From 2da2425305eeefb66acc6bc7dd7a767c8fe9b97d Mon Sep 17 00:00:00 2001 From: Arcturus Date: Sun, 22 Sep 2024 10:40:06 +0900 Subject: [PATCH] patch secure: https://github.com/gnuboard/gnuboard5/commit/a1dbe2206381ce1a1e6d3c6461b4ef1522e1deff --- AvocadoEdition_Light/adm/contentform.php | 1 + AvocadoEdition_Light/adm/visit_list.php | 2 +- AvocadoEdition_Light/adm/visit_search.php | 2 +- AvocadoEdition_Light/bbs/alert.php | 4 ++-- AvocadoEdition_Light/bbs/confirm.php | 10 +++++----- AvocadoEdition_Light/bbs/visit_insert.inc.php | 4 ++-- 6 files changed, 12 insertions(+), 11 deletions(-) diff --git a/AvocadoEdition_Light/adm/contentform.php b/AvocadoEdition_Light/adm/contentform.php index c993abb..e92cb07 100644 --- a/AvocadoEdition_Light/adm/contentform.php +++ b/AvocadoEdition_Light/adm/contentform.php @@ -35,6 +35,7 @@ if (!sql_query(" select co_skin from {$g5['content_table']} limit 1 ", false)) { $html_title = "내용"; $g5['title'] = $html_title . ' 관리'; +$readonly = ''; if ($w == "u") { $html_title .= " 수정"; diff --git a/AvocadoEdition_Light/adm/visit_list.php b/AvocadoEdition_Light/adm/visit_list.php index d783962..5cabf30 100644 --- a/AvocadoEdition_Light/adm/visit_list.php +++ b/AvocadoEdition_Light/adm/visit_list.php @@ -75,7 +75,7 @@ $result = sql_query($sql); } $title = str_replace(array('<', '>', '&'), array("<", ">", "&"), $referer); - $link = ''; + $link = ''; $link = str_replace('&', "&", $link); $link2 = ''; } diff --git a/AvocadoEdition_Light/adm/visit_search.php b/AvocadoEdition_Light/adm/visit_search.php index 073fc92..9a53bdc 100644 --- a/AvocadoEdition_Light/adm/visit_search.php +++ b/AvocadoEdition_Light/adm/visit_search.php @@ -93,7 +93,7 @@ $listall = '처음'; //페이지 } $title = str_replace(array("<", ">"), array("<", ">"), $referer); - $link = ''; + $link = ''; } if ($is_admin == 'super') diff --git a/AvocadoEdition_Light/bbs/alert.php b/AvocadoEdition_Light/bbs/alert.php index 53470ae..82a5321 100644 --- a/AvocadoEdition_Light/bbs/alert.php +++ b/AvocadoEdition_Light/bbs/alert.php @@ -30,9 +30,9 @@ include_once(G5_PATH . '/head.sub.php'); $msg2 = str_replace("\\n", "
", $msg); -$url = clean_xss_tags($url); +$url = clean_xss_tags($url, 1); if (!$url) - $url = clean_xss_tags($_SERVER['HTTP_REFERER']); + $url = clean_xss_tags($_SERVER['HTTP_REFERER'], 1); $url = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", $url); diff --git a/AvocadoEdition_Light/bbs/confirm.php b/AvocadoEdition_Light/bbs/confirm.php index bb06ed1..8e219b5 100644 --- a/AvocadoEdition_Light/bbs/confirm.php +++ b/AvocadoEdition_Light/bbs/confirm.php @@ -2,9 +2,9 @@ include_once('./_common.php'); include_once(G5_PATH . '/head.sub.php'); -$url1 = clean_xss_tags($url1); -$url2 = clean_xss_tags($url2); -$url3 = clean_xss_tags($url3); +$url1 = clean_xss_tags($url1, 1); +$url2 = clean_xss_tags($url2, 1); +$url3 = clean_xss_tags($url3, 1); // url 체크 check_url_host($url1); @@ -25,12 +25,12 @@ check_url_host($url3);
-

+

아래 내용을 확인해 주세요.

- +

확인 diff --git a/AvocadoEdition_Light/bbs/visit_insert.inc.php b/AvocadoEdition_Light/bbs/visit_insert.inc.php index edbf06e..67cb1f2 100644 --- a/AvocadoEdition_Light/bbs/visit_insert.inc.php +++ b/AvocadoEdition_Light/bbs/visit_insert.inc.php @@ -13,8 +13,8 @@ if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR']) { $remote_addr = escape_trim($_SERVER['REMOTE_ADDR']); $referer = ""; if (isset($_SERVER['HTTP_REFERER'])) - $referer = escape_trim(clean_xss_tags($_SERVER['HTTP_REFERER'])); - $user_agent = escape_trim(clean_xss_tags($_SERVER['HTTP_USER_AGENT'])); + $referer = escape_trim(clean_xss_tags(strip_tags($_SERVER['HTTP_REFERER']))); + $user_agent = escape_trim(clean_xss_tags(strip_tags($_SERVER['HTTP_USER_AGENT']))); $vi_browser = ''; $vi_os = ''; $vi_device = '';