diff --git a/AvocadoEdition_Light/bbs/qawrite_update.php b/AvocadoEdition_Light/bbs/qawrite_update.php index ce1dd71..0f7494d 100644 --- a/AvocadoEdition_Light/bbs/qawrite_update.php +++ b/AvocadoEdition_Light/bbs/qawrite_update.php @@ -201,7 +201,7 @@ for ($i = 1; $i <= count($_FILES['bf_file']['name']); $i++) { $upload[$i]['filesize'] = $filesize; // 아래의 문자열이 들어간 파일은 -x 를 붙여서 웹경로를 알더라도 실행을 하지 못하도록 함 - $filename = preg_replace("/\.(php|phtm|htm|cgi|pl|exe|jsp|asp|inc)/i", "$0-x", $filename); + $filename = preg_replace("/\.(php|phtm|htm|cgi|pl|exe|jsp|asp|inc|phar)/i", "$0-x", $filename); shuffle($chars_array); $shuffle = implode('', $chars_array); diff --git a/AvocadoEdition_Light/bbs/write_update.php b/AvocadoEdition_Light/bbs/write_update.php index 575ed14..c78d3d7 100644 --- a/AvocadoEdition_Light/bbs/write_update.php +++ b/AvocadoEdition_Light/bbs/write_update.php @@ -559,7 +559,7 @@ if ($upload_count != 0) { $upload[$i]['filesize'] = $filesize; // 아래의 문자열이 들어간 파일은 -x 를 붙여서 웹경로를 알더라도 실행을 하지 못하도록 함 - $filename = preg_replace("/\.(php|phtm|htm|cgi|pl|exe|jsp|asp|inc)/i", "$0-x", $filename); + $filename = preg_replace("/\.(php|phtm|htm|cgi|pl|exe|jsp|asp|inc|phar)/i", "$0-x", $filename); shuffle($chars_array); $shuffle = implode('', $chars_array); diff --git a/AvocadoEdition_Light/install/install_db.php b/AvocadoEdition_Light/install/install_db.php index 132d7e1..6d62b01 100644 --- a/AvocadoEdition_Light/install/install_db.php +++ b/AvocadoEdition_Light/install/install_db.php @@ -356,7 +356,7 @@ unset($row); // data 디렉토리 및 하위 디렉토리에서는 .htaccess .htpasswd .php .phtml .html .htm .inc .cgi .pl 파일을 실행할수 없게함. $f = fopen($data_path . '/.htaccess', 'w'); $str = << + Order allow,deny Deny from all