patch secure: 630e39de16

2024-09-22 10:26:38 +09:00 · 2024-09-22 10:26:38 +09:00 · 92df25b6a9
commit 92df25b6a9
parent 6bfe152681
4 changed files with 24 additions and 10 deletions
--- a/AvocadoEdition_Light/adm/admin.lib.php
+++ b/AvocadoEdition_Light/adm/admin.lib.php
@ -371,6 +371,15 @@ function get_admin_token()
  return $token;
 }
 //input value 에서 xss 공격 filter 역할을 함 ( 반드시 input value='' 타입에만 사용할것 )
 function get_sanitize_input($s, $is_html = false)
 {
  if (!$is_html) {
    $s = strip_tags($s);
  }
  $s = htmlspecialchars($s, ENT_QUOTES, 'utf-8');
  return $s;
 }
 // POST로 넘어온 토큰과 세션에 저장된 토큰 비교
 function check_admin_token()
@ -454,7 +463,7 @@ while ($entry = $tmp->read()) {
  }
 }
-usort($menu, function($a, $b) {
+usort($menu, function ($a, $b) {
  return $a->order - $b->order;
 });
--- a/AvocadoEdition_Light/adm/config_form_update.php
+++ b/AvocadoEdition_Light/adm/config_form_update.php
@ -24,8 +24,6 @@ if (!$_POST['cf_cert_use']) {
  $_POST['cf_cert_hp'] = '';
 }
 $site_style_path = G5_DATA_PATH . "/site";
 $site_style_url = G5_DATA_URL . "/site";
@ -40,6 +38,13 @@ if ($_FILES['admin_icon_file']['name']) {
  upload_file($_FILES['admin_icon_file']['tmp_name'], $image_name, $site_style_path);
 }
 $check_keys = ['cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key', 'cf_naver_clientid', 'cf_naver_secret', 'cf_facebook_appid', 'cf_facebook_secret', 'cf_twitter_key', 'cf_twitter_secret', 'cf_google_clientid', 'cf_google_secret', 'cf_googl_shorturl_apikey', 'cf_kakao_rest_key', 'cf_kakao_client_secret', 'cf_kakao_js_apikey', 'cf_payco_clientid', 'cf_payco_secret', 'cf_cert_kg_cd', 'cf_cert_kg_mid'];
 foreach ($check_keys as $key) {
  if (isset($_POST[$key]) && $_POST[$key]) {
    $_POST[$key] = preg_replace('/[^a-z0-9_\-\.]/i', '', $_POST[$key]);
  }
 }
 $sql = " update {$g5['config_table']}
            set cf_admin = '{$_POST['cf_admin']}',
--- a/AvocadoEdition_Light/adm/menu_list.php
+++ b/AvocadoEdition_Light/adm/menu_list.php
@ -99,7 +99,7 @@ $colspan = 9;
            <td class="td_category<?php echo $sub_menu_class; ?>">
              <input type="hidden" name="code[]" value="<?php echo substr($row['me_code'], 0, 2) ?>" />
              <input type="hidden" name="me_level[]" value="<?php echo $row['me_level'] ?>" />
-              <input type="text" name="me_name[]" value="<?php echo $me_name; ?>" required
+              <input type="text" name="me_name[]" value="<?php echo get_sanitize_input($me_name); ?>" required
                class="required frm_input full_input" />
            </td>
            <td class="td_mng">
--- a/AvocadoEdition_Light/adm/menu_list_update.php
+++ b/AvocadoEdition_Light/adm/menu_list_update.php
@ -19,8 +19,8 @@ $count = count($_POST['code']);
 for ($i = 0; $i < $count; $i++) {
  $_POST = array_map_deep('trim', $_POST);
-  $code = $_POST['code'][$i];
+  $code = strip_tags($_POST['code'][$i]);
-  $me_name = $_POST['me_name'][$i];
+  $me_name = strip_tags($_POST['me_name'][$i]);
  // kve-2021-0755 gnuboard 3a3434104c
  $me_link = html_purifier($_POST['me_link'][$i]);
  $me_depth = $_POST['me_depth'][$i];
@ -59,9 +59,9 @@ for ($i = 0; $i < $count; $i++) {
              me_icon     = '{$_POST['me_icon'][$i]}',
              me_name     = '{$me_name}',
              me_link     = '{$me_link}',
-              me_target   = '{$_POST['me_target'][$i]}',
+              me_target   = '".sql_real_escape_string(strip_tags($_POST['me_target'][$i]))."',
-              me_order    = '{$_POST['me_order'][$i]}',
+              me_order    = '".sql_real_escape_string(strip_tags($_POST['me_order'][$i]))."',
-              me_use      = '{$_POST['me_use'][$i]}',
+              me_use      = '".sql_real_escape_string(strip_tags($_POST['me_use'][$i]))."',
              me_depth    = '{$me_depth}',
              me_parent   = '{$me_parent}'";
  sql_query($sql);