firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2025-0191] Stored XSS (bypass html_purify via Open Redirect) 취약점 수정

Browse Source
This commit is contained in:
thisgun
2025-04-17 16:04:01 +09:00
parent ada8f28aae
commit f9c972d866
2 changed files with 30 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/common.lib.php
View File

@ -685,6 +685,10 @@ function html_purifier($html)
) )
); );
// 커스텀 URI 필터 등록
$def = $config->getDefinition('URI', true); // URI 정의 가져오기
$def->addFilter(new HTMLPurifierContinueParamFilter(), $config); // 커스텀 필터 추가
$purifier = new HTMLPurifier($config); $purifier = new HTMLPurifier($config);
return run_replace('html_purifier_result', $purifier->purify($html), $purifier, $html); return run_replace('html_purifier_result', $purifier->purify($html), $purifier, $html);

26
plugin/htmlpurifier/extend.video.php
View File

@ -77,4 +77,30 @@ if( !class_exists('HTMLPurifier_Filter_Iframevideo') ){
} }
} }
} }
}
if( !class_exists('HTMLPurifierContinueParamFilter') ){
class HTMLPurifierContinueParamFilter extends HTMLPurifier_URIFilter
{
public $name = 'ContinueParamFilter';
public function filter(&$uri, $config, $context)
{
// 쿼리 파라미터 검사
$query = $uri->query;
$path = $uri->path;
if ($path && preg_match('#[\\\\/]logout#i', $path)) {
return false;
}
if ($query) {
if (isset($query_params['continue'])) {
return false;
}
}
return true; // 조건 통과 시 허용
}
}
} }