amber/AvocadoAmber
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

patch secure: a1dbe22063

Browse source
This commit is contained in:
Amberstone 2024-09-22 10:40:06 +09:00
parent 92df25b6a9
commit 2da2425305
Signed by: amber
GPG key ID: 094B0E55F98D8BF1
6 changed files with 12 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
AvocadoEdition_Light/adm/contentform.php
View file

@ -35,6 +35,7 @@ if (!sql_query(" select co_skin from {$g5['content_table']} limit 1 ", false)) {
$html_title = "내용"; $html_title = "내용";
$g5['title'] = $html_title . ' 관리'; $g5['title'] = $html_title . ' 관리';
$readonly = '';
if ($w == "u") { if ($w == "u") {
$html_title .= " 수정"; $html_title .= " 수정";

2
AvocadoEdition_Light/adm/visit_list.php
View file

@ -75,7 +75,7 @@ $result = sql_query($sql);
} }
$title = str_replace(array('<', '>', '&'), array("&lt;", "&gt;", "&amp;"), $referer); $title = str_replace(array('<', '>', '&'), array("&lt;", "&gt;", "&amp;"), $referer);
$link = '<a href="' . $row['vi_referer'] . '" target="_blank">'; $link = '<a href="' . get_text($row['vi_referer']) . '" target="_blank">';
$link = str_replace('&', "&amp;", $link); $link = str_replace('&', "&amp;", $link);
$link2 = '</a>'; $link2 = '</a>';
} }

2
AvocadoEdition_Light/adm/visit_search.php
View file

@ -93,7 +93,7 @@ $listall = '<a href="' . $_SERVER['SCRIPT_NAME'] . '">처음</a>'; //페이지
} }
$title = str_replace(array("<", ">"), array("&lt;", "&gt;"), $referer); $title = str_replace(array("<", ">"), array("&lt;", "&gt;"), $referer);
$link = '<a href="' . $row['vi_referer'] . '" target="_blank" title="' . $title . '">'; $link = '<a href="' . get_text($row['vi_referer']) . '" target="_blank" title="' . $title . '">';
} }
if ($is_admin == 'super') if ($is_admin == 'super')

4
AvocadoEdition_Light/bbs/alert.php
View file

@ -30,9 +30,9 @@ include_once(G5_PATH . '/head.sub.php');
$msg2 = str_replace("\\n", "<br>", $msg); $msg2 = str_replace("\\n", "<br>", $msg);
$url = clean_xss_tags($url); $url = clean_xss_tags($url, 1);
if (!$url) if (!$url)
$url = clean_xss_tags($_SERVER['HTTP_REFERER']); $url = clean_xss_tags($_SERVER['HTTP_REFERER'], 1);
$url = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", $url); $url = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", $url);

10
AvocadoEdition_Light/bbs/confirm.php
View file

@ -2,9 +2,9 @@
include_once('./_common.php'); include_once('./_common.php');
include_once(G5_PATH . '/head.sub.php'); include_once(G5_PATH . '/head.sub.php');
$url1 = clean_xss_tags($url1); $url1 = clean_xss_tags($url1, 1);
$url2 = clean_xss_tags($url2); $url2 = clean_xss_tags($url2, 1);
$url3 = clean_xss_tags($url3); $url3 = clean_xss_tags($url3, 1);
// url 체크 // url 체크
check_url_host($url1); check_url_host($url1);
@ -25,12 +25,12 @@ check_url_host($url3);
<article id="confirm_check"> <article id="confirm_check">
<header> <header>
<hgroup> <hgroup>
<h1><?php echo $header; ?></h1> <!-- 수행 중이던 작업 내용 --> <h1><?php echo get_text(strip_tags($header)); ?></h1> <!-- 수행 중이던 작업 내용 -->
<h2>아래 내용을 확인해 주세요.</h2> <h2>아래 내용을 확인해 주세요.</h2>
</hgroup> </hgroup>
</header> </header>
<p> <p>
<?php echo $msg; ?> <?php echo get_text(strip_tags($msg)); ?>
</p> </p>
<a href="<?php echo $url1; ?>">확인</a> <a href="<?php echo $url1; ?>">확인</a>

4
AvocadoEdition_Light/bbs/visit_insert.inc.php
View file

@ -13,8 +13,8 @@ if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR']) {
$remote_addr = escape_trim($_SERVER['REMOTE_ADDR']); $remote_addr = escape_trim($_SERVER['REMOTE_ADDR']);
$referer = ""; $referer = "";
if (isset($_SERVER['HTTP_REFERER'])) if (isset($_SERVER['HTTP_REFERER']))
$referer = escape_trim(clean_xss_tags($_SERVER['HTTP_REFERER'])); $referer = escape_trim(clean_xss_tags(strip_tags($_SERVER['HTTP_REFERER'])));
$user_agent = escape_trim(clean_xss_tags($_SERVER['HTTP_USER_AGENT'])); $user_agent = escape_trim(clean_xss_tags(strip_tags($_SERVER['HTTP_USER_AGENT'])));
$vi_browser = ''; $vi_browser = '';
$vi_os = ''; $vi_os = '';
$vi_device = ''; $vi_device = '';