amber/AvocadoAmber
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

patch secure: 630e39de16

Browse source
This commit is contained in:
Amberstone 2024-09-22 10:26:38 +09:00
parent 6bfe152681
commit 92df25b6a9
Signed by: amber
GPG key ID: 094B0E55F98D8BF1
4 changed files with 24 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
AvocadoEdition_Light/adm/admin.lib.php
View file

@ -371,6 +371,15 @@ function get_admin_token()
return $token;
}
//input value 에서 xss 공격 filter 역할을 함 ( 반드시 input value='' 타입에만 사용할것 )
function get_sanitize_input($s, $is_html = false)
{
if (!$is_html) {
$s = strip_tags($s);
}
$s = htmlspecialchars($s, ENT_QUOTES, 'utf-8');
return $s;
}
// POST로 넘어온 토큰과 세션에 저장된 토큰 비교
function check_admin_token()

9
AvocadoEdition_Light/adm/config_form_update.php
View file

@ -24,8 +24,6 @@ if (!$_POST['cf_cert_use']) {
$_POST['cf_cert_hp'] = '';
}
$site_style_path = G5_DATA_PATH . "/site";
$site_style_url = G5_DATA_URL . "/site";
@ -40,6 +38,13 @@ if ($_FILES['admin_icon_file']['name']) {
upload_file($_FILES['admin_icon_file']['tmp_name'], $image_name, $site_style_path);
}
$check_keys = ['cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key', 'cf_naver_clientid', 'cf_naver_secret', 'cf_facebook_appid', 'cf_facebook_secret', 'cf_twitter_key', 'cf_twitter_secret', 'cf_google_clientid', 'cf_google_secret', 'cf_googl_shorturl_apikey', 'cf_kakao_rest_key', 'cf_kakao_client_secret', 'cf_kakao_js_apikey', 'cf_payco_clientid', 'cf_payco_secret', 'cf_cert_kg_cd', 'cf_cert_kg_mid'];
foreach ($check_keys as $key) {
if (isset($_POST[$key]) && $_POST[$key]) {
$_POST[$key] = preg_replace('/[^a-z0-9_\-\.]/i', '', $_POST[$key]);
}
}
$sql = " update {$g5['config_table']}
set cf_admin = '{$_POST['cf_admin']}',

2
AvocadoEdition_Light/adm/menu_list.php
View file

@ -99,7 +99,7 @@ $colspan = 9;
<td class="td_category<?php echo $sub_menu_class; ?>">
<input type="hidden" name="code[]" value="<?php echo substr($row['me_code'], 0, 2) ?>" />
<input type="hidden" name="me_level[]" value="<?php echo $row['me_level'] ?>" />
<input type="text" name="me_name[]" value="<?php echo $me_name; ?>" required
<input type="text" name="me_name[]" value="<?php echo get_sanitize_input($me_name); ?>" required
class="required frm_input full_input" />
</td>
<td class="td_mng">

10
AvocadoEdition_Light/adm/menu_list_update.php
View file

@ -19,8 +19,8 @@ $count = count($_POST['code']);
for ($i = 0; $i < $count; $i++) {
$_POST = array_map_deep('trim', $_POST);
$code = $_POST['code'][$i];
$me_name = $_POST['me_name'][$i];
$code = strip_tags($_POST['code'][$i]);
$me_name = strip_tags($_POST['me_name'][$i]);
// kve-2021-0755 gnuboard 3a3434104c
$me_link = html_purifier($_POST['me_link'][$i]);
$me_depth = $_POST['me_depth'][$i];
@ -59,9 +59,9 @@ for ($i = 0; $i < $count; $i++) {
me_icon = '{$_POST['me_icon'][$i]}',
me_name = '{$me_name}',
me_link = '{$me_link}',
me_target = '{$_POST['me_target'][$i]}',
me_order = '{$_POST['me_order'][$i]}',
me_use = '{$_POST['me_use'][$i]}',
me_target = '".sql_real_escape_string(strip_tags($_POST['me_target'][$i]))."',
me_order = '".sql_real_escape_string(strip_tags($_POST['me_order'][$i]))."',
me_use = '".sql_real_escape_string(strip_tags($_POST['me_use'][$i]))."',
me_depth = '{$me_depth}',
me_parent = '{$me_parent}'";
sql_query($sql);