From 93e1e1c59ff316fda9873eb064ec3c8c795cf8b3 Mon Sep 17 00:00:00 2001
From: Arcturus <github@drk.st>
Date: Sun, 22 Sep 2024 11:10:42 +0900
Subject: [PATCH] patch secure:
 https://github.com/gnuboard/gnuboard5/commit/908d242e52715d18b6ba1b51fd68b802e19afd1a

---
 AvocadoEdition_Light/adm/admin.lib.php        | 28 +++++++++++++++++++
 .../skin/member/basic/login.skin.php          | 10 ++-----
 AvocadoEdition_Light/theme/basic/head.php     |  4 +--
 3 files changed, 32 insertions(+), 10 deletions(-)

diff --git a/AvocadoEdition_Light/adm/admin.lib.php b/AvocadoEdition_Light/adm/admin.lib.php
index 9a3a723..dfda8d0 100644
--- a/AvocadoEdition_Light/adm/admin.lib.php
+++ b/AvocadoEdition_Light/adm/admin.lib.php
@@ -419,6 +419,28 @@ function admin_referer_check($return = false)
   }
 }
 
+function admin_check_xss_params($params)
+{
+
+  if (!$params)
+    return;
+
+  foreach ($params as $key => $value) {
+
+    if (empty($value))
+      continue;
+
+    if (is_array($value)) {
+      admin_check_xss_params($value);
+    } else if (preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/[onload|onerror]=.*/ius', $value))) {
+      alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.');
+      die();
+    }
+  }
+
+  return;
+}
+
 // 접근 권한 검사
 if (!$member['mb_id']) {
   goto_url(G5_BBS_URL . '/login.php?url=' . urlencode(G5_ADMIN_URL));
@@ -480,6 +502,12 @@ if (isset($page))
   $arr_query[] = 'page=' . $page;
 $qstr = implode("&amp;", $arr_query);
 
+if (isset($_REQUEST) && $_REQUEST) {
+  if (admin_referer_check(true)) {
+    admin_check_xss_params($_REQUEST);
+  }
+}
+
 if (run_replace('safe_admin_add_script_boolean', false) === false) {
   $config['cf_analytics'] = '';
   $config['cf_add_script'] = '';
diff --git a/AvocadoEdition_Light/skin/member/basic/login.skin.php b/AvocadoEdition_Light/skin/member/basic/login.skin.php
index 53e1d1d..b293d48 100644
--- a/AvocadoEdition_Light/skin/member/basic/login.skin.php
+++ b/AvocadoEdition_Light/skin/member/basic/login.skin.php
@@ -8,19 +8,15 @@ add_stylesheet('<link rel="stylesheet" href="'.G5_CSS_URL.'/login.css">', 0);
 
 
 /*********** Logo Data ************/
-$logo = get_logo('pc');
-$m_logo = get_logo('mo');
+$logo = get_logo();
+$m_logo = get_logo();
 
 $logo_data = "";
 if($logo)		$logo_data .= "<img src='".$logo."' />";
 /*********************************/
 ?>
-
-
-
 <div class="loginWrap">
 	<div class="login-inner">
-
 		<?php
 		// 등록된 로고 파일이 있을 경우에만 출력 한다.
 		if($logo_data) { ?>
@@ -45,8 +41,6 @@ if($logo)		$logo_data .= "<img src='".$logo."' />";
 		</div>
 	</div>
 </div>
-
-
 <script>
 function flogin_submit(f) {
 	return true;
diff --git a/AvocadoEdition_Light/theme/basic/head.php b/AvocadoEdition_Light/theme/basic/head.php
index 7397ab8..f51ce5f 100644
--- a/AvocadoEdition_Light/theme/basic/head.php
+++ b/AvocadoEdition_Light/theme/basic/head.php
@@ -11,8 +11,8 @@ include_once (G5_LIB_PATH . '/connect.lib.php');
 include_once (G5_LIB_PATH . '/popular.lib.php');
 
 /*********** Logo Data ************/
-$logo = get_logo('pc');
-$m_logo = get_logo('mo');
+$logo = get_logo();
+$m_logo = get_logo();
 
 $logo_data = "";
 if ($logo)