylesheet" href="'.$new_skin_url.'/style.css">', 0);
<input type="hidden" name="view" value="<?php echo $view; ?>"> <input type="hidden" name="view" value="<?php echo $view; ?>">
<input type="hidden" name="sfl" value="<?php echo $sfl; ?>"> <input type="hidden" name="sfl" value="<?php echo $sfl; ?>">
<input type="hidden" name="stx" value="<?php echo $stx; ?>"> <input type="hidden" name="stx" value="<?php echo $stx; ?>">
<input type="hidden" name="srows" value="<?php echo $srows; ?>">
<input type="hidden" name="bo_table" value="<?php echo $bo_table; ?>"> <input type="hidden" name="bo_table" value="<?php echo $bo_table; ?>">
<input type="hidden" name="page" value="<?php echo $page; ?>"> <input type="hidden" name="page" value="<?php echo $page; ?>">
<input type="hidden" name="pressed" value=""> <input type="hidden" name="pressed" value="">