[KVE-2025-0191] Stored XSS (bypass html_purify via Open Redirect) 취약점 수정

2025-04-17 16:04:01 +09:00
parent ada8f28aae
commit f9c972d866
2 changed files with 30 additions and 0 deletions
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@ -685,6 +685,10 @@ function html_purifier($html)
    )
    );

+    // 커스텀 URI 필터 등록
+    $def = $config->getDefinition('URI', true); // URI 정의 가져오기
+    $def->addFilter(new HTMLPurifierContinueParamFilter(), $config); // 커스텀 필터 추가
+
    $purifier = new HTMLPurifier($config);

    return run_replace('html_purifier_result', $purifier->purify($html), $purifier, $html);