patch secure: c6b58bb16b

2024-10-05 05:53:35 +09:00 · 2024-10-05 05:53:35 +09:00 · 3a186fd873
commit 3a186fd873
parent 50fdf5f5dc
3 changed files with 1 additions and 13 deletions
--- a/AvocadoEdition_Light/bbs/login.php
+++ b/AvocadoEdition_Light/bbs/login.php
@ -3,8 +3,6 @@ include_once "./_common.php";
 $g5['title'] = '로그인';
 include_once "./_head.sub.php";
 $url = $_GET['url'];
 check_url_host($url);
 if ($is_member) {
--- a/AvocadoEdition_Light/bbs/member_confirm.php
+++ b/AvocadoEdition_Light/bbs/member_confirm.php
@ -4,19 +4,9 @@ include_once "./_common.php";
 if ($is_guest)
  alert('로그인 한 회원만 접근하실 수 있습니다.', G5_BBS_URL . '/login.php');
 /*
 if ($url)
    $urlencode = urlencode($url);
 else
    $urlencode = urlencode($_SERVER[REQUEST_URI]);
 */
 $g5['title'] = '회원 비밀번호 확인';
 include_once "./_head.sub.php";
 // gnuboard xss patch - 2457055514
 $url = isset($_GET['url']) ? clean_xss_tags($_GET['url']) : '';
 while (1) {
  $tmp = preg_replace('/&#[^;]+;/', '', $url);
  if ($tmp == $url)
--- a/AvocadoEdition_Light/common.php
+++ b/AvocadoEdition_Light/common.php
@ -523,7 +523,7 @@ if (isset($_REQUEST['bo_table'])) {
 // URL ENCODING
 if (isset($_REQUEST['url'])) {
-  $url = strip_tags(trim($_REQUEST['url']));
+  $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\[\]\\x80-\\xff]|i', '', trim($_REQUEST['url']));
  $urlencode = urlencode($url);
 } else {
  $url = '';