amber/AvocadoAmber
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

patch secure: 908d242e52

Browse source
This commit is contained in:
Amberstone 2024-09-22 11:10:42 +09:00
parent a81e75de75
commit 93e1e1c59f
Signed by: amber
GPG key ID: 094B0E55F98D8BF1
3 changed files with 32 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
AvocadoEdition_Light/adm/admin.lib.php
View file

@ -419,6 +419,28 @@ function admin_referer_check($return = false)
}
}
function admin_check_xss_params($params)
{
if (!$params)
return;
foreach ($params as $key => $value) {
if (empty($value))
continue;
if (is_array($value)) {
admin_check_xss_params($value);
} else if (preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/[onload|onerror]=.*/ius', $value))) {
alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.');
die();
}
}
return;
}
// 접근 권한 검사
if (!$member['mb_id']) {
goto_url(G5_BBS_URL . '/login.php?url=' . urlencode(G5_ADMIN_URL));
@ -480,6 +502,12 @@ if (isset($page))
$arr_query[] = 'page=' . $page;
$qstr = implode("&amp;", $arr_query);
if (isset($_REQUEST) && $_REQUEST) {
if (admin_referer_check(true)) {
admin_check_xss_params($_REQUEST);
}
}
if (run_replace('safe_admin_add_script_boolean', false) === false) {
$config['cf_analytics'] = '';
$config['cf_add_script'] = '';

10
AvocadoEdition_Light/skin/member/basic/login.skin.php
View file

@ -8,19 +8,15 @@ add_stylesheet('<link rel="stylesheet" href="'.G5_CSS_URL.'/login.css">', 0);
/*********** Logo Data ************/
$logo = get_logo('pc');
$m_logo = get_logo('mo');
$logo = get_logo();
$m_logo = get_logo();
$logo_data = "";
if($logo) $logo_data .= "<img src='".$logo."' />";
/*********************************/
?>
<div class="loginWrap">
<div class="login-inner">
<?php
// 등록된 로고 파일이 있을 경우에만 출력 한다.
if($logo_data) { ?>
@ -45,8 +41,6 @@ if($logo) $logo_data .= "<img src='".$logo."' />";
</div>
</div>
</div>
<script>
function flogin_submit(f) {
return true;

4
AvocadoEdition_Light/theme/basic/head.php
View file

@ -11,8 +11,8 @@ include_once (G5_LIB_PATH . '/connect.lib.php');
include_once (G5_LIB_PATH . '/popular.lib.php');
/*********** Logo Data ************/
$logo = get_logo('pc');
$m_logo = get_logo('mo');
$logo = get_logo();
$m_logo = get_logo();
$logo_data = "";
if ($logo)